@mulverse/mulguard-core 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -0
- package/adapters.d.ts +522 -0
- package/adapters.d.ts.map +1 -0
- package/adapters.js +170 -0
- package/errors.d.ts +429 -0
- package/errors.d.ts.map +1 -0
- package/errors.js +473 -0
- package/index.d.ts +547 -0
- package/index.d.ts.map +1 -0
- package/index.js +142 -0
- package/jwt.d.ts +132 -0
- package/jwt.d.ts.map +1 -0
- package/jwt.js +123 -0
- package/lib/actions/callback/handle-login.d.ts +35 -0
- package/lib/actions/callback/handle-login.d.ts.map +1 -0
- package/lib/actions/callback/handle-login.js +275 -0
- package/lib/actions/callback/index.d.ts +5 -0
- package/lib/actions/callback/index.d.ts.map +1 -0
- package/lib/actions/callback/index.js +409 -0
- package/lib/actions/callback/oauth/callback.d.ts +36 -0
- package/lib/actions/callback/oauth/callback.d.ts.map +1 -0
- package/lib/actions/callback/oauth/callback.js +248 -0
- package/lib/actions/callback/oauth/checks.d.ts +70 -0
- package/lib/actions/callback/oauth/checks.d.ts.map +1 -0
- package/lib/actions/callback/oauth/checks.js +188 -0
- package/lib/actions/callback/oauth/csrf-token.d.ts +33 -0
- package/lib/actions/callback/oauth/csrf-token.d.ts.map +1 -0
- package/lib/actions/callback/oauth/csrf-token.js +39 -0
- package/lib/actions/index.d.ts +6 -0
- package/lib/actions/index.d.ts.map +1 -0
- package/lib/actions/index.js +5 -0
- package/lib/actions/session.d.ts +5 -0
- package/lib/actions/session.d.ts.map +1 -0
- package/lib/actions/session.js +127 -0
- package/lib/actions/signin/authorization-url.d.ts +12 -0
- package/lib/actions/signin/authorization-url.d.ts.map +1 -0
- package/lib/actions/signin/authorization-url.js +94 -0
- package/lib/actions/signin/index.d.ts +4 -0
- package/lib/actions/signin/index.d.ts.map +1 -0
- package/lib/actions/signin/index.js +22 -0
- package/lib/actions/signin/send-token.d.ts +10 -0
- package/lib/actions/signin/send-token.d.ts.map +1 -0
- package/lib/actions/signin/send-token.js +98 -0
- package/lib/actions/signout.d.ts +11 -0
- package/lib/actions/signout.d.ts.map +1 -0
- package/lib/actions/signout.js +30 -0
- package/lib/actions/webauthn-options.d.ts +8 -0
- package/lib/actions/webauthn-options.d.ts.map +1 -0
- package/lib/actions/webauthn-options.js +60 -0
- package/lib/index.d.ts +2 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +70 -0
- package/lib/init.d.ts +25 -0
- package/lib/init.d.ts.map +1 -0
- package/lib/init.js +172 -0
- package/lib/pages/error.d.ts +17 -0
- package/lib/pages/error.d.ts.map +1 -0
- package/lib/pages/error.js +40 -0
- package/lib/pages/index.d.ts +42 -0
- package/lib/pages/index.d.ts.map +1 -0
- package/lib/pages/index.js +136 -0
- package/lib/pages/signin.d.ts +10 -0
- package/lib/pages/signin.d.ts.map +1 -0
- package/lib/pages/signin.js +75 -0
- package/lib/pages/signout.d.ts +8 -0
- package/lib/pages/signout.d.ts.map +1 -0
- package/lib/pages/signout.js +17 -0
- package/lib/pages/styles.d.ts +3 -0
- package/lib/pages/styles.d.ts.map +1 -0
- package/lib/pages/styles.js +381 -0
- package/lib/pages/verify-request.d.ts +8 -0
- package/lib/pages/verify-request.d.ts.map +1 -0
- package/lib/pages/verify-request.js +11 -0
- package/lib/symbols.d.ts +50 -0
- package/lib/symbols.d.ts.map +1 -0
- package/lib/symbols.js +57 -0
- package/lib/utils/actions.d.ts +3 -0
- package/lib/utils/actions.d.ts.map +1 -0
- package/lib/utils/actions.js +14 -0
- package/lib/utils/assert.d.ts +14 -0
- package/lib/utils/assert.d.ts.map +1 -0
- package/lib/utils/assert.js +168 -0
- package/lib/utils/callback-url.d.ts +17 -0
- package/lib/utils/callback-url.d.ts.map +1 -0
- package/lib/utils/callback-url.js +27 -0
- package/lib/utils/cookie.d.ts +111 -0
- package/lib/utils/cookie.d.ts.map +1 -0
- package/lib/utils/cookie.js +205 -0
- package/lib/utils/date.d.ts +7 -0
- package/lib/utils/date.d.ts.map +1 -0
- package/lib/utils/date.js +8 -0
- package/lib/utils/email.d.ts +20 -0
- package/lib/utils/email.d.ts.map +1 -0
- package/lib/utils/email.js +57 -0
- package/lib/utils/env.d.ts +9 -0
- package/lib/utils/env.d.ts.map +1 -0
- package/lib/utils/env.js +96 -0
- package/lib/utils/logger.d.ts +18 -0
- package/lib/utils/logger.d.ts.map +1 -0
- package/lib/utils/logger.js +50 -0
- package/lib/utils/merge.d.ts +3 -0
- package/lib/utils/merge.d.ts.map +1 -0
- package/lib/utils/merge.js +23 -0
- package/lib/utils/providers.d.ts +19 -0
- package/lib/utils/providers.d.ts.map +1 -0
- package/lib/utils/providers.js +149 -0
- package/lib/utils/session.d.ts +7 -0
- package/lib/utils/session.d.ts.map +1 -0
- package/lib/utils/session.js +29 -0
- package/lib/utils/web.d.ts +10 -0
- package/lib/utils/web.d.ts.map +1 -0
- package/lib/utils/web.js +109 -0
- package/lib/utils/webauthn-client.d.ts +30 -0
- package/lib/utils/webauthn-client.d.ts.map +1 -0
- package/lib/utils/webauthn-client.js +197 -0
- package/lib/utils/webauthn-utils.d.ts +81 -0
- package/lib/utils/webauthn-utils.d.ts.map +1 -0
- package/lib/utils/webauthn-utils.js +343 -0
- package/lib/vendored/cookie.d.ts +120 -0
- package/lib/vendored/cookie.d.ts.map +1 -0
- package/lib/vendored/cookie.js +237 -0
- package/package.json +118 -0
- package/providers/42-school.d.ts +240 -0
- package/providers/42-school.d.ts.map +1 -0
- package/providers/42-school.js +78 -0
- package/providers/apple.d.ts +149 -0
- package/providers/apple.d.ts.map +1 -0
- package/providers/apple.js +104 -0
- package/providers/asgardeo.d.ts +102 -0
- package/providers/asgardeo.d.ts.map +1 -0
- package/providers/asgardeo.js +93 -0
- package/providers/atlassian.d.ts +94 -0
- package/providers/atlassian.d.ts.map +1 -0
- package/providers/atlassian.js +84 -0
- package/providers/auth0.d.ts +116 -0
- package/providers/auth0.d.ts.map +1 -0
