npm - @mulverse/mulguard-core - Versions diffs - 1.0.0 - Mend

@mulverse/mulguard-core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (600) hide show

package/README.md +24 -0
package/adapters.d.ts +522 -0
package/adapters.d.ts.map +1 -0
package/adapters.js +170 -0
package/errors.d.ts +429 -0
package/errors.d.ts.map +1 -0
package/errors.js +473 -0
package/index.d.ts +547 -0
package/index.d.ts.map +1 -0
package/index.js +142 -0
package/jwt.d.ts +132 -0
package/jwt.d.ts.map +1 -0
package/jwt.js +123 -0
package/lib/actions/callback/handle-login.d.ts +35 -0
package/lib/actions/callback/handle-login.d.ts.map +1 -0
package/lib/actions/callback/handle-login.js +275 -0
package/lib/actions/callback/index.d.ts +5 -0
package/lib/actions/callback/index.d.ts.map +1 -0
package/lib/actions/callback/index.js +409 -0
package/lib/actions/callback/oauth/callback.d.ts +36 -0
package/lib/actions/callback/oauth/callback.d.ts.map +1 -0
package/lib/actions/callback/oauth/callback.js +248 -0
package/lib/actions/callback/oauth/checks.d.ts +70 -0
package/lib/actions/callback/oauth/checks.d.ts.map +1 -0
package/lib/actions/callback/oauth/checks.js +188 -0
package/lib/actions/callback/oauth/csrf-token.d.ts +33 -0
package/lib/actions/callback/oauth/csrf-token.d.ts.map +1 -0
package/lib/actions/callback/oauth/csrf-token.js +39 -0
package/lib/actions/index.d.ts +6 -0
package/lib/actions/index.d.ts.map +1 -0
package/lib/actions/index.js +5 -0
package/lib/actions/session.d.ts +5 -0
package/lib/actions/session.d.ts.map +1 -0
package/lib/actions/session.js +127 -0
package/lib/actions/signin/authorization-url.d.ts +12 -0
package/lib/actions/signin/authorization-url.d.ts.map +1 -0
package/lib/actions/signin/authorization-url.js +94 -0
package/lib/actions/signin/index.d.ts +4 -0
package/lib/actions/signin/index.d.ts.map +1 -0
package/lib/actions/signin/index.js +22 -0
package/lib/actions/signin/send-token.d.ts +10 -0
package/lib/actions/signin/send-token.d.ts.map +1 -0
package/lib/actions/signin/send-token.js +98 -0
package/lib/actions/signout.d.ts +11 -0
package/lib/actions/signout.d.ts.map +1 -0
package/lib/actions/signout.js +30 -0
package/lib/actions/webauthn-options.d.ts +8 -0
package/lib/actions/webauthn-options.d.ts.map +1 -0
package/lib/actions/webauthn-options.js +60 -0
package/lib/index.d.ts +2 -0
package/lib/index.d.ts.map +1 -0
package/lib/index.js +70 -0
package/lib/init.d.ts +25 -0
package/lib/init.d.ts.map +1 -0
package/lib/init.js +172 -0
package/lib/pages/error.d.ts +17 -0
package/lib/pages/error.d.ts.map +1 -0
package/lib/pages/error.js +40 -0
package/lib/pages/index.d.ts +42 -0
package/lib/pages/index.d.ts.map +1 -0
package/lib/pages/index.js +136 -0
package/lib/pages/signin.d.ts +10 -0
package/lib/pages/signin.d.ts.map +1 -0
package/lib/pages/signin.js +75 -0
package/lib/pages/signout.d.ts +8 -0
package/lib/pages/signout.d.ts.map +1 -0
package/lib/pages/signout.js +17 -0
package/lib/pages/styles.d.ts +3 -0
package/lib/pages/styles.d.ts.map +1 -0
package/lib/pages/styles.js +381 -0
package/lib/pages/verify-request.d.ts +8 -0
package/lib/pages/verify-request.d.ts.map +1 -0
package/lib/pages/verify-request.js +11 -0
package/lib/symbols.d.ts +50 -0
package/lib/symbols.d.ts.map +1 -0
package/lib/symbols.js +57 -0
package/lib/utils/actions.d.ts +3 -0
package/lib/utils/actions.d.ts.map +1 -0
package/lib/utils/actions.js +14 -0
package/lib/utils/assert.d.ts +14 -0
package/lib/utils/assert.d.ts.map +1 -0
package/lib/utils/assert.js +168 -0
package/lib/utils/callback-url.d.ts +17 -0
package/lib/utils/callback-url.d.ts.map +1 -0
package/lib/utils/callback-url.js +27 -0
package/lib/utils/cookie.d.ts +111 -0
package/lib/utils/cookie.d.ts.map +1 -0
package/lib/utils/cookie.js +205 -0
package/lib/utils/date.d.ts +7 -0
package/lib/utils/date.d.ts.map +1 -0
package/lib/utils/date.js +8 -0
package/lib/utils/email.d.ts +20 -0
package/lib/utils/email.d.ts.map +1 -0
package/lib/utils/email.js +57 -0
package/lib/utils/env.d.ts +9 -0
package/lib/utils/env.d.ts.map +1 -0
package/lib/utils/env.js +96 -0
package/lib/utils/logger.d.ts +18 -0
package/lib/utils/logger.d.ts.map +1 -0
package/lib/utils/logger.js +50 -0
package/lib/utils/merge.d.ts +3 -0
package/lib/utils/merge.d.ts.map +1 -0
package/lib/utils/merge.js +23 -0
package/lib/utils/providers.d.ts +19 -0
package/lib/utils/providers.d.ts.map +1 -0
package/lib/utils/providers.js +149 -0
package/lib/utils/session.d.ts +7 -0
package/lib/utils/session.d.ts.map +1 -0
package/lib/utils/session.js +29 -0
package/lib/utils/web.d.ts +10 -0
package/lib/utils/web.d.ts.map +1 -0
package/lib/utils/web.js +109 -0
package/lib/utils/webauthn-client.d.ts +30 -0
package/lib/utils/webauthn-client.d.ts.map +1 -0
package/lib/utils/webauthn-client.js +197 -0
package/lib/utils/webauthn-utils.d.ts +81 -0
package/lib/utils/webauthn-utils.d.ts.map +1 -0
package/lib/utils/webauthn-utils.js +343 -0
package/lib/vendored/cookie.d.ts +120 -0
package/lib/vendored/cookie.d.ts.map +1 -0
package/lib/vendored/cookie.js +237 -0
package/package.json +118 -0
package/providers/42-school.d.ts +240 -0
package/providers/42-school.d.ts.map +1 -0
package/providers/42-school.js +78 -0
package/providers/apple.d.ts +149 -0
package/providers/apple.d.ts.map +1 -0
package/providers/apple.js +104 -0
package/providers/asgardeo.d.ts +102 -0
package/providers/asgardeo.d.ts.map +1 -0
package/providers/asgardeo.js +93 -0
package/providers/atlassian.d.ts +94 -0
package/providers/atlassian.d.ts.map +1 -0
package/providers/atlassian.js +84 -0
package/providers/auth0.d.ts +116 -0
package/providers/auth0.d.ts.map +1 -0
package/providers/auth0.js +49 -0
package/providers/authentik.d.ts +90 -0
package/providers/authentik.d.ts.map +1 -0
package/providers/authentik.js +65 -0
package/providers/azure-ad-b2c.d.ts +104 -0
package/providers/azure-ad-b2c.d.ts.map +1 -0
package/providers/azure-ad-b2c.js +100 -0
package/providers/azure-ad.d.ts +19 -0
package/providers/azure-ad.d.ts.map +1 -0
package/providers/azure-ad.js +23 -0
package/providers/azure-devops.d.ts +128 -0
