@mulverse/mulguard-core 1.0.0

package/src/providers/identity-server4.ts

@@ -0,0 +1,78 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>IdentityServer4</b> integration.</span>
+ * <a href="https://identityserver4.readthedocs.io">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/identity-server4.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/identity-server4
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js"
+
+/**
+ * Add IdentityServer4 login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/identity-server4
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import IdentityServer4 from "@auth/core/providers/identity-server4"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     IdentityServer4({
+ *       clientId: IDENTITY_SERVER4_CLIENT_ID,
+ *       clientSecret: IDENTITY_SERVER4_CLIENT_SECRET,
+ *       issuer: IDENTITY_SERVER4_ISSUER,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [IdentityServer4 OAuth documentation](https://identityserver4.readthedocs.io/en/latest/)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the IdentityServer4 provider is
+ * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
+ *
+ * :::warning
+ * IdentityServer4 is discontinued and only releases security updates until November 2022. You should consider an alternative provider.
+ * :::
+ * :::tip
+ *
+ * The IdentityServer4 provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/identity-server4.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function IdentityServer4(
+  options: OAuthUserConfig<Record<string, any>>
+): OAuthConfig<Record<string, any>> {
+  return {
+    id: "identity-server4",
+    name: "IdentityServer4",
+    type: "oidc",
+    options,
+  }
+}

package/src/providers/index.ts

@@ -0,0 +1,115 @@
+import type { Profile } from "../types.js"
+import CredentialsProvider from "./credentials.js"
+import type { CredentialsConfig, CredentialsProviderId } from "./credentials.js"
+import type EmailProvider from "./email.js"
+import type { EmailConfig, EmailProviderId } from "./email.js"
+import type {
+  OAuth2Config,
+  OAuthConfig,
+  OAuthProviderId,
+  OIDCConfig,
+} from "./oauth.js"
+import type { WebAuthnConfig, WebAuthnProviderType } from "./webauthn.js"
+
+export * from "./credentials.js"
+export * from "./email.js"
+export * from "./oauth.js"
+
+/**
+ * Providers passed to Auth.js must define one of these types.
+ *
+ * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3)
+ * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
+ * @see [Email or Passwordless Authentication](https://authjs.dev/concepts/oauth)
+ * @see [Credentials-based Authentication](https://authjs.dev/getting-started/providers/credentials)
+ */
+export type ProviderType =
+  | "oidc"
+  | "oauth"
+  | "email"
+  | "credentials"
+  | WebAuthnProviderType
+
+/** Shared across all {@link ProviderType} */
+export interface CommonProviderOptions {
+  /**
+   * Uniquely identifies the provider in {@link AuthConfig.providers}
+   * It's also part of the URL
+   */
+  id: string
+  /**
+   * The provider name used on the default sign-in page's sign-in button.
+   * For example if it's "Google", the corresponding button will say:
+   * "Sign in with Google"
+   */
+  name: string
+  /** See {@link ProviderType} */
+  type: ProviderType
+}
+
+interface InternalProviderOptions {
+  /** Used to deep merge user-provided config with the default config
+   */
+  options?: Record<string, unknown>
+}
+
+/**
+ * Must be a supported authentication provider config:
+ * - {@link OAuthConfig}
+ * - {@link EmailConfigInternal}
+ * - {@link CredentialsConfigInternal}
+ *
+ * For more information, see the guides:
+ *
+ * @see [OAuth/OIDC guide](https://authjs.dev/guides/providers/custom-provider)
+ * @see [Email (Passwordless) guide](https://authjs.dev/guides/providers/email)
+ * @see [Credentials guide](https://authjs.dev/getting-started/providers/credentials)
+ */
+export type Provider<P extends Profile = any> = (
+  | ((
+      | OIDCConfig<P>
+      | OAuth2Config<P>
+      | EmailConfig
+      | CredentialsConfig
+      | WebAuthnConfig
+    ) &
+      InternalProviderOptions)
+  | ((
+      ...args: any
+    ) => (
+      | OAuth2Config<P>
+      | OIDCConfig<P>
+      | EmailConfig
+      | CredentialsConfig
+      | WebAuthnConfig
+    ) &
+      InternalProviderOptions)
+) &
+  InternalProviderOptions
+
+export type BuiltInProviders = Record<
+  OAuthProviderId,
+  (config: Partial<OAuthConfig<any>>) => OAuthConfig<any>
+> &
+  Record<CredentialsProviderId, typeof CredentialsProvider> &
+  Record<EmailProviderId, typeof EmailProvider> &
+  Record<
+    WebAuthnProviderType,
+    (config: Partial<WebAuthnConfig>) => WebAuthnConfig
+  >
+
+export type AppProviders = Array<
+  Provider | ReturnType<BuiltInProviders[keyof BuiltInProviders]>
+>
+
+export interface AppProvider extends CommonProviderOptions {
+  signinUrl: string
+  callbackUrl: string
+}
+
+export type ProviderId =
+  | CredentialsProviderId
+  | EmailProviderId
+  | OAuthProviderId
+  | WebAuthnProviderType
+  | (string & {}) // HACK: To allow user-defined providers in `signIn`