- package/providers/auth0.js +49 -0
- package/providers/authentik.d.ts +90 -0
- package/providers/authentik.d.ts.map +1 -0
- package/providers/authentik.js +65 -0
- package/providers/azure-ad-b2c.d.ts +104 -0
- package/providers/azure-ad-b2c.d.ts.map +1 -0
- package/providers/azure-ad-b2c.js +100 -0
- package/providers/azure-ad.d.ts +19 -0
- package/providers/azure-ad.d.ts.map +1 -0
- package/providers/azure-ad.js +23 -0
- package/providers/azure-devops.d.ts +128 -0
- package/providers/azure-devops.d.ts.map +1 -0
- package/providers/azure-devops.js +158 -0
- package/providers/bankid-no.d.ts +134 -0
- package/providers/bankid-no.d.ts.map +1 -0
- package/providers/bankid-no.js +65 -0
- package/providers/battlenet.d.ts +85 -0
- package/providers/battlenet.d.ts.map +1 -0
- package/providers/battlenet.js +81 -0
- package/providers/beyondidentity.d.ts +77 -0
- package/providers/beyondidentity.d.ts.map +1 -0
- package/providers/beyondidentity.js +84 -0
- package/providers/bitbucket.d.ts +89 -0
- package/providers/bitbucket.d.ts.map +1 -0
- package/providers/bitbucket.js +92 -0
- package/providers/box.d.ts +63 -0
- package/providers/box.d.ts.map +1 -0
- package/providers/box.js +73 -0
- package/providers/boxyhq-saml.d.ts +121 -0
- package/providers/boxyhq-saml.d.ts.map +1 -0
- package/providers/boxyhq-saml.js +127 -0
- package/providers/bungie.d.ts +167 -0
- package/providers/bungie.d.ts.map +1 -0
- package/providers/bungie.js +174 -0
- package/providers/click-up.d.ts +75 -0
- package/providers/click-up.d.ts.map +1 -0
- package/providers/click-up.js +89 -0
- package/providers/cognito.d.ts +81 -0
- package/providers/cognito.d.ts.map +1 -0
- package/providers/cognito.js +73 -0
- package/providers/coinbase.d.ts +69 -0
- package/providers/coinbase.d.ts.map +1 -0
- package/providers/coinbase.js +78 -0
- package/providers/concept2.d.ts +81 -0
- package/providers/concept2.d.ts.map +1 -0
- package/providers/concept2.js +86 -0
- package/providers/credentials.d.ts +132 -0
- package/providers/credentials.d.ts.map +1 -0
- package/providers/credentials.js +74 -0
- package/providers/descope.d.ts +91 -0
- package/providers/descope.d.ts.map +1 -0
- package/providers/descope.js +78 -0
- package/providers/discord.d.ts +139 -0
- package/providers/discord.d.ts.map +1 -0
- package/providers/discord.js +86 -0
- package/providers/dribbble.d.ts +88 -0
- package/providers/dribbble.d.ts.map +1 -0
- package/providers/dribbble.js +85 -0
- package/providers/dropbox.d.ts +65 -0
- package/providers/dropbox.d.ts.map +1 -0
- package/providers/dropbox.js +88 -0
- package/providers/duende-identity-server6.d.ts +91 -0
- package/providers/duende-identity-server6.d.ts.map +1 -0
- package/providers/duende-identity-server6.js +80 -0
- package/providers/email.d.ts +41 -0
- package/providers/email.d.ts.map +1 -0
- package/providers/email.js +18 -0
- package/providers/eventbrite.d.ts +78 -0
- package/providers/eventbrite.d.ts.map +1 -0
- package/providers/eventbrite.js +88 -0
- package/providers/eveonline.d.ts +94 -0
- package/providers/eveonline.d.ts.map +1 -0
- package/providers/eveonline.js +92 -0
- package/providers/facebook.d.ts +84 -0
- package/providers/facebook.d.ts.map +1 -0
- package/providers/facebook.js +93 -0
- package/providers/faceit.d.ts +64 -0
- package/providers/faceit.d.ts.map +1 -0
- package/providers/faceit.js +74 -0
- package/providers/figma.d.ts +75 -0
- package/providers/figma.d.ts.map +1 -0
- package/providers/figma.js +81 -0
- package/providers/forwardemail.d.ts +4 -0
- package/providers/forwardemail.d.ts.map +1 -0
- package/providers/forwardemail.js +32 -0
- package/providers/foursquare.d.ts +71 -0
- package/providers/foursquare.d.ts.map +1 -0
- package/providers/foursquare.js +91 -0
- package/providers/freshbooks.d.ts +66 -0
- package/providers/freshbooks.d.ts.map +1 -0
- package/providers/freshbooks.js +76 -0
- package/providers/frontegg.d.ts +95 -0
- package/providers/frontegg.d.ts.map +1 -0
- package/providers/frontegg.js +88 -0
- package/providers/fusionauth.d.ts +279 -0
- package/providers/fusionauth.d.ts.map +1 -0
- package/providers/fusionauth.js +292 -0
- package/providers/github.d.ts +127 -0
- package/providers/github.d.ts.map +1 -0
- package/providers/github.js +115 -0
- package/providers/gitlab.d.ts +115 -0
- package/providers/gitlab.d.ts.map +1 -0
- package/providers/gitlab.js +75 -0
- package/providers/google.d.ts +138 -0
- package/providers/google.d.ts.map +1 -0
- package/providers/google.js +119 -0
- package/providers/hubspot.d.ts +76 -0
- package/providers/hubspot.d.ts.map +1 -0
- package/providers/hubspot.js +93 -0
- package/providers/huggingface.d.ts +216 -0
- package/providers/huggingface.d.ts.map +1 -0
- package/providers/huggingface.js +101 -0
- package/providers/identity-server4.d.ts +69 -0
- package/providers/identity-server4.d.ts.map +1 -0
- package/providers/identity-server4.js +64 -0
- package/providers/index.d.ts +61 -0
- package/providers/index.d.ts.map +1 -0
- package/providers/index.js +3 -0
- package/providers/instagram.d.ts +74 -0
- package/providers/instagram.d.ts.map +1 -0
- package/providers/instagram.js +87 -0
- package/providers/kakao.d.ts +148 -0
- package/providers/kakao.d.ts.map +1 -0
- package/providers/kakao.js +103 -0
- package/providers/keycloak.d.ts +100 -0
- package/providers/keycloak.d.ts.map +1 -0
- package/providers/keycloak.js +73 -0
- package/providers/kinde.d.ts +73 -0
- package/providers/kinde.d.ts.map +1 -0
- package/providers/kinde.js +51 -0
- package/providers/line.d.ts +83 -0
- package/providers/line.d.ts.map +1 -0
- package/providers/line.js +73 -0
- package/providers/linkedin.d.ts +77 -0
- package/providers/linkedin.d.ts.map +1 -0
- package/providers/linkedin.js +65 -0