package/providers/azure-devops.d.ts.map +1 -0
package/providers/azure-devops.js +158 -0
package/providers/bankid-no.d.ts +134 -0
package/providers/bankid-no.d.ts.map +1 -0
package/providers/bankid-no.js +65 -0
package/providers/battlenet.d.ts +85 -0
package/providers/battlenet.d.ts.map +1 -0
package/providers/battlenet.js +81 -0
package/providers/beyondidentity.d.ts +77 -0
package/providers/beyondidentity.d.ts.map +1 -0
package/providers/beyondidentity.js +84 -0
package/providers/bitbucket.d.ts +89 -0
package/providers/bitbucket.d.ts.map +1 -0
package/providers/bitbucket.js +92 -0
package/providers/box.d.ts +63 -0
package/providers/box.d.ts.map +1 -0
package/providers/box.js +73 -0
package/providers/boxyhq-saml.d.ts +121 -0
package/providers/boxyhq-saml.d.ts.map +1 -0
package/providers/boxyhq-saml.js +127 -0
package/providers/bungie.d.ts +167 -0
package/providers/bungie.d.ts.map +1 -0
package/providers/bungie.js +174 -0
package/providers/click-up.d.ts +75 -0
package/providers/click-up.d.ts.map +1 -0
package/providers/click-up.js +89 -0
package/providers/cognito.d.ts +81 -0
package/providers/cognito.d.ts.map +1 -0
package/providers/cognito.js +73 -0
package/providers/coinbase.d.ts +69 -0
package/providers/coinbase.d.ts.map +1 -0
package/providers/coinbase.js +78 -0
package/providers/concept2.d.ts +81 -0
package/providers/concept2.d.ts.map +1 -0
package/providers/concept2.js +86 -0
package/providers/credentials.d.ts +132 -0
package/providers/credentials.d.ts.map +1 -0
package/providers/credentials.js +74 -0
package/providers/descope.d.ts +91 -0
package/providers/descope.d.ts.map +1 -0
package/providers/descope.js +78 -0
package/providers/discord.d.ts +139 -0
package/providers/discord.d.ts.map +1 -0
package/providers/discord.js +86 -0
package/providers/dribbble.d.ts +88 -0
package/providers/dribbble.d.ts.map +1 -0
package/providers/dribbble.js +85 -0
package/providers/dropbox.d.ts +65 -0
package/providers/dropbox.d.ts.map +1 -0
package/providers/dropbox.js +88 -0
package/providers/duende-identity-server6.d.ts +91 -0
package/providers/duende-identity-server6.d.ts.map +1 -0
package/providers/duende-identity-server6.js +80 -0
package/providers/email.d.ts +41 -0
package/providers/email.d.ts.map +1 -0
package/providers/email.js +18 -0
package/providers/eventbrite.d.ts +78 -0
package/providers/eventbrite.d.ts.map +1 -0
package/providers/eventbrite.js +88 -0
package/providers/eveonline.d.ts +94 -0
package/providers/eveonline.d.ts.map +1 -0
package/providers/eveonline.js +92 -0
package/providers/facebook.d.ts +84 -0
package/providers/facebook.d.ts.map +1 -0
package/providers/facebook.js +93 -0
package/providers/faceit.d.ts +64 -0
package/providers/faceit.d.ts.map +1 -0
package/providers/faceit.js +74 -0
package/providers/figma.d.ts +75 -0
package/providers/figma.d.ts.map +1 -0
package/providers/figma.js +81 -0
package/providers/forwardemail.d.ts +4 -0
package/providers/forwardemail.d.ts.map +1 -0
package/providers/forwardemail.js +32 -0
package/providers/foursquare.d.ts +71 -0
package/providers/foursquare.d.ts.map +1 -0
package/providers/foursquare.js +91 -0
package/providers/freshbooks.d.ts +66 -0
package/providers/freshbooks.d.ts.map +1 -0
package/providers/freshbooks.js +76 -0
package/providers/frontegg.d.ts +95 -0
package/providers/frontegg.d.ts.map +1 -0
package/providers/frontegg.js +88 -0
package/providers/fusionauth.d.ts +279 -0
package/providers/fusionauth.d.ts.map +1 -0
package/providers/fusionauth.js +292 -0
package/providers/github.d.ts +127 -0
package/providers/github.d.ts.map +1 -0
package/providers/github.js +115 -0
package/providers/gitlab.d.ts +115 -0
package/providers/gitlab.d.ts.map +1 -0
package/providers/gitlab.js +75 -0
package/providers/google.d.ts +138 -0
package/providers/google.d.ts.map +1 -0
package/providers/google.js +119 -0
package/providers/hubspot.d.ts +76 -0
package/providers/hubspot.d.ts.map +1 -0
package/providers/hubspot.js +93 -0
package/providers/huggingface.d.ts +216 -0
package/providers/huggingface.d.ts.map +1 -0
package/providers/huggingface.js +101 -0
package/providers/identity-server4.d.ts +69 -0
package/providers/identity-server4.d.ts.map +1 -0
package/providers/identity-server4.js +64 -0
package/providers/index.d.ts +61 -0
package/providers/index.d.ts.map +1 -0
package/providers/index.js +3 -0
package/providers/instagram.d.ts +74 -0
package/providers/instagram.d.ts.map +1 -0
package/providers/instagram.js +87 -0
package/providers/kakao.d.ts +148 -0
package/providers/kakao.d.ts.map +1 -0
package/providers/kakao.js +103 -0
package/providers/keycloak.d.ts +100 -0
package/providers/keycloak.d.ts.map +1 -0
package/providers/keycloak.js +73 -0
package/providers/kinde.d.ts +73 -0
package/providers/kinde.d.ts.map +1 -0
package/providers/kinde.js +51 -0
package/providers/line.d.ts +83 -0
package/providers/line.d.ts.map +1 -0
package/providers/line.js +73 -0
package/providers/linkedin.d.ts +77 -0
package/providers/linkedin.d.ts.map +1 -0
package/providers/linkedin.js +65 -0
package/providers/logto.d.ts +98 -0
package/providers/logto.d.ts.map +1 -0
package/providers/logto.js +81 -0
package/providers/loops.d.ts +40 -0
package/providers/loops.d.ts.map +1 -0
package/providers/loops.js +59 -0
package/providers/mailchimp.d.ts +66 -0
package/providers/mailchimp.d.ts.map +1 -0
package/providers/mailchimp.js +76 -0
package/providers/mailgun.d.ts +55 -0
package/providers/mailgun.d.ts.map +1 -0
package/providers/mailgun.js +74 -0
package/providers/mailru.d.ts +63 -0
package/providers/mailru.d.ts.map +1 -0
package/providers/mailru.js +61 -0
package/providers/mastodon.d.ts +90 -0
package/providers/mastodon.d.ts.map +1 -0
package/providers/mastodon.js +75 -0
package/providers/mattermost.d.ts +132 -0
package/providers/mattermost.d.ts.map +1 -0
package/providers/mattermost.js +83 -0
package/providers/medium.d.ts +68 -0
package/providers/medium.d.ts.map +1 -0
package/providers/medium.js +84 -0
package/providers/microsoft-entra-id.d.ts +428 -0
package/providers/microsoft-entra-id.d.ts.map +1 -0