package/src/providers/instagram.ts

@@ -0,0 +1,103 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Instagram</b> integration.</span>
+ * <a href="https://www.instagram.com/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/instagram.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/instagram
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js"
+
+/**
+ * Add Instagram login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/instagram
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Instagram from "@auth/core/providers/instagram"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Instagram({
+ *       clientId: INSTAGRAM_CLIENT_ID,
+ *       clientSecret: INSTAGRAM_CLIENT_SECRET,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Instagram OAuth documentation](https://developers.facebook.com/docs/instagram-basic-display-api/getting-started)
+ *  - [Instagram OAuth apps](https://developers.facebook.com/apps/)
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Instagram provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ *
+ * :::warning
+ * Email address is not returned by the Instagram API.
+ * :::
+ *
+ * :::tip
+ * Instagram display app required callback URL to be configured in your Facebook app and Facebook required you to use **https** even for localhost! In order to do that, you either need to [add an SSL to your localhost](https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/) or use a proxy such as [ngrok](https://ngrok.com/docs).
+ * :::
+ * :::tip
+ *
+ * The Instagram provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/instagram.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Instagram(
+  config: OAuthUserConfig<Record<string, any>>
+): OAuthConfig<Record<string, any>> {
+  return {
+    id: "instagram",
+    name: "Instagram",
+    type: "oauth",
+    authorization:
+      "https://api.instagram.com/oauth/authorize?scope=user_profile",
+    token: "https://api.instagram.com/oauth/access_token",
+    userinfo:
+      "https://graph.instagram.com/me?fields=id,username,account_type,name",
+    client: {
+      token_endpoint_auth_method: "client_secret_post",
+    },
+    async profile(profile) {
+      return {
+        id: profile.id,
+        name: profile.username,
+        email: null,
+        image: null,
+      }
+    },
+    style: {
+      bg: "#fff",
+      text: "#000",
+    },
+    options: config,
+  }
+}