- package/providers/logto.d.ts +98 -0
- package/providers/logto.d.ts.map +1 -0
- package/providers/logto.js +81 -0
- package/providers/loops.d.ts +40 -0
- package/providers/loops.d.ts.map +1 -0
- package/providers/loops.js +59 -0
- package/providers/mailchimp.d.ts +66 -0
- package/providers/mailchimp.d.ts.map +1 -0
- package/providers/mailchimp.js +76 -0
- package/providers/mailgun.d.ts +55 -0
- package/providers/mailgun.d.ts.map +1 -0
- package/providers/mailgun.js +74 -0
- package/providers/mailru.d.ts +63 -0
- package/providers/mailru.d.ts.map +1 -0
- package/providers/mailru.js +61 -0
- package/providers/mastodon.d.ts +90 -0
- package/providers/mastodon.d.ts.map +1 -0
- package/providers/mastodon.js +75 -0
- package/providers/mattermost.d.ts +132 -0
- package/providers/mattermost.d.ts.map +1 -0
- package/providers/mattermost.js +83 -0
- package/providers/medium.d.ts +68 -0
- package/providers/medium.d.ts.map +1 -0
- package/providers/medium.js +84 -0
- package/providers/microsoft-entra-id.d.ts +428 -0
- package/providers/microsoft-entra-id.d.ts.map +1 -0
- package/providers/microsoft-entra-id.js +156 -0
- package/providers/naver.d.ts +80 -0
- package/providers/naver.d.ts.map +1 -0
- package/providers/naver.js +79 -0
- package/providers/netlify.d.ts +66 -0
- package/providers/netlify.d.ts.map +1 -0
- package/providers/netlify.js +85 -0
- package/providers/netsuite.d.ts +189 -0
- package/providers/netsuite.d.ts.map +1 -0
- package/providers/netsuite.js +170 -0
- package/providers/nextcloud.d.ts +150 -0
- package/providers/nextcloud.d.ts.map +1 -0
- package/providers/nextcloud.js +99 -0
- package/providers/nodemailer.d.ts +27 -0
- package/providers/nodemailer.d.ts.map +1 -0
- package/providers/nodemailer.js +34 -0
- package/providers/notion.d.ts +99 -0
- package/providers/notion.d.ts.map +1 -0
- package/providers/notion.js +110 -0
- package/providers/oauth.d.ts +188 -0
- package/providers/oauth.d.ts.map +1 -0
- package/providers/oauth.js +1 -0
- package/providers/okta.d.ts +99 -0
- package/providers/okta.d.ts.map +1 -0
- package/providers/okta.js +63 -0
- package/providers/onelogin.d.ts +65 -0
- package/providers/onelogin.d.ts.map +1 -0
- package/providers/onelogin.js +61 -0
- package/providers/ory-hydra.d.ts +79 -0
- package/providers/ory-hydra.d.ts.map +1 -0
- package/providers/ory-hydra.js +67 -0
- package/providers/osso.d.ts +79 -0
- package/providers/osso.d.ts.map +1 -0
- package/providers/osso.js +77 -0
- package/providers/osu.d.ts +116 -0
- package/providers/osu.d.ts.map +1 -0
- package/providers/osu.js +75 -0
- package/providers/passage.d.ts +88 -0
- package/providers/passage.d.ts.map +1 -0
- package/providers/passage.js +75 -0
- package/providers/passkey.d.ts +65 -0
- package/providers/passkey.d.ts.map +1 -0
- package/providers/passkey.js +87 -0
- package/providers/patreon.d.ts +73 -0
- package/providers/patreon.d.ts.map +1 -0
- package/providers/patreon.js +77 -0
- package/providers/ping-id.d.ts +57 -0
- package/providers/ping-id.d.ts.map +1 -0
- package/providers/ping-id.js +40 -0
- package/providers/pinterest.d.ts +79 -0
- package/providers/pinterest.d.ts.map +1 -0
- package/providers/pinterest.js +85 -0
- package/providers/pipedrive.d.ts +99 -0
- package/providers/pipedrive.d.ts.map +1 -0
- package/providers/pipedrive.js +71 -0
- package/providers/postmark.d.ts +4 -0
- package/providers/postmark.d.ts.map +1 -0
- package/providers/postmark.js +36 -0
- package/providers/provider-types.d.ts +3 -0
- package/providers/provider-types.d.ts.map +1 -0
- package/providers/provider-types.js +1 -0
- package/providers/reddit.d.ts +88 -0
- package/providers/reddit.d.ts.map +1 -0
- package/providers/reddit.js +90 -0
- package/providers/resend.d.ts +4 -0
- package/providers/resend.d.ts.map +1 -0
- package/providers/resend.js +32 -0
- package/providers/roblox.d.ts +67 -0
- package/providers/roblox.d.ts.map +1 -0
- package/providers/roblox.js +53 -0
- package/providers/salesforce.d.ts +59 -0
- package/providers/salesforce.d.ts.map +1 -0
- package/providers/salesforce.js +52 -0
- package/providers/sendgrid.d.ts +4 -0
- package/providers/sendgrid.d.ts.map +1 -0
- package/providers/sendgrid.js +35 -0
- package/providers/simplelogin.d.ts +87 -0
- package/providers/simplelogin.d.ts.map +1 -0
- package/providers/simplelogin.js +83 -0
- package/providers/slack.d.ts +102 -0
- package/providers/slack.d.ts.map +1 -0
- package/providers/slack.js +69 -0
- package/providers/spotify.d.ts +75 -0
- package/providers/spotify.d.ts.map +1 -0
- package/providers/spotify.js +73 -0
- package/providers/strava.d.ts +68 -0
- package/providers/strava.d.ts.map +1 -0
- package/providers/strava.js +80 -0
- package/providers/threads.d.ts +108 -0
- package/providers/threads.d.ts.map +1 -0
- package/providers/threads.js +89 -0
- package/providers/tiktok.d.ts +248 -0
- package/providers/tiktok.d.ts.map +1 -0
- package/providers/tiktok.js +195 -0
- package/providers/todoist.d.ts +76 -0
- package/providers/todoist.d.ts.map +1 -0
- package/providers/todoist.js +97 -0
- package/providers/trakt.d.ts +93 -0
- package/providers/trakt.d.ts.map +1 -0
- package/providers/trakt.js +91 -0
- package/providers/twitch.d.ts +71 -0
- package/providers/twitch.d.ts.map +1 -0
- package/providers/twitch.js +96 -0
- package/providers/twitter.d.ts +183 -0
- package/providers/twitter.d.ts.map +1 -0
- package/providers/twitter.js +100 -0
- package/providers/united-effects.d.ts +80 -0
- package/providers/united-effects.d.ts.map +1 -0
- package/providers/united-effects.js +72 -0
- package/providers/vipps.d.ts +71 -0
- package/providers/vipps.d.ts.map +1 -0
- package/providers/vipps.js +33 -0
- package/providers/vk.d.ts +334 -0
- package/providers/vk.d.ts.map +1 -0
- package/providers/vk.js +103 -0