package/providers/microsoft-entra-id.js +156 -0
package/providers/naver.d.ts +80 -0
package/providers/naver.d.ts.map +1 -0
package/providers/naver.js +79 -0
package/providers/netlify.d.ts +66 -0
package/providers/netlify.d.ts.map +1 -0
package/providers/netlify.js +85 -0
package/providers/netsuite.d.ts +189 -0
package/providers/netsuite.d.ts.map +1 -0
package/providers/netsuite.js +170 -0
package/providers/nextcloud.d.ts +150 -0
package/providers/nextcloud.d.ts.map +1 -0
package/providers/nextcloud.js +99 -0
package/providers/nodemailer.d.ts +27 -0
package/providers/nodemailer.d.ts.map +1 -0
package/providers/nodemailer.js +34 -0
package/providers/notion.d.ts +99 -0
package/providers/notion.d.ts.map +1 -0
package/providers/notion.js +110 -0
package/providers/oauth.d.ts +188 -0
package/providers/oauth.d.ts.map +1 -0
package/providers/oauth.js +1 -0
package/providers/okta.d.ts +99 -0
package/providers/okta.d.ts.map +1 -0
package/providers/okta.js +63 -0
package/providers/onelogin.d.ts +65 -0
package/providers/onelogin.d.ts.map +1 -0
package/providers/onelogin.js +61 -0
package/providers/ory-hydra.d.ts +79 -0
package/providers/ory-hydra.d.ts.map +1 -0
package/providers/ory-hydra.js +67 -0
package/providers/osso.d.ts +79 -0
package/providers/osso.d.ts.map +1 -0
package/providers/osso.js +77 -0
package/providers/osu.d.ts +116 -0
package/providers/osu.d.ts.map +1 -0
package/providers/osu.js +75 -0
package/providers/passage.d.ts +88 -0
package/providers/passage.d.ts.map +1 -0
package/providers/passage.js +75 -0
package/providers/passkey.d.ts +65 -0
package/providers/passkey.d.ts.map +1 -0
package/providers/passkey.js +87 -0
package/providers/patreon.d.ts +73 -0
package/providers/patreon.d.ts.map +1 -0
package/providers/patreon.js +77 -0
package/providers/ping-id.d.ts +57 -0
package/providers/ping-id.d.ts.map +1 -0
package/providers/ping-id.js +40 -0
package/providers/pinterest.d.ts +79 -0
package/providers/pinterest.d.ts.map +1 -0
package/providers/pinterest.js +85 -0
package/providers/pipedrive.d.ts +99 -0
package/providers/pipedrive.d.ts.map +1 -0
package/providers/pipedrive.js +71 -0
package/providers/postmark.d.ts +4 -0
package/providers/postmark.d.ts.map +1 -0
package/providers/postmark.js +36 -0
package/providers/provider-types.d.ts +3 -0
package/providers/provider-types.d.ts.map +1 -0
package/providers/provider-types.js +1 -0
package/providers/reddit.d.ts +88 -0
package/providers/reddit.d.ts.map +1 -0
package/providers/reddit.js +90 -0
package/providers/resend.d.ts +4 -0
package/providers/resend.d.ts.map +1 -0
package/providers/resend.js +32 -0
package/providers/roblox.d.ts +67 -0
package/providers/roblox.d.ts.map +1 -0
package/providers/roblox.js +53 -0
package/providers/salesforce.d.ts +59 -0
package/providers/salesforce.d.ts.map +1 -0
package/providers/salesforce.js +52 -0
package/providers/sendgrid.d.ts +4 -0
package/providers/sendgrid.d.ts.map +1 -0
package/providers/sendgrid.js +35 -0
package/providers/simplelogin.d.ts +87 -0
package/providers/simplelogin.d.ts.map +1 -0
package/providers/simplelogin.js +83 -0
package/providers/slack.d.ts +102 -0
package/providers/slack.d.ts.map +1 -0
package/providers/slack.js +69 -0
package/providers/spotify.d.ts +75 -0
package/providers/spotify.d.ts.map +1 -0
package/providers/spotify.js +73 -0
package/providers/strava.d.ts +68 -0
package/providers/strava.d.ts.map +1 -0
package/providers/strava.js +80 -0
package/providers/threads.d.ts +108 -0
package/providers/threads.d.ts.map +1 -0
package/providers/threads.js +89 -0
package/providers/tiktok.d.ts +248 -0
package/providers/tiktok.d.ts.map +1 -0
package/providers/tiktok.js +195 -0
package/providers/todoist.d.ts +76 -0
package/providers/todoist.d.ts.map +1 -0
package/providers/todoist.js +97 -0
package/providers/trakt.d.ts +93 -0
package/providers/trakt.d.ts.map +1 -0
package/providers/trakt.js +91 -0
package/providers/twitch.d.ts +71 -0
package/providers/twitch.d.ts.map +1 -0
package/providers/twitch.js +96 -0
package/providers/twitter.d.ts +183 -0
package/providers/twitter.d.ts.map +1 -0
package/providers/twitter.js +100 -0
package/providers/united-effects.d.ts +80 -0
package/providers/united-effects.d.ts.map +1 -0
package/providers/united-effects.js +72 -0
package/providers/vipps.d.ts +71 -0
package/providers/vipps.d.ts.map +1 -0
package/providers/vipps.js +33 -0
package/providers/vk.d.ts +334 -0
package/providers/vk.d.ts.map +1 -0
package/providers/vk.js +103 -0
package/providers/webauthn.d.ts +148 -0
package/providers/webauthn.d.ts.map +1 -0
package/providers/webauthn.js +128 -0
package/providers/webex.d.ts +78 -0
package/providers/webex.d.ts.map +1 -0
package/providers/webex.js +73 -0
package/providers/wechat.d.ts +78 -0
package/providers/wechat.d.ts.map +1 -0
package/providers/wechat.js +105 -0
package/providers/wikimedia.d.ts +99 -0
package/providers/wikimedia.d.ts.map +1 -0
package/providers/wikimedia.js +90 -0
package/providers/wordpress.d.ts +65 -0
package/providers/wordpress.d.ts.map +1 -0
package/providers/wordpress.js +71 -0
package/providers/workos.d.ts +154 -0
package/providers/workos.d.ts.map +1 -0
package/providers/workos.js +143 -0
package/providers/yandex.d.ts +131 -0
package/providers/yandex.d.ts.map +1 -0
package/providers/yandex.js +80 -0
package/providers/zitadel.d.ts +117 -0
package/providers/zitadel.d.ts.map +1 -0
package/providers/zitadel.js +95 -0
package/providers/zoho.d.ts +63 -0
package/providers/zoho.d.ts.map +1 -0
package/providers/zoho.js +79 -0
package/providers/zoom.d.ts +93 -0
package/providers/zoom.d.ts.map +1 -0
package/providers/zoom.js +82 -0
package/src/adapters/server-actions-helpers.ts +126 -0
package/src/adapters.ts +603 -0
package/src/errors.ts +551 -0
package/src/index.ts +689 -0
package/src/jwt.ts +283 -0
package/src/lib/actions/callback/handle-login.ts +334 -0
package/src/lib/actions/callback/index.ts +554 -0
package/src/lib/actions/callback/oauth/callback.ts +347 -0
package/src/lib/actions/callback/oauth/checks.ts +258 -0
package/src/lib/actions/callback/oauth/csrf-token.ts +60 -0
