@mulverse/mulguard-core 1.0.0

package/src/providers/beyondidentity.ts

@@ -0,0 +1,102 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#5077c5", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Beyond Identity</b> integration.</span>
+ * <a href="https://www.beyondidentity.com/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/beyondidentity.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/beyondidentity
+ */
+
+import type { OIDCConfig, OIDCUserConfig } from "./index.js"
+
+/** @see [Beyond Identity Developer Docs](https://developer.beyondidentity.com/) */
+export interface BeyondIdentityProfile {
+  /** The user's unique identifier. */
+  sub: string
+  /** The user's full name. */
+  name: string
+  /** The user's preferred username. */
+  preferred_username: string
+  /** The user's email address. */
+  email: string
+}
+
+/**
+ * Add Beyond Identity login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/beyondidentity
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import BeyondIdentity from "@auth/core/providers/beyondidentity"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     BeyondIdentity({
+ *       clientId: BEYOND_IDENTITY_CLIENT_ID,
+ *       clientSecret: BEYOND_IDENTITY_CLIENT_SECRET,
+ *       issuer: BEYOND_IDENTITY_ISSUER,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Beyond Identity Developer Docs](https://developer.beyondidentity.com/)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the BeyondIdentity provider is
+ * based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification.
+ *
+ * :::tip
+ *
+ * The BeyondIdentity provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/beyondidentity.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+
+export default function BeyondIdentity(
+  config: OIDCUserConfig<BeyondIdentityProfile>
+): OIDCConfig<BeyondIdentityProfile> {
+  return {
+    id: "beyondidentity",
+    name: "Beyond Identity",
+    type: "oidc",
+    profile(profile) {
+      return {
+        id: profile.sub,
+        email: profile.email,
+        name: profile.name,
+        image: null,
+        preferred_username: profile.preferred_username,
+      }
+    },
+    style: {
+      bg: "#5077c5",
+      text: "#fff",
+    },
+    options: config,
+  }
+}

package/src/providers/bitbucket.ts

@@ -0,0 +1,122 @@
+/**
+ * <div class="provider" style={{ display: "flex", justifyContent: "space-between", color: "#fff" }}>
+ * <span>Built-in <b>Bitbucket</b> integration.</span>
+ * <a href="https://bitbucket.org">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/bitbucket.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/bitbucket
+ */
+
+import { OAuthConfig, OAuthUserConfig } from "./index.js"
+
+type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>)
+
+/**
+ * @see https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-user-get
+ */
+export interface BitbucketProfile {
+  display_name: string
+  links: Record<
+    LiteralUnion<
+      "self" | "avatar" | "repositories" | "snippets" | "html" | "hooks"
+    >,
+    { href?: string }
+  >
+  created_on: string
+  type: string
+  uuid: string
+  has_2fa_enabled: boolean | null
+  username: string
+  is_staff: boolean
+  account_id: string
+  nickname: string
+  account_status: string
+  location: string | null
+}
+
+/**
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ *
+ * ```ts
+ * https://example.com/api/auth/callback/bitbucket
+ * ```
+ *
+ * #### Configuration
+ *
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Bitbucket from "@auth/core/providers/bitbucket"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Bitbucket({
+ *       clientId: process.env.BITBUCKET_CLIENT_ID,
+ *       clientSecret: process.env.BITBUCKET_CLIENT_SECRET,
+ *     })
+ *   ],
+ * })
+ * ```
+ *
+ * #### Resources
+ *
+ * - [Using OAuth on Bitbucket Cloud](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/)
+ * - [Bitbucket REST API Authentication](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication)
+ * - [Bitbucket REST API Users](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-group-users)
+ *
+ *  #### Notes
+ *
+ * By default, Auth.js assumes that the Bitbucket provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Bitbucket provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/bitbucket.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Bitbucket(
+  options: OAuthUserConfig<BitbucketProfile>
+): OAuthConfig<BitbucketProfile> {
+  return {
+    id: "bitbucket",
+    name: "Bitbucket",
+    type: "oauth",
+    authorization: {
+      url: "https://bitbucket.org/site/oauth2/authorize",
+      params: {
+        scope: "account",
+      },
+    },
+    token: "https://bitbucket.org/site/oauth2/access_token",
+    userinfo: "https://api.bitbucket.org/2.0/user",
+    profile(profile) {
+      return {
+        name: profile.display_name ?? profile.username,
+        id: profile.account_id,
+        image: profile.links.avatar?.href,
+      }
+    },
+    options,
+    style: {
+      text: "#fff",
+      bg: "#205081",
+    },
+  }
+}