- package/providers/webauthn.d.ts +148 -0
- package/providers/webauthn.d.ts.map +1 -0
- package/providers/webauthn.js +128 -0
- package/providers/webex.d.ts +78 -0
- package/providers/webex.d.ts.map +1 -0
- package/providers/webex.js +73 -0
- package/providers/wechat.d.ts +78 -0
- package/providers/wechat.d.ts.map +1 -0
- package/providers/wechat.js +105 -0
- package/providers/wikimedia.d.ts +99 -0
- package/providers/wikimedia.d.ts.map +1 -0
- package/providers/wikimedia.js +90 -0
- package/providers/wordpress.d.ts +65 -0
- package/providers/wordpress.d.ts.map +1 -0
- package/providers/wordpress.js +71 -0
- package/providers/workos.d.ts +154 -0
- package/providers/workos.d.ts.map +1 -0
- package/providers/workos.js +143 -0
- package/providers/yandex.d.ts +131 -0
- package/providers/yandex.d.ts.map +1 -0
- package/providers/yandex.js +80 -0
- package/providers/zitadel.d.ts +117 -0
- package/providers/zitadel.d.ts.map +1 -0
- package/providers/zitadel.js +95 -0
- package/providers/zoho.d.ts +63 -0
- package/providers/zoho.d.ts.map +1 -0
- package/providers/zoho.js +79 -0
- package/providers/zoom.d.ts +93 -0
- package/providers/zoom.d.ts.map +1 -0
- package/providers/zoom.js +82 -0
- package/src/adapters/server-actions-helpers.ts +126 -0
- package/src/adapters.ts +603 -0
- package/src/errors.ts +551 -0
- package/src/index.ts +689 -0
- package/src/jwt.ts +283 -0
- package/src/lib/actions/callback/handle-login.ts +334 -0
- package/src/lib/actions/callback/index.ts +554 -0
- package/src/lib/actions/callback/oauth/callback.ts +347 -0
- package/src/lib/actions/callback/oauth/checks.ts +258 -0
- package/src/lib/actions/callback/oauth/csrf-token.ts +60 -0
- package/src/lib/actions/index.ts +5 -0
- package/src/lib/actions/session.ts +167 -0
- package/src/lib/actions/signin/authorization-url.ts +123 -0
- package/src/lib/actions/signin/index.ts +37 -0
- package/src/lib/actions/signin/send-token.ts +124 -0
- package/src/lib/actions/signout.ts +38 -0
- package/src/lib/actions/webauthn-options.ts +100 -0
- package/src/lib/index.ts +97 -0
- package/src/lib/init.ts +236 -0
- package/src/lib/pages/error.tsx +106 -0
- package/src/lib/pages/index.ts +181 -0
- package/src/lib/pages/signin.tsx +255 -0
- package/src/lib/pages/signout.tsx +49 -0
- package/src/lib/pages/styles.css +377 -0
- package/src/lib/pages/styles.ts +381 -0
- package/src/lib/pages/verify-request.tsx +36 -0
- package/src/lib/symbols.ts +60 -0
- package/src/lib/utils/actions.ts +17 -0
- package/src/lib/utils/assert.ts +259 -0
- package/src/lib/utils/callback-url.ts +42 -0
- package/src/lib/utils/cookie.ts +248 -0
- package/src/lib/utils/date.ts +8 -0
- package/src/lib/utils/email.ts +65 -0
- package/src/lib/utils/env.ts +113 -0
- package/src/lib/utils/logger.ts +75 -0
- package/src/lib/utils/merge.ts +30 -0
- package/src/lib/utils/providers.ts +203 -0
- package/src/lib/utils/session.ts +41 -0
- package/src/lib/utils/web.ts +151 -0
- package/src/lib/utils/webauthn-client.js +229 -0
- package/src/lib/utils/webauthn-utils.ts +531 -0
- package/src/lib/vendored/cookie.ts +383 -0
- package/src/providers/42-school.ts +256 -0
- package/src/providers/apple.ts +206 -0
- package/src/providers/asgardeo.ts +118 -0
- package/src/providers/atlassian.ts +120 -0
- package/src/providers/auth0.ts +127 -0
- package/src/providers/authentik.ts +100 -0
- package/src/providers/azure-ad-b2c.ts +124 -0
- package/src/providers/azure-ad.ts +30 -0
- package/src/providers/azure-devops.ts +184 -0
- package/src/providers/bankid-no.ts +161 -0
- package/src/providers/battlenet.ts +107 -0
- package/src/providers/beyondidentity.ts +102 -0
- package/src/providers/bitbucket.ts +122 -0
- package/src/providers/box.ts +87 -0
- package/src/providers/boxyhq-saml.ts +148 -0
- package/src/providers/bungie.ts +192 -0
- package/src/providers/click-up.ts +104 -0
- package/src/providers/cognito.ts +94 -0
- package/src/providers/coinbase.ts +93 -0
- package/src/providers/concept2.ts +108 -0
- package/src/providers/credentials.ts +157 -0
- package/src/providers/descope.ts +105 -0
- package/src/providers/discord.ts +176 -0
- package/src/providers/dribbble.ts +122 -0
- package/src/providers/dropbox.ts +102 -0
- package/src/providers/duende-identity-server6.ts +101 -0
- package/src/providers/email.ts +60 -0
- package/src/providers/eventbrite.ts +105 -0
- package/src/providers/eveonline.ts +117 -0
- package/src/providers/facebook.ts +119 -0
- package/src/providers/faceit.ts +90 -0
- package/src/providers/figma.ts +105 -0
- package/src/providers/forwardemail.ts +37 -0
- package/src/providers/foursquare.ts +105 -0
- package/src/providers/freshbooks.ts +90 -0
- package/src/providers/frontegg.ts +111 -0
- package/src/providers/fusionauth.ts +336 -0
- package/src/providers/github.ts +187 -0
- package/src/providers/gitlab.ts +140 -0
- package/src/providers/google.ts +152 -0
- package/src/providers/hubspot.ts +117 -0
- package/src/providers/huggingface.ts +234 -0
- package/src/providers/identity-server4.ts +78 -0
- package/src/providers/index.ts +115 -0
- package/src/providers/instagram.ts +103 -0
- package/src/providers/kakao.ts +184 -0
- package/src/providers/keycloak.ts +111 -0
- package/src/providers/kinde.ts +85 -0
- package/src/providers/line.ts +99 -0
- package/src/providers/linkedin.ts +91 -0
- package/src/providers/logto.ts +122 -0
- package/src/providers/loops.ts +79 -0
- package/src/providers/mailchimp.ts +90 -0
- package/src/providers/mailgun.ts +98 -0
- package/src/providers/mailru.ts +75 -0
- package/src/providers/mastodon.ts +112 -0
- package/src/providers/mattermost.ts +154 -0
- package/src/providers/medium.ts +89 -0
- package/src/providers/microsoft-entra-id.ts +497 -0
- package/src/providers/naver.ts +102 -0
- package/src/providers/netlify.ts +90 -0