package/src/lib/actions/index.ts +5 -0
package/src/lib/actions/session.ts +167 -0
package/src/lib/actions/signin/authorization-url.ts +123 -0
package/src/lib/actions/signin/index.ts +37 -0
package/src/lib/actions/signin/send-token.ts +124 -0
package/src/lib/actions/signout.ts +38 -0
package/src/lib/actions/webauthn-options.ts +100 -0
package/src/lib/index.ts +97 -0
package/src/lib/init.ts +236 -0
package/src/lib/pages/error.tsx +106 -0
package/src/lib/pages/index.ts +181 -0
package/src/lib/pages/signin.tsx +255 -0
package/src/lib/pages/signout.tsx +49 -0
package/src/lib/pages/styles.css +377 -0
package/src/lib/pages/styles.ts +381 -0
package/src/lib/pages/verify-request.tsx +36 -0
package/src/lib/symbols.ts +60 -0
package/src/lib/utils/actions.ts +17 -0
package/src/lib/utils/assert.ts +259 -0
package/src/lib/utils/callback-url.ts +42 -0
package/src/lib/utils/cookie.ts +248 -0
package/src/lib/utils/date.ts +8 -0
package/src/lib/utils/email.ts +65 -0
package/src/lib/utils/env.ts +113 -0
package/src/lib/utils/logger.ts +75 -0
package/src/lib/utils/merge.ts +30 -0
package/src/lib/utils/providers.ts +203 -0
package/src/lib/utils/session.ts +41 -0
package/src/lib/utils/web.ts +151 -0
package/src/lib/utils/webauthn-client.js +229 -0
package/src/lib/utils/webauthn-utils.ts +531 -0
package/src/lib/vendored/cookie.ts +383 -0
package/src/providers/42-school.ts +256 -0
package/src/providers/apple.ts +206 -0
package/src/providers/asgardeo.ts +118 -0
package/src/providers/atlassian.ts +120 -0
package/src/providers/auth0.ts +127 -0
package/src/providers/authentik.ts +100 -0
package/src/providers/azure-ad-b2c.ts +124 -0
package/src/providers/azure-ad.ts +30 -0
package/src/providers/azure-devops.ts +184 -0
package/src/providers/bankid-no.ts +161 -0
package/src/providers/battlenet.ts +107 -0
package/src/providers/beyondidentity.ts +102 -0
package/src/providers/bitbucket.ts +122 -0
package/src/providers/box.ts +87 -0
package/src/providers/boxyhq-saml.ts +148 -0
package/src/providers/bungie.ts +192 -0
package/src/providers/click-up.ts +104 -0
package/src/providers/cognito.ts +94 -0
package/src/providers/coinbase.ts +93 -0
package/src/providers/concept2.ts +108 -0
package/src/providers/credentials.ts +157 -0
package/src/providers/descope.ts +105 -0
package/src/providers/discord.ts +176 -0
package/src/providers/dribbble.ts +122 -0
package/src/providers/dropbox.ts +102 -0
package/src/providers/duende-identity-server6.ts +101 -0
package/src/providers/email.ts +60 -0
package/src/providers/eventbrite.ts +105 -0
package/src/providers/eveonline.ts +117 -0
package/src/providers/facebook.ts +119 -0
package/src/providers/faceit.ts +90 -0
package/src/providers/figma.ts +105 -0
package/src/providers/forwardemail.ts +37 -0
package/src/providers/foursquare.ts +105 -0
package/src/providers/freshbooks.ts +90 -0
package/src/providers/frontegg.ts +111 -0
package/src/providers/fusionauth.ts +336 -0
package/src/providers/github.ts +187 -0
package/src/providers/gitlab.ts +140 -0
package/src/providers/google.ts +152 -0
package/src/providers/hubspot.ts +117 -0
package/src/providers/huggingface.ts +234 -0
package/src/providers/identity-server4.ts +78 -0
package/src/providers/index.ts +115 -0
package/src/providers/instagram.ts +103 -0
package/src/providers/kakao.ts +184 -0
package/src/providers/keycloak.ts +111 -0
package/src/providers/kinde.ts +85 -0
package/src/providers/line.ts +99 -0
package/src/providers/linkedin.ts +91 -0
package/src/providers/logto.ts +122 -0
package/src/providers/loops.ts +79 -0
package/src/providers/mailchimp.ts +90 -0
package/src/providers/mailgun.ts +98 -0
package/src/providers/mailru.ts +75 -0
package/src/providers/mastodon.ts +112 -0
package/src/providers/mattermost.ts +154 -0
package/src/providers/medium.ts +89 -0
package/src/providers/microsoft-entra-id.ts +497 -0
package/src/providers/naver.ts +102 -0
package/src/providers/netlify.ts +90 -0
package/src/providers/netsuite.ts +225 -0
package/src/providers/nextcloud.ts +207 -0
package/src/providers/nodemailer.ts +84 -0
package/src/providers/notion.ts +166 -0
package/src/providers/oauth.ts +310 -0
package/src/providers/okta.ts +111 -0
package/src/providers/onelogin.ts +75 -0
package/src/providers/ory-hydra.ts +93 -0
package/src/providers/osso.ts +91 -0
package/src/providers/osu.ts +138 -0
package/src/providers/passage.ts +103 -0
package/src/providers/passkey.ts +94 -0
package/src/providers/patreon.ts +98 -0
package/src/providers/ping-id.ts +68 -0
package/src/providers/pinterest.ts +106 -0
package/src/providers/pipedrive.ts +120 -0
package/src/providers/postmark.ts +38 -0
package/src/providers/provider-types.ts +107 -0
package/src/providers/reddit.ts +104 -0
package/src/providers/resend.ts +35 -0
package/src/providers/roblox.ts +94 -0
package/src/providers/salesforce.ts +73 -0
package/src/providers/sendgrid.ts +36 -0
package/src/providers/simplelogin.ts +107 -0
package/src/providers/slack.ts +115 -0
package/src/providers/spotify.ts +99 -0
package/src/providers/strava.ts +101 -0
package/src/providers/threads.ts +135 -0
package/src/providers/tiktok.ts +319 -0
package/src/providers/todoist.ts +122 -0
package/src/providers/trakt.ts +120 -0
package/src/providers/twitch.ts +121 -0
package/src/providers/twitter.ts +207 -0
package/src/providers/united-effects.ts +89 -0
package/src/providers/vipps.ts +86 -0
package/src/providers/vk.ts +401 -0
package/src/providers/webauthn.ts +296 -0
package/src/providers/webex.ts +102 -0
package/src/providers/wechat.ts +141 -0
package/src/providers/wikimedia.ts +258 -0
package/src/providers/wordpress.ts +86 -0
package/src/providers/workos.ts +180 -0
package/src/providers/yandex.ts +159 -0
package/src/providers/zitadel.ts +128 -0
package/src/providers/zoho.ts +84 -0
package/src/providers/zoom.ts +119 -0
package/src/types.ts +430 -0
package/src/warnings.ts +21 -0
package/types.d.ts +309 -0
package/types.d.ts.map +1 -0
package/types.js +53 -0
package/warnings.d.ts +17 -0
package/warnings.d.ts.map +1 -0
package/warnings.js +1 -0