package/src/providers/kakao.ts

@@ -0,0 +1,184 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Kakao</b> integration.</span>
+ * <a href="https://www.kakaocorp.com/page/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/kakao.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/kakao
+ */
+import type { OAuthConfig, OAuthUserConfig } from "./index.js"
+
+export type DateTime = string
+export type Gender = "female" | "male"
+export type Birthday = "SOLAR" | "LUNAR"
+export type AgeRange =
+  | "1-9"
+  | "10-14"
+  | "15-19"
+  | "20-29"
+  | "30-39"
+  | "40-49"
+  | "50-59"
+  | "60-69"
+  | "70-79"
+  | "80-89"
+  | "90-"
+
+/**
+ * https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#req-user-info
+ * type from : https://gist.github.com/ziponia/cdce1ebd88f979b2a6f3f53416b56a77
+ */
+export interface KakaoProfile extends Record<string, any> {
+  id: number
+  has_signed_up?: boolean
+  connected_at?: DateTime
+  synched_at?: DateTime
+  properties?: {
+    id?: string
+    status?: string
+    registered_at?: DateTime
+    msg_blocked?: boolean
+    nickname?: string
+    profile_image?: string
+    thumbnail_image?: string
+  }
+  kakao_account?: {
+    profile_needs_agreement?: boolean
+    profile_nickname_needs_agreement?: boolean
+    profile_image_needs_agreement?: boolean
+    profile?: {
+      nickname?: string
+      thumbnail_image_url?: string
+      profile_image_url?: string
+      is_default_image?: boolean
+    }
+    name_needs_agreement?: boolean
+    name?: string
+    email_needs_agreement?: boolean
+    is_email_valid?: boolean
+    is_email_verified?: boolean
+    email?: string
+    age_range_needs_agreement?: boolean
+    age_range?: AgeRange
+    birthyear_needs_agreement?: boolean
+    birthyear?: string
+    birthday_needs_agreement?: boolean
+    birthday?: string
+    birthday_type?: Birthday
+    gender_needs_agreement?: boolean
+    gender?: Gender
+    phone_number_needs_agreement?: boolean
+    phone_number?: string
+    ci_needs_agreement?: boolean
+    ci?: string
+    ci_authenticated_at?: DateTime
+  }
+}
+
+/**
+ * Add Kakao login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/kakao
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Kakao from "@auth/core/providers/kakao"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Kakao({ clientId: KAKAO_CLIENT_ID, clientSecret: KAKAO_CLIENT_SECRET }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Kakao OAuth documentation](https://developers.kakao.com/product/kakaoLogin)
+ *  - [Kakao OAuth configuration](https://developers.kakao.com/docs/latest/en/kakaologin/common)
+ *
+ * ## Configuration
+ * Create a provider and a Kakao application at https://developers.kakao.com/console/app. In the settings of the app under Kakao Login, activate web app, change consent items and configure callback URL.
+ *
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Kakao provider is
+ * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification.
+ *
+ *
+ * The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path. For example;
+ *
+ * ![스크린샷 2023-11-28 오후 9 27 41](https://github.com/nextauthjs/next-auth/assets/66895208/7d4c2df6-45a6-4937-bb10-4b47c987bff4)
+ *
+ * - For production: `https://{YOUR_DOMAIN}/api/auth/callback/kakao`
+ * - For development: `http://localhost:3000/api/auth/callback/kakao`
+ *
+ * :::tip
+ *
+ * The Kakao provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/kakao.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::tip
+ *
+ * Kakao's client key is in **Summary(It is written as 요약정보 in Korean.) tab's App Keys Field**
+ * (My Application > App Settings > Summary)
+ *
+ * ![스크린샷 2023-11-28 오후 9 47 17](https://github.com/nextauthjs/next-auth/assets/66895208/a87e5705-26b9-4f83-99d7-6df097a3632c)
+ *
+ * Kakao's clientSecret key is in **Security(It is written as 보안 in Korean.) tab's App Keys Field**
+ * (My Application > Product Settings > Kakao Login > Security)
+ *
+ * ![스크린샷 2023-11-28 오후 9 38 25](https://github.com/nextauthjs/next-auth/assets/66895208/6a763921-4f70-40f4-a3e1-9abc78276d45)
+ *
+ * :::
+ *
+ * :::tip
+ *
+ * Kakao dev console has a button at the top right to change from KR to ENG
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Kakao<P extends KakaoProfile>(
+  options: OAuthUserConfig<P>
+): OAuthConfig<P> {
+  return {
+    id: "kakao",
+    name: "Kakao",
+    type: "oauth",
+    authorization: "https://kauth.kakao.com/oauth/authorize?scope",
+    token: "https://kauth.kakao.com/oauth/token",
+    userinfo: "https://kapi.kakao.com/v2/user/me",
+    client: {
+      token_endpoint_auth_method: "client_secret_post",
+    },
+    profile(profile) {
+      return {
+        id: profile.id.toString(),
+        name: profile.kakao_account?.profile?.nickname,
+        email: profile.kakao_account?.email,
+        image: profile.kakao_account?.profile?.profile_image_url,
+      }
+    },
+    options,
+  }
+}