package/src/providers/box.ts

@@ -0,0 +1,87 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Box</b> integration.</span>
+ * <a href="https://box.com/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/box.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/box
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js"
+
+/**
+ * Add Box login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/box
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Box from "@auth/core/providers/box"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Box({ clientId: BOX_CLIENT_ID, clientSecret: BOX_CLIENT_SECRET }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Box developers documentation](https://developer.box.com/reference/)
+ *  - [Box OAuth documentation](https://developer.box.com/guides/sso-identities-and-app-users/connect-okta-to-app-users/configure-box/)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Box provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Box provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/box.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Box(
+  options: OAuthUserConfig<Record<string, any>>
+): OAuthConfig<Record<string, any>> {
+  return {
+    id: "box",
+    name: "Box",
+    type: "oauth",
+    authorization: "https://account.box.com/api/oauth2/authorize",
+    token: "https://api.box.com/oauth2/token",
+    userinfo: "https://api.box.com/2.0/users/me",
+    profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.name,
+        email: profile.login,
+        image: profile.avatar_url,
+      }
+    },
+    style: {
+      bg: "#0075C9",
+      text: "#fff",
+    },
+    options,
+  }
+}

package/src/providers/boxyhq-saml.ts

@@ -0,0 +1,148 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>BoxyHQ SAML</b> integration.</span>
+ * <a href="https://boxyhq.com/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/boxyhq-saml.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/boxyhq-saml
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js"
+
+export interface BoxyHQSAMLProfile extends Record<string, any> {
+  id: string
+  email: string
+  firstName?: string
+  lastName?: string
+}
+
+/**
+ * Add BoxyHQ SAML login to your page.
+ *
+ * BoxyHQ SAML is an open source service that handles the SAML SSO login flow as an OAuth 2.0 flow, abstracting away all the complexities of the SAML protocol. Enable Enterprise single-sign-on in your app with ease.
+ *
+ * You can deploy BoxyHQ SAML as a separate service or embed it into your app using our NPM library. [Check out the documentation for more details](https://boxyhq.com/docs/jackson/deploy)
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/boxyhq-saml
+ * ```
+ *
+ * #### Configuration
+ *
+ * For OAuth 2.0 Flow:
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import BoxyHQ from "@auth/core/providers/boxyhq-saml"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     BoxyHQ({
+ *       authorization: { params: { scope: "" } }, // This is needed for OAuth 2.0 flow, otherwise default to openid
+ *       clientId: BOXYHQ_SAML_CLIENT_ID,
+ *       clientSecret: BOXYHQ_SAML_CLIENT_SECRET,
+ *       issuer: BOXYHQ_SAML_ISSUER,
+ *     }),
+ *   ],
+ * })
+ * ```
+ * For OIDC Flow:
+ *
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import BoxyHQ from "@auth/core/providers/boxyhq-saml"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     BoxyHQ({
+ *       clientId: BOXYHQ_SAML_CLIENT_ID,
+ *       clientSecret: BOXYHQ_SAML_CLIENT_SECRET,
+ *       issuer: BOXYHQ_SAML_ISSUER,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [BoxyHQ OAuth documentation](https://example.com)
+ *
+ * ## Configuration
+ *
+ * SAML login requires a configuration for every tenant of yours. One common method is to use the domain for an email address to figure out which tenant they belong to. You can also use a unique tenant ID (string) from your backend for this, typically some kind of account or organization ID.
+ *
+ * Check out the [documentation](https://boxyhq.com/docs/jackson/saml-flow#2-saml-config-api) for more details.
+ *
+ *
+ * On the client side you'll need to pass additional parameters `tenant` and `product` to the `signIn` function. This will allow BoxyHQL SAML to figure out the right SAML configuration and take your user to the right SAML Identity Provider to sign them in.
+ *
+ * ```tsx
+ * import { signIn } from "auth";
+ * ...
+ *
+ *   // Map your users's email to a tenant and product
+ *   const tenant = email.split("@")[1];
+ *   const product = 'my_awesome_product';
+ * ...
+ *   <Button
+ *     onClick={async (event) => {
+ *       event.preventDefault();
+ *
+ *       signIn("boxyhq-saml", {}, { tenant, product });
+ *     }}>
+ * ...
+ * ```
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the BoxyHQ provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The BoxyHQ provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/boxyhq-saml.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function SAMLJackson<P extends BoxyHQSAMLProfile>(
+  options: OAuthUserConfig<P>
+): OAuthConfig<P> {
+  return {
+    id: "boxyhq-saml",
+    name: "BoxyHQ SAML",
+    type: "oauth",
+    authorization: {
+      url: `${options.issuer}/api/oauth/authorize`,
+      params: { provider: "saml" },
+    },
+    token: `${options.issuer}/api/oauth/token`,
+    userinfo: `${options.issuer}/api/oauth/userinfo`,
+    profile(profile) {
+      return {
+        id: profile.id,
+        email: profile.email,
+        name: [profile.firstName, profile.lastName].filter(Boolean).join(" "),
+        image: null,
+      }
+    },
+    style: {
+      brandColor: "#25c2a0",
+    },
+    options,
+  }
+}