package/lib/actions/session.js ADDED Viewed

@@ -0,0 +1,127 @@
+import { JWTSessionError, SessionTokenError } from "../../errors.js";
+import { fromDate } from "../utils/date.js";
+/** Return a session object filtered via `callbacks.session` */
+export async function session(options, sessionStore, cookies, isUpdate, newSession) {
+    const { adapter, jwt, events, callbacks, logger, session: { strategy: sessionStrategy, maxAge: sessionMaxAge }, } = options;
+    const response = {
+        body: null,
+        headers: {
+            "Content-Type": "application/json",
+            ...(!isUpdate && {
+                "Cache-Control": "private, no-cache, no-store",
+                Expires: "0",
+                Pragma: "no-cache",
+            }),
+        },
+        cookies,
+    };
+    const sessionToken = sessionStore.value;
+    if (!sessionToken)
+        return response;
+    if (sessionStrategy === "jwt") {
+        try {
+            const salt = options.cookies.sessionToken.name;
+            const payload = await jwt.decode({ ...jwt, token: sessionToken, salt });
+            if (!payload)
+                throw new Error("Invalid JWT");
+            // @ts-expect-error
+            const token = await callbacks.jwt({
+                token: payload,
+                ...(isUpdate && { trigger: "update" }),
+                session: newSession,
+            });
+            const newExpires = fromDate(sessionMaxAge);
+            if (token !== null) {
+                // By default, only exposes a limited subset of information to the client
+                // as needed for presentation purposes (e.g. "you are logged in as...").
+                const session = {
+                    user: { name: token.name, email: token.email, image: token.picture },
+                    expires: newExpires.toISOString(),
+                };
+                // @ts-expect-error
+                const newSession = await callbacks.session({ session, token });
+                // Return session payload as response
+                response.body = newSession;
+                // Refresh JWT expiry by re-signing it, with an updated expiry date
+                const newToken = await jwt.encode({ ...jwt, token, salt });
+                // Set cookie, to also update expiry date on cookie
+                const sessionCookies = sessionStore.chunk(newToken, {
+                    expires: newExpires,
+                });
+                response.cookies?.push(...sessionCookies);
+                await events.session?.({ session: newSession, token });
+            }
+            else {
+                response.cookies?.push(...sessionStore.clean());
+            }
+        }
+        catch (e) {
+            logger.error(new JWTSessionError(e));
+            // If the JWT is not verifiable remove the broken session cookie(s).
+            response.cookies?.push(...sessionStore.clean());
+        }
+        return response;
+    }
+    // Retrieve session from database
+    try {
+        const { getSessionAndUser, deleteSession, updateSession } = adapter;
+        let userAndSession = await getSessionAndUser(sessionToken);
+        // If session has expired, clean up the database
+        if (userAndSession &&
+            userAndSession.session.expires.valueOf() < Date.now()) {
+            await deleteSession(sessionToken);
+            userAndSession = null;
+        }
+        if (userAndSession) {
+            const { user, session } = userAndSession;
+            const sessionUpdateAge = options.session.updateAge;
+            // Calculate last updated date to throttle write updates to database
+            // Formula: ({expiry date} - sessionMaxAge) + sessionUpdateAge
+            //     e.g. ({expiry date} - 30 days) + 1 hour
+            const sessionIsDueToBeUpdatedDate = session.expires.valueOf() -
+                sessionMaxAge * 1000 +
+                sessionUpdateAge * 1000;
+            const newExpires = fromDate(sessionMaxAge);
+            // Trigger update of session expiry date and write to database, only
+            // if the session was last updated more than {sessionUpdateAge} ago
+            if (sessionIsDueToBeUpdatedDate <= Date.now()) {
+                await updateSession({
+                    sessionToken: sessionToken,
+                    expires: newExpires,
+                });
+            }
+            // Pass Session through to the session callback
+            const sessionPayload = await callbacks.session({
+                // TODO: user already passed below,
+                // remove from session object in https://github.com/nextauthjs/next-auth/pull/9702
+                // @ts-expect-error
+                session: { ...session, user },
+                user,
+                newSession,
+                ...(isUpdate ? { trigger: "update" } : {}),
+            });
+            // Return session payload as response
+            response.body = sessionPayload;
+            // Set cookie again to update expiry
+            response.cookies?.push({
+                name: options.cookies.sessionToken.name,
+                value: sessionToken,
+                options: {
+                    ...options.cookies.sessionToken.options,
+                    expires: newExpires,
+                },
+            });
+            // @ts-expect-error
+            await events.session?.({ session: sessionPayload });
+        }
+        else if (sessionToken) {
+            // If `sessionToken` was found set but it's not valid for a session then
+            // remove the sessionToken cookie from browser.
+            response.cookies?.push(...sessionStore.clean());
+        }
+    }
+    catch (e) {
+        logger.error(new SessionTokenError(e));
+    }
+    return response;
+}

package/lib/actions/signin/authorization-url.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { InternalOptions, RequestInternal } from "../../../types.js";
+import type { Cookie } from "../../utils/cookie.js";
+/**
+ * Generates an authorization/request token URL.
+ *
+ * [OAuth 2](https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/)
+ */
+export declare function getAuthorizationUrl(query: RequestInternal["query"], options: InternalOptions<"oauth" | "oidc">): Promise<{
+    redirect: string;
+    cookies: Cookie[];
+}>;
+//# sourceMappingURL=authorization-url.d.ts.map