- package/src/providers/netsuite.ts +225 -0
- package/src/providers/nextcloud.ts +207 -0
- package/src/providers/nodemailer.ts +84 -0
- package/src/providers/notion.ts +166 -0
- package/src/providers/oauth.ts +310 -0
- package/src/providers/okta.ts +111 -0
- package/src/providers/onelogin.ts +75 -0
- package/src/providers/ory-hydra.ts +93 -0
- package/src/providers/osso.ts +91 -0
- package/src/providers/osu.ts +138 -0
- package/src/providers/passage.ts +103 -0
- package/src/providers/passkey.ts +94 -0
- package/src/providers/patreon.ts +98 -0
- package/src/providers/ping-id.ts +68 -0
- package/src/providers/pinterest.ts +106 -0
- package/src/providers/pipedrive.ts +120 -0
- package/src/providers/postmark.ts +38 -0
- package/src/providers/provider-types.ts +107 -0
- package/src/providers/reddit.ts +104 -0
- package/src/providers/resend.ts +35 -0
- package/src/providers/roblox.ts +94 -0
- package/src/providers/salesforce.ts +73 -0
- package/src/providers/sendgrid.ts +36 -0
- package/src/providers/simplelogin.ts +107 -0
- package/src/providers/slack.ts +115 -0
- package/src/providers/spotify.ts +99 -0
- package/src/providers/strava.ts +101 -0
- package/src/providers/threads.ts +135 -0
- package/src/providers/tiktok.ts +319 -0
- package/src/providers/todoist.ts +122 -0
- package/src/providers/trakt.ts +120 -0
- package/src/providers/twitch.ts +121 -0
- package/src/providers/twitter.ts +207 -0
- package/src/providers/united-effects.ts +89 -0
- package/src/providers/vipps.ts +86 -0
- package/src/providers/vk.ts +401 -0
- package/src/providers/webauthn.ts +296 -0
- package/src/providers/webex.ts +102 -0
- package/src/providers/wechat.ts +141 -0
- package/src/providers/wikimedia.ts +258 -0
- package/src/providers/wordpress.ts +86 -0
- package/src/providers/workos.ts +180 -0
- package/src/providers/yandex.ts +159 -0
- package/src/providers/zitadel.ts +128 -0
- package/src/providers/zoho.ts +84 -0
- package/src/providers/zoom.ts +119 -0
- package/src/types.ts +430 -0
- package/src/warnings.ts +21 -0
- package/types.d.ts +309 -0
- package/types.d.ts.map +1 -0
- package/types.js +53 -0
- package/warnings.d.ts +17 -0
- package/warnings.d.ts.map +1 -0
- package/warnings.js +1 -0
|
@@ -0,0 +1,409 @@
|
|
|
1
|
+
// TODO: Make this file smaller
|
|
2
|
+
import { AuthError, AccessDenied, CallbackRouteError, CredentialsSignin, InvalidProvider, Verification, } from "../../../errors.js";
|
|
3
|
+
import { handleLoginOrRegister } from "./handle-login.js";
|
|
4
|
+
import { handleOAuth } from "./oauth/callback.js";
|
|
5
|
+
import { state } from "./oauth/checks.js";
|
|
6
|
+
import { createHash } from "../../utils/web.js";
|
|
7
|
+
import { assertInternalOptionsWebAuthn, verifyAuthenticate, verifyRegister, } from "../../utils/webauthn-utils.js";
|
|
8
|
+
/** Handle callbacks from login services */
|
|
9
|
+
export async function callback(request, options, sessionStore, cookies) {
|
|
10
|
+
if (!options.provider)
|
|
11
|
+
throw new InvalidProvider("Callback route called without provider");
|
|
12
|
+
const { query, body, method, headers } = request;
|
|
13
|
+
const { provider, adapter, url, callbackUrl, pages, jwt, events, callbacks, session: { strategy: sessionStrategy, maxAge: sessionMaxAge }, logger, } = options;
|
|
14
|
+
const useJwtSession = sessionStrategy === "jwt";
|
|
15
|
+
try {
|
|
16
|
+
if (provider.type === "oauth" || provider.type === "oidc") {
|
|
17
|
+
// Use body if the response mode is set to form_post. For all other cases, use query
|
|
18
|
+
const params = provider.authorization?.url.searchParams.get("response_mode") ===
|
|
19
|
+
"form_post"
|
|
20
|
+
? body
|
|
21
|
+
: query;
|
|
22
|
+
// If we have a state and we are on a redirect proxy, we try to parse it
|
|
23
|
+
// and see if it contains a valid origin to redirect to. If it does, we
|
|
24
|
+
// redirect the user to that origin with the original state.
|
|
25
|
+
if (options.isOnRedirectProxy && params?.state) {
|
|
26
|
+
// NOTE: We rely on the state being encrypted using a shared secret
|
|
27
|
+
// between the proxy and the original server.
|
|
28
|
+
const parsedState = await state.decode(params.state, options);
|
|
29
|
+
const shouldRedirect = parsedState?.origin &&
|
|
30
|
+
new URL(parsedState.origin).origin !== options.url.origin;
|
|
31
|
+
if (shouldRedirect) {
|
|
32
|
+
const proxyRedirect = `${parsedState.origin}?${new URLSearchParams(params)}`;
|
|
33
|
+
logger.debug("Proxy redirecting to", proxyRedirect);
|
|
34
|
+
return { redirect: proxyRedirect, cookies };
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
const authorizationResult = await handleOAuth(params, request.cookies, options);
|
|
38
|
+
if (authorizationResult.cookies.length) {
|
|
39
|
+
cookies.push(...authorizationResult.cookies);
|
|
40
|
+
}
|
|
41
|
+
logger.debug("authorization result", authorizationResult);
|
|
42
|
+
const { user: userFromProvider, account, profile: OAuthProfile, } = authorizationResult;
|
|
43
|
+
// If we don't have a profile object then either something went wrong
|
|
44
|
+
// or the user cancelled signing in. We don't know which, so we just
|
|
45
|
+
// direct the user to the signin page for now. We could do something
|
|
46
|
+
// else in future.
|
|
47
|
+
// TODO: Handle user cancelling signin
|
|
48
|
+
if (!userFromProvider || !account || !OAuthProfile) {
|
|
49
|
+
return { redirect: `${url}/signin`, cookies };
|
|
50
|
+
}
|
|
51
|
+
// Check if user is allowed to sign in
|
|
52
|
+
// Attempt to get Profile from OAuth provider details before invoking
|
|
53
|
+
// signIn callback - but if no user object is returned, that is fine
|
|
54
|
+
// (that just means it's a new user signing in for the first time).