package/src/providers/bungie.ts

@@ -0,0 +1,192 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Bungie</b> integration.</span>
+ * <a href="https://bungie.net/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/bungie.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/bungie
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js"
+
+/**
+ * Add Bungie login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/bungie
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Bungie from "@auth/core/providers/bungie"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Bungie({
+ *       clientId: BUNGIE_CLIENT_ID,
+ *       clientSecret: BUNGIE_CLIENT_SECRET,
+ *       headers: { "X-API-Key": BUNGIE_API_KEY },
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Bungie OAuth documentation](https://github.com/Bungie-net/api/wiki/OAuth-Documentation)
+ *
+ * ## Configuration
+ *
+ * :::tip
+ * Bungie require all sites to run HTTPS (including local development instances).
+ * :::
+ *
+ * :::tip
+ * Bungie doesn't allow you to use localhost as the website URL, instead you need to use https://127.0.0.1:3000
+ * :::
+ *
+ * Navigate to https://www.bungie.net/en/Application and fill in the required details:
+ *
+ * - Application name
+ * - Application Status
+ * - Website
+ * - OAuth Client Type
+ *   - Confidential
+ * - Redirect URL
+ *   - https://localhost:3000/api/auth/callback/bungie
+ * - Scope
+ *   - `Access items like your Bungie.net notifications, memberships, and recent Bungie.Net forum activity.`
+ * - Origin Header
+ *
+ * The following guide may be helpful:
+ *
+ * - [How to setup localhost with HTTPS with a Next.js app](https://medium.com/@anMagpie/secure-your-local-development-server-with-https-next-js-81ac6b8b3d68)
+ *
+ * #@example server
+ *
+ * You will need to edit your host file and point your site at `127.0.0.1`
+ *
+ * [How to edit my host file?](https://phoenixnap.com/kb/how-to-edit-hosts-file-in-windows-mac-or-linux)
+ *
+ * On Windows (Run PowerShell as administrator)
+ *
+ * ```ps
+ * Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value "127.0.0.1`tdev.example.com" -Force
+ * ```
+ *
+ * ```
+ * 127.0.0.1 dev.example.com
+ * ```
+ *
+ * ### Create certificate
+ *
+ * Creating a certificate for localhost is easy with openssl. Just put the following command in the terminal. The output will be two files: localhost.key and localhost.crt.
+ *
+ * ```bash
+ * openssl req -x509 -out localhost.crt -keyout localhost.key \
+ *   -newkey rsa:2048 -nodes -sha256 \
+ *   -subj "/CN=localhost" -extensions EXT -config <( \
+ *    printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
+ * ```
+ *
+ * :::tip
+ * **Windows**
+ *
+ * The OpenSSL executable is distributed with [Git](https://git-scm.com/download/win]9) for Windows.
+ * Once installed you will find the openssl.exe file in `C:/Program Files/Git/mingw64/bin` which you can add to the system PATH environment variable if it’s not already done.
+ *
+ * Add environment variable `OPENSSL_CONF=C:/Program Files/Git/mingw64/ssl/openssl.cnf`
+ *
+ * ```bash
+ *  req -x509 -out localhost.crt -keyout localhost.key \
+ *   -newkey rsa:2048 -nodes -sha256 \
+ *   -subj "/CN=localhost"
+ * ```
+ *
+ * :::
+ *
+ * Create directory `certificates` and place `localhost.key` and `localhost.crt`
+ *
+ * You can create a `server.js` in the root of your project and run it with `node server.js` to test Sign in with Bungie integration locally:
+ *
+ * ```js
+ * const { createServer } = require("https")
+ * const { parse } = require("url")
+ * const next = require("next")
+ * const fs = require("fs")
+ *
+ * const dev = process.env.NODE_ENV !== "production"
+ * const app = next({ dev })
+ * const handle = app.getRequestHandler()
+ *
+ * const httpsOptions = {
+ *   key: fs.readFileSync("./certificates/localhost.key"),
+ *   cert: fs.readFileSync("./certificates/localhost.crt"),
+ * }
+ *
+ * app.prepare().then(() => {
+ *   createServer(httpsOptions, (req, res) => {
+ *     const parsedUrl = parse(req.url, true)
+ *     handle(req, res, parsedUrl)
+ *   }).listen(3000, (err) => {
+ *     if (err) throw err
+ *     console.log("> Ready on https://localhost:3000")
+ *   })
+ * })
+ * ```
+ *
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Bungie provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ * :::tip
+ *
+ * The Bungie provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/bungie.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Bungie(
+  options: OAuthUserConfig<Record<string, any>>
+): OAuthConfig<Record<string, any>> {
+  return {
+    id: "bungie",
+    name: "Bungie",
+    type: "oauth",
+    authorization: "https://www.bungie.net/en/OAuth/Authorize?reauth=true",
+    token: "https://www.bungie.net/platform/app/oauth/token/",
+    userinfo:
+      "https://www.bungie.net/platform/User/GetBungieAccount/{membershipId}/254/",
+    profile(profile) {
+      const { bungieNetUser: user } = profile.Response
+
+      return {
+        id: user.membershipId,
+        name: user.displayName,
+        email: null,
+        image: `https://www.bungie.net${
+          user.profilePicturePath.startsWith("/") ? "" : "/"
+        }${user.profilePicturePath}`,
+      }
+    },
+    options,
+  }
+}