package/lib/actions/signin/authorization-url.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"authorization-url.d.ts","sourceRoot":"","sources":["../../../src/lib/actions/signin/authorization-url.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACzE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAA;AAGnD;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,eAAe,CAAC,OAAO,CAAC,EAC/B,OAAO,EAAE,eAAe,CAAC,OAAO,GAAG,MAAM,CAAC;;;GA4G3C"}

package/lib/actions/signin/authorization-url.js ADDED Viewed

@@ -0,0 +1,94 @@
+import * as checks from "../callback/oauth/checks.js";
+import * as o from "oauth4webapi";
+import { customFetch } from "../../symbols.js";
+/**
+ * Generates an authorization/request token URL.
+ *
+ * [OAuth 2](https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/)
+ */
+export async function getAuthorizationUrl(query, options) {
+    const { logger, provider } = options;
+    let url = provider.authorization?.url;
+    let as;
+    // Falls back to authjs.dev if the user only passed params
+    if (!url || url.host === "authjs.dev") {
+        // If url is undefined, we assume that issuer is always defined
+        // We check this in assert.ts
+        const issuer = new URL(provider.issuer);
+        const discoveryResponse = await o.discoveryRequest(issuer, {
+            [o.customFetch]: provider[customFetch],
+            // TODO: move away from allowing insecure HTTP requests
+            [o.allowInsecureRequests]: true,
+        });
+        const as = await o
+            .processDiscoveryResponse(issuer, discoveryResponse)
+            .catch((error) => {
+            if (!(error instanceof TypeError) || error.message !== "Invalid URL")
+                throw error;
+            throw new TypeError(`Discovery request responded with an invalid issuer. expected: ${issuer}`);
+        });
+        if (!as.authorization_endpoint) {
+            throw new TypeError("Authorization server did not provide an authorization endpoint.");
+        }
+        url = new URL(as.authorization_endpoint);
+    }
+    const authParams = url.searchParams;
+    let redirect_uri = provider.callbackUrl;
+    let data;
+    if (!options.isOnRedirectProxy && provider.redirectProxyUrl) {
+        redirect_uri = provider.redirectProxyUrl;
+        data = provider.callbackUrl;
+        logger.debug("using redirect proxy", { redirect_uri, data });
+    }
+    const params = Object.assign({
+        response_type: "code",
+        // clientId can technically be undefined, should we check this in assert.ts or rely on the Authorization Server to do it?
+        client_id: provider.clientId,
+        redirect_uri,
+        // @ts-expect-error TODO:
+        ...provider.authorization?.params,
+    }, Object.fromEntries(provider.authorization?.url.searchParams ?? []), query);
+    for (const k in params)
+        authParams.set(k, params[k]);
+    const cookies = [];
+    if (
+    // Otherwise "POST /redirect_uri" wouldn't include the cookies
+    provider.authorization?.url.searchParams.get("response_mode") ===
+        "form_post") {
+        options.cookies.state.options.sameSite = "none";
+        options.cookies.state.options.secure = true;
+        options.cookies.nonce.options.sameSite = "none";
+        options.cookies.nonce.options.secure = true;
+    }
+    const state = await checks.state.create(options, data);
+    if (state) {
+        authParams.set("state", state.value);
+        cookies.push(state.cookie);
+    }
+    if (provider.checks?.includes("pkce")) {
+        if (as && !as.code_challenge_methods_supported?.includes("S256")) {
+            // We assume S256 PKCE support, if the server does not advertise that,
+            // a random `nonce` must be used for CSRF protection.
+            if (provider.type === "oidc")
+                provider.checks = ["nonce"];
+        }
+        else {
+            const { value, cookie } = await checks.pkce.create(options);
+            authParams.set("code_challenge", value);
+            authParams.set("code_challenge_method", "S256");
+            cookies.push(cookie);
+        }
+    }
+    const nonce = await checks.nonce.create(options);
+    if (nonce) {
+        authParams.set("nonce", nonce.value);
+        cookies.push(nonce.cookie);
+    }
+    // TODO: This does not work in normalizeOAuth because authorization endpoint can come from discovery
+    // Need to make normalizeOAuth async
+    if (provider.type === "oidc" && !url.searchParams.has("scope")) {
+        url.searchParams.set("scope", "openid profile email");
+    }
+    logger.debug("authorization url is ready", { url, cookies, provider });
+    return { redirect: url.toString(), cookies };
+}

package/lib/actions/signin/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { Cookie } from "../../utils/cookie.js";
+import type { InternalOptions, RequestInternal, ResponseInternal } from "../../../types.js";
+export declare function signIn(request: RequestInternal, cookies: Cookie[], options: InternalOptions): Promise<ResponseInternal>;
+//# sourceMappingURL=index.d.ts.map

package/lib/actions/signin/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/actions/signin/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAA;AACnD,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EACjB,MAAM,mBAAmB,CAAA;AAE1B,wBAAsB,MAAM,CAC1B,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,MAAM,EAAE,EACjB,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,gBAAgB,CAAC,CAsB3B"}

package/lib/actions/signin/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+import { getAuthorizationUrl } from "./authorization-url.js";
+import { sendToken } from "./send-token.js";
+export async function signIn(request, cookies, options) {
+    const signInUrl = `${options.url.origin}${options.basePath}/signin`;
+    if (!options.provider)
+        return { redirect: signInUrl, cookies };
+    switch (options.provider.type) {
+        case "oauth":
+        case "oidc": {
+            const { redirect, cookies: authCookies } = await getAuthorizationUrl(request.query, options);
+            if (authCookies)
+                cookies.push(...authCookies);
+            return { redirect, cookies };
+        }
+        case "email": {
+            const response = await sendToken(request, options);
+            return { ...response, cookies };
+        }
+        default:
+            return { redirect: signInUrl, cookies };
+    }
+}

package/lib/actions/signin/send-token.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { InternalOptions, RequestInternal } from "../../../types.js";
+/**
+ * Starts an e-mail login flow, by generating a token,
+ * and sending it to the user's e-mail (with the help of a DB adapter).
+ * At the end, it returns a redirect to the `verify-request` page.
+ */
+export declare function sendToken(request: RequestInternal, options: InternalOptions<"email">): Promise<{
+    redirect: string;
+}>;
+//# sourceMappingURL=send-token.d.ts.map

package/lib/actions/signin/send-token.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"send-token.d.ts","sourceRoot":"","sources":["../../../src/lib/actions/signin/send-token.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAGzE;;;;GAIG;AACH,wBAAsB,SAAS,CAC7B,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,eAAe,CAAC,OAAO,CAAC;;GA8ElC"}