|
|
55
|
+
let userByAccount;
|
|
56
|
+
if (adapter) {
|
|
57
|
+
const { getUserByAccount } = adapter;
|
|
58
|
+
userByAccount = await getUserByAccount({
|
|
59
|
+
providerAccountId: account.providerAccountId,
|
|
60
|
+
provider: provider.id,
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
const redirect = await handleAuthorized({
|
|
64
|
+
user: userByAccount ?? userFromProvider,
|
|
65
|
+
account,
|
|
66
|
+
profile: OAuthProfile,
|
|
67
|
+
}, options);
|
|
68
|
+
if (redirect)
|
|
69
|
+
return { redirect, cookies };
|
|
70
|
+
const { user, session, isNewUser } = await handleLoginOrRegister(sessionStore.value, userFromProvider, account, options);
|
|
71
|
+
if (useJwtSession) {
|
|
72
|
+
const defaultToken = {
|
|
73
|
+
name: user.name,
|
|
74
|
+
email: user.email,
|
|
75
|
+
picture: user.image,
|
|
76
|
+
sub: user.id?.toString(),
|
|
77
|
+
};
|
|
78
|
+
const token = await callbacks.jwt({
|
|
79
|
+
token: defaultToken,
|
|
80
|
+
user,
|
|
81
|
+
account,
|
|
82
|
+
profile: OAuthProfile,
|
|
83
|
+
isNewUser,
|
|
84
|
+
trigger: isNewUser ? "signUp" : "signIn",
|
|
85
|
+
});
|
|
86
|
+
// Clear cookies if token is null
|
|
87
|
+
if (token === null) {
|
|
88
|
+
cookies.push(...sessionStore.clean());
|
|
89
|
+
}
|
|
90
|
+
else {
|
|
91
|
+
const salt = options.cookies.sessionToken.name;
|
|
92
|
+
// Encode token
|
|
93
|
+
const newToken = await jwt.encode({ ...jwt, token, salt });
|
|
94
|
+
// Set cookie expiry date
|
|
95
|
+
const cookieExpires = new Date();
|
|
96
|
+
cookieExpires.setTime(cookieExpires.getTime() + sessionMaxAge * 1000);
|
|
97
|
+
const sessionCookies = sessionStore.chunk(newToken, {
|
|
98
|
+
expires: cookieExpires,
|
|
99
|
+
});
|
|
100
|
+
cookies.push(...sessionCookies);
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
else {
|
|
104
|
+
// Save Session Token in cookie
|
|
105
|
+
cookies.push({
|
|
106
|
+
name: options.cookies.sessionToken.name,
|
|
107
|
+
value: session.sessionToken,
|
|
108
|
+
options: {
|
|
109
|
+
...options.cookies.sessionToken.options,
|
|
110
|
+
expires: session.expires,
|
|
111
|
+
},
|
|
112
|
+
});
|
|
113
|
+
}
|
|
114
|
+
await events.signIn?.({
|
|
115
|
+
user,
|
|
116
|
+
account,
|
|
117
|
+
profile: OAuthProfile,
|
|
118
|
+
isNewUser,
|
|
119
|
+
});
|
|
120
|
+
// Handle first logins on new accounts
|
|
121
|
+
// e.g. option to send users to a new account landing page on initial login
|
|
122
|
+
// Note that the callback URL is preserved, so the journey can still be resumed
|
|
123
|
+
if (isNewUser && pages.newUser) {
|
|
124
|
+
return {
|
|
125
|
+
redirect: `${pages.newUser}${pages.newUser.includes("?") ? "&" : "?"}${new URLSearchParams({ callbackUrl })}`,
|
|
126
|
+
cookies,
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
return { redirect: callbackUrl, cookies };
|
|
130
|
+
}
|
|
131
|
+
else if (provider.type === "email") {
|
|
132
|
+
const paramToken = query?.token;
|
|
133
|
+
const paramIdentifier = query?.email;
|
|
134
|
+
if (!paramToken) {
|
|
135
|
+
const e = new TypeError("Missing token. The sign-in URL was manually opened without token or the link was not sent correctly in the email.", { cause: { hasToken: !!paramToken } });
|
|
136
|
+
e.name = "Configuration";
|
|
137
|
+
throw e;
|
|
138
|
+
}
|
|
139
|
+
const secret = provider.secret ?? options.secret;
|
|
140
|
+
// @ts-expect-error -- Verified in `assertConfig`.
|
|
141
|
+
const invite = await adapter.useVerificationToken({
|
|
142
|
+
// @ts-expect-error User-land adapters might decide to omit the identifier during lookup
|
|
143
|
+
identifier: paramIdentifier,
|
|
144
|
+
token: await createHash(`${paramToken}${secret}`),
|
|
145
|
+
});
|
|
146
|
+
const hasInvite = !!invite;
|
|
147
|
+
const expired = hasInvite && invite.expires.valueOf() < Date.now();
|
|
148
|
+
const invalidInvite = !hasInvite ||
|
|
149
|
+
expired ||
|
|
150
|
+
// The user might have configured the link to not contain the identifier
|
|
151
|
+
// so we only compare if it exists
|
|
152
|
+
(paramIdentifier && invite.identifier !== paramIdentifier);
|
|
153
|
+
if (invalidInvite)
|
|
154
|
+
throw new Verification({ hasInvite, expired });
|
|
155
|
+
const { identifier } = invite;
|
|
156
|
+
const user = (await adapter.getUserByEmail(identifier)) ?? {
|
|
157
|
+
id: crypto.randomUUID(),
|
|
158
|
+
email: identifier,
|
|
159
|
+
emailVerified: null,
|
|
160
|
+
};
|
|
161
|
+
const account = {
|
|
162
|
+
providerAccountId: user.email,
|
|
163
|
+
userId: user.id,
|
|
164
|
+
type: "email",
|
|
165
|
+
provider: provider.id,
|
|
166
|
+
};
|
|
167
|
+
const redirect = await handleAuthorized({ user, account }, options);
|
|
168
|
+
if (redirect)
|
|
169
|
+
return { redirect, cookies };
|
|
170
|
+
// Sign user in
|
|
171
|
+
const { user: loggedInUser, session, isNewUser, } = await handleLoginOrRegister(sessionStore.value, user, account, options);
|
|
172
|
+
if (useJwtSession) {
|
|
173
|
+
const defaultToken = {
|
|
174
|
+
name: loggedInUser.name,
|
|
175
|
+
email: loggedInUser.email,
|
|
176
|
+
picture: loggedInUser.image,
|
|
177
|
+
sub: loggedInUser.id?.toString(),
|
|
178
|
+
};
|
|
179
|
+
const token = await callbacks.jwt({
|
|
180
|
+
token: defaultToken,
|
|
181
|
+
user: loggedInUser,
|
|
182
|
+
account,
|
|
183
|
+
isNewUser,
|
|
184
|
+
trigger: isNewUser ? "signUp" : "signIn",
|
|
185
|
+
});
|
|
186
|
+
// Clear cookies if token is null
|
|
187
|
+
if (token === null) {
|
|
188
|
+
cookies.push(...sessionStore.clean());
|
|
189
|