package/src/providers/keycloak.ts

@@ -0,0 +1,111 @@
+/**
+ * <div class="provider" style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Keycloak</b> integration.</span>
+ * <a href="https://keycloak.com">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/keycloak.svg" height="48" width="48"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/keycloak
+ */
+import type { OIDCConfig, OIDCUserConfig } from "./index.js"
+
+export interface KeycloakProfile extends Record<string, any> {
+  exp: number
+  iat: number
+  auth_time: number
+  jti: string
+  iss: string
+  aud: string
+  sub: string
+  typ: string
+  azp: string
+  session_state: string
+  at_hash: string
+  acr: string
+  sid: string
+  email_verified: boolean
+  name: string
+  preferred_username: string
+  given_name: string
+  family_name: string
+  email: string
+  picture: string
+  user: any
+}
+
+/**
+ * Add Keycloak login to your page.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/keycloak
+ * ```
+ *
+ * #### Configuration
+ *```ts
+ * import { Auth } from "@auth/core"
+ * import Keycloak from "@auth/core/providers/keycloak"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Keycloak({
+ *       clientId: KEYCLOAK_CLIENT_ID,
+ *       clientSecret: KEYCLOAK_CLIENT_SECRET,
+ *       issuer: KEYCLOAK_ISSUER,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Keycloak OIDC documentation](https://www.keycloak.org/docs/latest/server_admin/#_oidc_clients)
+ *
+ * :::tip
+ *
+ * Create an openid-connect client in Keycloak with "confidential" as the "Access Type".
+ *
+ * :::
+ *
+ * :::note
+ *
+ * issuer should include the realm – e.g. https://my-keycloak-domain.com/realms/My_Realm
+ *
+ * :::
+ * ### Notes
+ *
+ * By default, Auth.js assumes that the Keycloak provider is
+ * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
+ *
+ * :::tip
+ *
+ * The Keycloak provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/keycloak.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Keycloak<P extends KeycloakProfile>(
+  options: OIDCUserConfig<P>
+): OIDCConfig<P> {
+  return {
+    id: "keycloak",
+    name: "Keycloak",
+    type: "oidc",
+    style: { brandColor: "#428bca" },
+    options,
+  }
+}

package/src/providers/kinde.ts

@@ -0,0 +1,85 @@
+/**
+ * <div class="provider" style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
+ * <span style={{fontSize: "1.35rem" }}>
+ *  Built-in sign in with <b>Kinde</b> integration.
+ * </span>
+ * <a href="https://kinde.com" style={{backgroundColor: "#0F0F0F", padding: "12px", borderRadius: "100%" }}>
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/kinde.svg" width="24"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/kinde
+ */
+import type { OIDCConfig, OIDCUserConfig } from "./index.js"
+
+/** The returned user profile from Kinde when using the profile callback. [Reference](https://kinde.com/api/docs/#get-user-profile). */
+export interface KindeProfile extends Record<string, any> {
+  /** The user's given name. */
+  first_name: string
+  /** The user's unique identifier. */
+  id: string
+  /** The user's family name. */
+  last_name: string
+  /** URL pointing to the user's profile picture. */
+  picture: string
+  /** The user's email address. */
+  preferred_email: string
+  /** The user's identifier from a previous system. */
+  provided_id: string
+  /** The user's username. */
+  username: string
+}
+
+/**
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/kinde
+ * ```
+ *
+ * #### Configuration
+ * ```ts
+ * import { Auth } from "@auth/core"
+ * import Kinde from "@auth/core/providers/kinde"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [
+ *     Kinde({
+ *       clientId: KINDE_CLIENT_ID,
+ *       clientSecret: KINDE_CLIENT_SECRET,
+ *       issuer: KINDE_DOMAIN,
+ *     }),
+ *   ],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Kinde docs](https://docs.kinde.com/)
+ *
+ * ### Notes
+ *
+ * The Kinde provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/kinde.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * ## Help
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ */
+export default function Kinde(
+  config: OIDCUserConfig<KindeProfile>
+): OIDCConfig<KindeProfile> {
+  return {
+    id: "kinde",
+    name: "Kinde",
+    type: "oidc",
+    style: { text: "#0F0F0F", bg: "#fff" },
+    options: config,
+    checks: ["state", "pkce"],
+  }
+}