package/lib/actions/signin/send-token.js ADDED Viewed

@@ -0,0 +1,98 @@
+import { createHash, randomString, toRequest } from "../../utils/web.js";
+import { AccessDenied } from "../../../errors.js";
+/**
+ * Starts an e-mail login flow, by generating a token,
+ * and sending it to the user's e-mail (with the help of a DB adapter).
+ * At the end, it returns a redirect to the `verify-request` page.
+ */
+export async function sendToken(request, options) {
+    const { body } = request;
+    const { provider, callbacks, adapter } = options;
+    const normalizer = provider.normalizeIdentifier ?? defaultNormalizer;
+    const email = normalizer(body?.email);
+    const defaultUser = { id: crypto.randomUUID(), email, emailVerified: null };
+    const user = (await adapter.getUserByEmail(email)) ?? defaultUser;
+    const account = {
+        providerAccountId: email,
+        userId: user.id,
+        type: "email",
+        provider: provider.id,
+    };
+    let authorized;
+    try {
+        authorized = await callbacks.signIn({
+            user,
+            account,
+            email: { verificationRequest: true },
+        });
+    }
+    catch (e) {
+        throw new AccessDenied(e);
+    }
+    if (!authorized)
+        throw new AccessDenied("AccessDenied");
+    if (typeof authorized === "string") {
+        return {
+            redirect: await callbacks.redirect({
+                url: authorized,
+                baseUrl: options.url.origin,
+            }),
+        };
+    }
+    const { callbackUrl, theme } = options;
+    const token = (await provider.generateVerificationToken?.()) ?? randomString(32);
+    const ONE_DAY_IN_SECONDS = 86400;
+    const expires = new Date(Date.now() + (provider.maxAge ?? ONE_DAY_IN_SECONDS) * 1000);
+    const secret = provider.secret ?? options.secret;
+    const baseUrl = new URL(options.basePath, options.url.origin);
+    const sendRequest = provider.sendVerificationRequest({
+        identifier: email,
+        token,
+        expires,
+        url: `${baseUrl}/callback/${provider.id}?${new URLSearchParams({
+            callbackUrl,
+            token,
+            email,
+        })}`,
+        provider,
+        theme,
+        request: toRequest(request),
+    });
+    const createToken = adapter.createVerificationToken?.({
+        identifier: email,
+        token: await createHash(`${token}${secret}`),
+        expires,
+    });
+    await Promise.all([sendRequest, createToken]);
+    return {
+        redirect: `${baseUrl}/verify-request?${new URLSearchParams({
+            provider: provider.id,
+            type: provider.type,
+        })}`,
+    };
+}
+function defaultNormalizer(email) {
+    if (!email)
+        throw new Error("Missing email from request body.");
+    const trimmedEmail = email.toLowerCase().trim();
+    // Reject email addresses with quotes to prevent address parser confusion
+    // This prevents attacks like "attacker@evil.com"@victim.com
+    if (trimmedEmail.includes('"')) {
+        throw new Error("Invalid email address format.");
+    }
+    // Get the first two elements only,
+    // separated by `@` from user input.
+    let [local, domain] = trimmedEmail.split("@");
+    // Validate that we have exactly 2 parts (local and domain)
+    if (!local || !domain || trimmedEmail.split("@").length !== 2) {
+        throw new Error("Invalid email address format.");
+    }
+    // The part before "@" can contain a ","
+    // but we remove it on the domain part
+    domain = domain.split(",")[0];
+    // Additional validation: domain should not be empty after comma split
+    if (!domain) {
+        throw new Error("Invalid email address format.");
+    }
+    return `${local}@${domain}`;
+}

package/lib/actions/signout.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { InternalOptions, ResponseInternal } from "../../types.js";
+import type { Cookie, SessionStore } from "../utils/cookie.js";
+/**
+ * Destroys the session.
+ * If the session strategy is database,
+ * The session is also deleted from the database.
+ * In any case, the session cookie is cleared and
+ * {@link AuthConfig["events"].signOut} is emitted.
+ */
+export declare function signOut(cookies: Cookie[], sessionStore: SessionStore, options: InternalOptions): Promise<ResponseInternal>;
+//# sourceMappingURL=signout.d.ts.map

package/lib/actions/signout.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"signout.d.ts","sourceRoot":"","sources":["../../src/lib/actions/signout.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACvE,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAE9D;;;;;;GAMG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,MAAM,EAAE,EACjB,YAAY,EAAE,YAAY,EAC1B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,gBAAgB,CAAC,CAqB3B"}

package/lib/actions/signout.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { SignOutError } from "../../errors.js";
+/**
+ * Destroys the session.
+ * If the session strategy is database,
+ * The session is also deleted from the database.
+ * In any case, the session cookie is cleared and
+ * {@link AuthConfig["events"].signOut} is emitted.
+ */
+export async function signOut(cookies, sessionStore, options) {
+    const { jwt, events, callbackUrl: redirect, logger, session } = options;
+    const sessionToken = sessionStore.value;
+    if (!sessionToken)
+        return { redirect, cookies };
+    try {
+        if (session.strategy === "jwt") {
+            const salt = options.cookies.sessionToken.name;
+            const token = await jwt.decode({ ...jwt, token: sessionToken, salt });
+            await events.signOut?.({ token });
+        }
+        else {
+            const session = await options.adapter?.deleteSession(sessionToken);
+            await events.signOut?.({ session });
+        }
+    }
+    catch (e) {
+        logger.error(new SignOutError(e));
+    }
+    cookies.push(...sessionStore.clean());
+    return { redirect, cookies };
+}

package/lib/actions/webauthn-options.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { InternalOptions, RequestInternal, ResponseInternal } from "../../types.js";
+import type { Cookie, SessionStore } from "../utils/cookie.js";
+/**
+ * Returns authentication or registration options for a WebAuthn flow
+ * depending on the parameters provided.
+ */
+export declare function webAuthnOptions(request: RequestInternal, options: InternalOptions, sessionStore: SessionStore, cookies: Cookie[]): Promise<ResponseInternal>;
+//# sourceMappingURL=webauthn-options.d.ts.map

package/lib/actions/webauthn-options.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"webauthn-options.d.ts","sourceRoot":"","sources":["../../src/lib/actions/webauthn-options.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAEjB,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAS9D;;;GAGG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,eAAe,EACxB,YAAY,EAAE,YAAY,EAC1B,OAAO,EAAE,MAAM,EAAE,GAEhB,OAAO,CAAC,gBAAgB,CAAC,CA0E3B"}