+
}
|
|
190
|
+
else {
|
|
191
|
+
const salt = options.cookies.sessionToken.name;
|
|
192
|
+
// Encode token
|
|
193
|
+
const newToken = await jwt.encode({ ...jwt, token, salt });
|
|
194
|
+
// Set cookie expiry date
|
|
195
|
+
const cookieExpires = new Date();
|
|
196
|
+
cookieExpires.setTime(cookieExpires.getTime() + sessionMaxAge * 1000);
|
|
197
|
+
const sessionCookies = sessionStore.chunk(newToken, {
|
|
198
|
+
expires: cookieExpires,
|
|
199
|
+
});
|
|
200
|
+
cookies.push(...sessionCookies);
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
else {
|
|
204
|
+
// Save Session Token in cookie
|
|
205
|
+
cookies.push({
|
|
206
|
+
name: options.cookies.sessionToken.name,
|
|
207
|
+
value: session.sessionToken,
|
|
208
|
+
options: {
|
|
209
|
+
...options.cookies.sessionToken.options,
|
|
210
|
+
expires: session.expires,
|
|
211
|
+
},
|
|
212
|
+
});
|
|
213
|
+
}
|
|
214
|
+
await events.signIn?.({ user: loggedInUser, account, isNewUser });
|
|
215
|
+
// Handle first logins on new accounts
|
|
216
|
+
// e.g. option to send users to a new account landing page on initial login
|
|
217
|
+
// Note that the callback URL is preserved, so the journey can still be resumed
|
|
218
|
+
if (isNewUser && pages.newUser) {
|
|
219
|
+
return {
|
|
220
|
+
redirect: `${pages.newUser}${pages.newUser.includes("?") ? "&" : "?"}${new URLSearchParams({ callbackUrl })}`,
|
|
221
|
+
cookies,
|
|
222
|
+
};
|
|
223
|
+
}
|
|
224
|
+
// Callback URL is already verified at this point, so safe to use if specified
|
|
225
|
+
return { redirect: callbackUrl, cookies };
|
|
226
|
+
}
|
|
227
|
+
else if (provider.type === "credentials" && method === "POST") {
|
|
228
|
+
const credentials = body ?? {};
|
|
229
|
+
// TODO: Forward the original request as is, instead of reconstructing it
|
|
230
|
+
Object.entries(query ?? {}).forEach(([k, v]) => url.searchParams.set(k, v));
|
|
231
|
+
const userFromAuthorize = await provider.authorize(credentials,
|
|
232
|
+
// prettier-ignore
|
|
233
|
+
new Request(url, { headers, method, body: JSON.stringify(body) }));
|
|
234
|
+
const user = userFromAuthorize;
|
|
235
|
+
if (!user)
|
|
236
|
+
throw new CredentialsSignin();
|
|
237
|
+
else
|
|
238
|
+
user.id = user.id?.toString() ?? crypto.randomUUID();
|
|
239
|
+
const account = {
|
|
240
|
+
providerAccountId: user.id,
|
|
241
|
+
type: "credentials",
|
|
242
|
+
provider: provider.id,
|
|
243
|
+
};
|
|
244
|
+
const redirect = await handleAuthorized({ user, account, credentials }, options);
|
|
245
|
+
if (redirect)
|
|
246
|
+
return { redirect, cookies };
|
|
247
|
+
const defaultToken = {
|
|
248
|
+
name: user.name,
|
|
249
|
+
email: user.email,
|
|
250
|
+
picture: user.image,
|
|
251
|
+
sub: user.id,
|
|
252
|
+
};
|
|
253
|
+
const token = await callbacks.jwt({
|
|
254
|
+
token: defaultToken,
|
|
255
|
+
user,
|
|
256
|
+
account,
|
|
257
|
+
isNewUser: false,
|
|
258
|
+
trigger: "signIn",
|
|
259
|
+
});
|
|
260
|
+
// Clear cookies if token is null
|
|
261
|
+
if (token === null) {
|
|
262
|
+
cookies.push(...sessionStore.clean());
|
|
263
|
+
}
|
|
264
|
+
else {
|
|
265
|
+
const salt = options.cookies.sessionToken.name;
|
|
266
|
+
// Encode token
|
|
267
|
+
const newToken = await jwt.encode({ ...jwt, token, salt });
|
|
268
|
+
// Set cookie expiry date
|
|
269
|
+
const cookieExpires = new Date();
|
|
270
|
+
cookieExpires.setTime(cookieExpires.getTime() + sessionMaxAge * 1000);
|
|
271
|
+
const sessionCookies = sessionStore.chunk(newToken, {
|
|
272
|
+
expires: cookieExpires,
|
|
273
|
+
});
|
|
274
|
+
cookies.push(...sessionCookies);
|
|
275
|
+
}
|
|
276
|
+
await events.signIn?.({ user, account });
|
|
277
|
+
return { redirect: callbackUrl, cookies };
|
|
278
|
+
}
|
|
279
|
+
else if (provider.type === "webauthn" && method === "POST") {
|
|
280
|
+
// Get callback action from request. It should be either "authenticate" or "register"
|
|
281
|
+
const action = request.body?.action;
|
|
282
|
+
if (typeof action !== "string" ||
|
|
283
|
+
(action !== "authenticate" && action !== "register")) {
|
|
284
|
+
throw new AuthError("Invalid action parameter");
|
|
285
|
+
}
|
|
286
|
+
// Return an error if the adapter is missing or if the provider
|
|
287
|
+
// is not a webauthn provider.
|
|
288
|
+
const localOptions = assertInternalOptionsWebAuthn(options);
|
|
289
|
+
// Verify request to get user, account and authenticator
|
|
290
|
+
let user;
|
|
291
|
+
let account;
|
|
292
|
+
let authenticator;
|
|
293
|
+
switch (action) {
|
|
294
|
+
case "authenticate": {
|
|
295
|
+
const verified = await verifyAuthenticate(localOptions, request, cookies);
|
|
296
|
+
user = verified.user;
|
|
297
|
+
account = verified.account;
|
|
298
|
+
break;
|
|
299
|
+
}
|
|
300
|
+
case "register": {
|
|
301
|
+
const verified = await verifyRegister(options, request, cookies);
|
|
302
|
+
user = verified.user;
|
|
303
|
+
account = verified.account;
|
|
304
|
+
authenticator = verified.authenticator;
|
|
305
|
+
break;
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
// Check if user is allowed to sign in
|
|
309
|
+
await handleAuthorized({ user, account }, options);
|
|
310
|
+
// Sign user in, creating them and their account if needed
|
|
311
|
+
const { user: loggedInUser, isNewUser, session, account: currentAccount, } = await handleLoginOrRegister(sessionStore.value, user, account, options);
|
|
312
|
+
if (!currentAccount) {
|
|
313
|
+
// This is mostly for type checking. It should never actually happen.
|
|
314
|
+
throw new AuthError("Error creating or finding account");
|
|
315
|
+
}
|
|
316
|
+
// Create new authenticator if needed
|
|
317
|
+
if (authenticator && loggedInUser.id) {
|
|
318
|
+
await localOptions.adapter.createAuthenticator({
|
|
319
|
+
...authenticator,
|
|
320
|
+
userId: loggedInUser.id,
|
|
321
|
+
});
|
|
322
|
+
}
|
|
323
|
+
// Do the session registering dance
|
|
324
|
+
if (useJwtSession) {
|
|
325
|
+
const defaultToken = {
|
|
326
|
+
name: loggedInUser.name,
|
|
327
|
+
email: loggedInUser.email,
|
|
328
|
+
picture: loggedInUser.image,
|
|
329
|
+
sub: loggedInUser.id?.toString(),
|
|
330
|
+
};
|
|
331
|
+
const token = await callbacks.jwt({
|
|
332
|
+
token: defaultToken,
|
|
333
|
+
user: loggedInUser,
|
|
334
|
+
account: currentAccount,
|
|
335
|
+
isNewUser,
|
|
336
|
+
trigger: isNewUser ? "signUp" : "signIn",
|
|
337
|
+
});
|
|
338
|
+
// Clear cookies if token is null
|
|
339
|
+
if (token === null) {
|
|
340
|
+
cookies.push(...sessionStore.clean());
|
|
341
|
+
}
|
|
342
|
+
else {
|
|
343
|
+
const salt = options.cookies.sessionToken.name;
|
|
344
|
+
// Encode token
|
|
345
|
+
const newToken = await jwt.encode({ ...jwt, token, salt });
|
|
346
|
+
// Set cookie expiry date
|
|
347
|
+
const cookieExpires = new Date();
|
|
348
|
+
cookieExpires.setTime(cookieExpires.getTime() + sessionMaxAge * 1000);
|
|
349
|
+
const sessionCookies = sessionStore.chunk(newToken, {
|
|
350
|
+
expires: cookieExpires,
|
|
351
|
+
});
|
|
352
|
+
cookies.push(...sessionCookies);
|
|
353
|
+
}
|
|
354
|
+
}
|
|
355
|
+
else {
|
|
356
|
+
// Save Session Token in cookie
|
|
357
|
+
cookies.push({
|
|
358
|
+
name: options.cookies.sessionToken.name,
|
|
359
|
+
value: session.sessionToken,
|
|
360
|
+
options: {
|
|
361
|
+
...options.cookies.sessionToken.options,
|
|
362
|
+
expires: session.expires,
|
|
363
|
+
},
|
|
364
|
+
});
|
|
365
|
+
}
|
|
366
|
+
await events.signIn?.({
|
|
367
|
+
user: loggedInUser,
|
|
368
|
+
account: currentAccount,
|
|
369
|
+
isNewUser,
|
|
370
|
+
});
|
|
371
|
+
// Handle first logins on new accounts
|
|
372
|
+
// e.g. option to send users to a new account landing page on initial login
|
|
373
|
+
// Note that the callback URL is preserved, so the journey can still be resumed
|
|
374
|
+
if (isNewUser && pages.newUser) {
|
|
375
|
+
return {
|
|
376
|
+
redirect: `${pages.newUser}${pages.newUser.includes("?") ? "&" : "?"}${new URLSearchParams({ callbackUrl })}`,
|
|
377
|
+
cookies,
|
|
378
|
+
};
|
|
379
|
+
}
|
|
380
|
+
// Callback URL is already verified at this point, so safe to use if specified
|
|
381
|
+
return { redirect: callbackUrl, cookies };
|
|
382
|
+
}
|
|
383
|
+
throw new InvalidProvider(`Callback for provider type (${provider.type}) is not supported`);
|
|
384
|
+
}
|
|
385
|
+
catch (e) {
|
|
386
|
+
if (e instanceof AuthError)
|
|
387
|
+
throw e;
|
|
388
|
+
const error = new CallbackRouteError(e, { provider: provider.id });
|
|
389
|
+
logger.debug("callback route error details", { method, query, body });
|
|
390
|
+
throw error;
|
|
391
|
+
}
|
|
392
|
+
}
|
|
393
|
+
async function handleAuthorized(params, config) {
|
|
394
|
+
let authorized;
|
|
395
|
+
const { signIn, redirect } = config.callbacks;
|
|
396
|
+
try {
|
|
397
|
+
authorized = await signIn(params);
|
|
398
|
+
}
|
|
399
|
+
catch (e) {
|
|
400
|
+
if (e instanceof AuthError)
|
|
401
|
+
throw e;
|
|
402
|
+
throw new AccessDenied(e);
|
|
403
|
+
}
|
|
404
|
+
if (!authorized)
|
|
405
|
+
throw new AccessDenied("AccessDenied");
|
|
406
|
+
if (typeof authorized !== "string")
|
|
407
|
+
return;
|
|
408
|
+
return await redirect({ url: authorized, baseUrl: config.url.origin });
|
|
409
|
+
}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import * as o from "oauth4webapi";
|
|
2
|
+
import type { InternalOptions, Profile, RequestInternal } from "../../../../types.js";
|
|
3
|
+
import type { Cookie } from "../../../utils/cookie.js";
|
|
4
|
+
/**
|
|
5
|
+
* Handles the following OAuth steps.
|
|
6
|
+
* https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
|
|
7
|
+
* https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
|
|
8
|
+
* https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest
|
|
9
|
+
*
|
|
10
|
+
* @note Although requesting userinfo is not required by the OAuth2.0 spec,
|
|
11
|
+
* we fetch it anyway. This is because we always want a user profile.
|
|
12
|
+
*/
|
|
13
|
+
export declare function handleOAuth(params: RequestInternal["query"], cookies: RequestInternal["cookies"], options: InternalOptions<"oauth" | "oidc">): Promise<{
|
|
14
|
+
profile: Profile;
|
|
15
|
+
cookies: Cookie[];
|
|
16
|
+
user?: {
|
|
17
|
+
id: `${string}-${string}-${string}-${string}-${string}`;
|
|
18
|
+
email: string | undefined;
|
|
19
|
+
name?: string | null | undefined;
|
|
20
|
+
image?: string | null | undefined;
|
|
21
|
+
} | undefined;
|
|
22
|
+
account?: {
|
|
23
|
+
provider: string;
|
|
24
|
+
type: "oauth" | "oidc";
|
|
25
|
+
providerAccountId: string;
|
|
26
|
+
access_token?: string | undefined;
|
|
27
|
+
expires_in?: number | undefined;
|
|
28
|
+
id_token?: string | undefined;
|
|
29
|
+
refresh_token?: string | undefined;
|
|
30
|
+
scope?: string | undefined;
|
|
31
|
+
authorization_details?: o.AuthorizationDetails[] | undefined;
|
|
32
|
+
token_type?: "bearer" | "dpop" | Lowercase<string> | undefined;
|
|
33
|
+
expires_at?: number | undefined;
|
|
34
|
+
} | undefined;
|
|
35
|
+
}>;
|
|
36
|
+
//# sourceMappingURL=callback.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/lib/actions/callback/oauth/callback.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAA;AAMjC,OAAO,KAAK,EAEV,eAAe,EAEf,OAAO,EACP,eAAe,EAGhB,MAAM,sBAAsB,CAAA;AAE7B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAA;AAoBtD;;;;;;;;GAQG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,EAChC,OAAO,EAAE,eAAe,CAAC,SAAS,CAAC,EACnC,OAAO,EAAE,eAAe,CAAC,OAAO,GAAG,MAAM,CAAC;;;;;;;;;;;;;;;;;;;;;;GA4P3C"}
|