package/lib/actions/webauthn-options.js ADDED Viewed

@@ -0,0 +1,60 @@
+import { getLoggedInUser } from "../utils/session.js";
+import { assertInternalOptionsWebAuthn, inferWebAuthnOptions, getAuthenticationResponse, getRegistrationResponse, } from "../utils/webauthn-utils.js";
+/**
+ * Returns authentication or registration options for a WebAuthn flow
+ * depending on the parameters provided.
+ */
+export async function webAuthnOptions(request, options, sessionStore, cookies
+// @ts-expect-error issue with returning from a switch case
+) {
+    // Return an error if the adapter is missing or if the provider
+    // is not a webauthn provider.
+    const narrowOptions = assertInternalOptionsWebAuthn(options);
+    const { provider } = narrowOptions;
+    // Extract the action from the query parameters
+    const { action } = (request.query ?? {});
+    // Action must be either "register", "authenticate", or undefined
+    if (action !== "register" &&
+        action !== "authenticate" &&
+        typeof action !== "undefined") {
+        return {
+            status: 400,
+            body: { error: "Invalid action" },
+            cookies,
+            headers: {
+                "Content-Type": "application/json",
+            },
+        };
+    }
+    // Get the user info from the session
+    const sessionUser = await getLoggedInUser(options, sessionStore);
+    // Extract user info from request
+    // If session user exists, we don't need to call getUserInfo
+    const getUserInfoResponse = sessionUser
+        ? {
+            user: sessionUser,
+            exists: true,
+        }
+        : await provider.getUserInfo(options, request);
+    const userInfo = getUserInfoResponse?.user;
+    // Make a decision on what kind of webauthn options to return
+    const decision = inferWebAuthnOptions(action, !!sessionUser, getUserInfoResponse);
+    switch (decision) {
+        case "authenticate":
+            return getAuthenticationResponse(narrowOptions, request, userInfo, cookies);
+        case "register":
+            if (typeof userInfo?.email === "string") {
+                return getRegistrationResponse(narrowOptions, request, userInfo, cookies);
+            }
+            break;
+        default:
+            return {
+                status: 400,
+                body: { error: "Invalid request" },
+                cookies,
+                headers: {
+                    "Content-Type": "application/json",
+                },
+            };
+    }
+}

package/lib/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { customFetch, raw, skipCSRFCheck } from "./symbols.js";
2	+ //# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/lib/index.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA"}

package/lib/index.js ADDED Viewed

@@ -0,0 +1,70 @@
+import { UnknownAction } from "../errors.js";
+import { SessionStore } from "./utils/cookie.js";
+import { init } from "./init.js";
+import renderPage from "./pages/index.js";
+import * as actions from "./actions/index.js";
+import { validateCSRF } from "./actions/callback/oauth/csrf-token.js";
+import { skipCSRFCheck } from "./symbols.js";
+export { customFetch, raw, skipCSRFCheck } from "./symbols.js";
+/** @internal */
+export async function AuthInternal(request, authOptions) {
+    const { action, providerId, error, method } = request;
+    const csrfDisabled = authOptions.skipCSRFCheck === skipCSRFCheck;
+    const { options, cookies } = await init({
+        authOptions,
+        action,
+        providerId,
+        url: request.url,
+        callbackUrl: request.body?.callbackUrl ?? request.query?.callbackUrl,
+        csrfToken: request.body?.csrfToken,
+        cookies: request.cookies,
+        isPost: method === "POST",
+        csrfDisabled,
+    });
+    const sessionStore = new SessionStore(options.cookies.sessionToken, request.cookies, options.logger);
+    if (method === "GET") {
+        const render = renderPage({ ...options, query: request.query, cookies });
+        switch (action) {
+            case "callback":
+                return await actions.callback(request, options, sessionStore, cookies);
+            case "csrf":
+                return render.csrf(csrfDisabled, options, cookies);
+            case "error":
+                return render.error(error);
+            case "providers":
+                return render.providers(options.providers);
+            case "session":
+                return await actions.session(options, sessionStore, cookies);
+            case "signin":
+                return render.signin(providerId, error);
+            case "signout":
+                return render.signout();
+            case "verify-request":
+                return render.verifyRequest();
+            case "webauthn-options":
+                return await actions.webAuthnOptions(request, options, sessionStore, cookies);
+            default:
+        }
+    }
+    else {
+        const { csrfTokenVerified } = options;
+        switch (action) {
+            case "callback":
+                if (options.provider.type === "credentials")
+                    // Verified CSRF Token required for credentials providers only
+                    validateCSRF(action, csrfTokenVerified);
+                return await actions.callback(request, options, sessionStore, cookies);
+            case "session":
+                validateCSRF(action, csrfTokenVerified);
+                return await actions.session(options, sessionStore, cookies, true, request.body?.data);
+            case "signin":
+                validateCSRF(action, csrfTokenVerified);
+                return await actions.signIn(request, cookies, options);
+            case "signout":
+                validateCSRF(action, csrfTokenVerified);
+                return await actions.signOut(cookies, sessionStore, options);
+            default:
+        }
+    }
+    throw new UnknownAction(`Cannot handle action: ${action}`);
+}

package/lib/init.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import * as cookie from "./utils/cookie.js";
+import type { InternalOptions, RequestInternal } from "../types.js";
+import type { AuthConfig } from "../index.js";
+interface InitParams {
+    url: URL;
+    authOptions: AuthConfig;
+    providerId?: string;
+    action: InternalOptions["action"];
+    /** Callback URL value extracted from the incoming request. */
+    callbackUrl?: string;
+    /** CSRF token value extracted from the incoming request. From body if POST, from query if GET */
+    csrfToken?: string;
+    /** Is the incoming request a POST request? */
+    csrfDisabled: boolean;
+    isPost: boolean;
+    cookies: RequestInternal["cookies"];
+}
+export declare const defaultCallbacks: InternalOptions["callbacks"];
+/** Initialize all internal options and cookies. */
+export declare function init({ authOptions: config, providerId, action, url, cookies: reqCookies, callbackUrl: reqCallbackUrl, csrfToken: reqCsrfToken, csrfDisabled, isPost, }: InitParams): Promise<{
+    options: InternalOptions;
+    cookies: cookie.Cookie[];
+}>;
+export {};
+//# sourceMappingURL=init.d.ts.map

package/lib/init.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/lib/init.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,MAAM,MAAM,mBAAmB,CAAA;AAQ3C,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAG7C,UAAU,UAAU;IAClB,GAAG,EAAE,GAAG,CAAA;IACR,WAAW,EAAE,UAAU,CAAA;IACvB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;IACjC,8DAA8D;IAC9D,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,iGAAiG;IACjG,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,8CAA8C;IAC9C,YAAY,EAAE,OAAO,CAAA;IACrB,MAAM,EAAE,OAAO,CAAA;IACf,OAAO,EAAE,eAAe,CAAC,SAAS,CAAC,CAAA;CACpC;AAED,eAAO,MAAM,gBAAgB,EAAE,eAAe,CAAC,WAAW,CAsBzD,CAAA;AAED,mDAAmD;AACnD,wBAAsB,IAAI,CAAC,EACzB,WAAW,EAAE,MAAM,EACnB,UAAU,EACV,MAAM,EACN,GAAG,EACH,OAAO,EAAE,UAAU,EACnB,WAAW,EAAE,cAAc,EAC3B,SAAS,EAAE,YAAY,EACvB,YAAY,EACZ,MAAM,GACP,EAAE,UAAU,GAAG,OAAO,CAAC;IACtB,OAAO,EAAE,eAAe,CAAA;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,CAAA;CACzB,CAAC,CA6HD"}