@payez/next-mvp 4.1.0 → 4.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/dist/auth/better-auth.d.ts +3 -0
  2. package/dist/auth/better-auth.js +22 -1
  3. package/dist/client/better-auth-client.d.ts +407 -218
  4. package/dist/client/better-auth-client.js +3 -1
  5. package/dist/lib/ensure-fresh-access-token.d.ts +30 -0
  6. package/dist/lib/ensure-fresh-access-token.js +269 -0
  7. package/dist/lib/session-store.js +24 -21
  8. package/dist/lib/token-lifecycle.js +2 -0
  9. package/dist/models/SessionModel.d.ts +3 -0
  10. package/dist/models/SessionModel.js +3 -0
  11. package/dist/routes/auth/session.js +1 -1
  12. package/dist/server/auth.d.ts +59 -0
  13. package/dist/server/auth.js +156 -16
  14. package/dist/server/decode-session.js +2 -0
  15. package/package.json +6 -1
  16. package/src/auth/better-auth.ts +434 -408
  17. package/src/client/better-auth-client.ts +2 -0
  18. package/src/lib/ensure-fresh-access-token.ts +320 -0
  19. package/src/lib/session-store.ts +692 -689
  20. package/src/lib/token-lifecycle.ts +470 -468
  21. package/src/models/SessionModel.ts +264 -258
  22. package/src/routes/auth/session.ts +166 -166
  23. package/src/server/auth.ts +272 -78
  24. package/src/server/decode-session.ts +202 -200
package/dist/auth/better-auth.d.ts CHANGED
@@ -18,6 +18,9 @@ export interface BetterAuthSocialProvider {
18
18
  clientId: string;
19
19
  clientSecret: string;
20
20
  scope?: string[];
21
+ prompt?: string;
22
+ accessType?: 'offline' | 'online';
23
+ hd?: string;
21
24
  }
22
25
  /**
23
26
  * Build Better Auth social providers from IDP config.
package/dist/auth/better-auth.js CHANGED
@@ -69,10 +69,28 @@ function buildBetterAuthProviders(config) {
69
69
  if (!oauth.enabled)
70
70
  continue;
71
71
  const name = oauth.provider.toLowerCase();
72
+ const additionalParams = oauth.additionalParams ?? {};
73
+ const rawPrompt = additionalParams.prompt;
74
+ const rawAccessType = additionalParams.accessType ?? additionalParams.access_type;
75
+ const rawHostedDomain = additionalParams.hd;
76
+ // Ensure profile scope is present for Google so avatar image is returned
77
+ const scopes = oauth.scopes?.split(' ') || [];
78
+ if (name === 'google' && !scopes.includes('profile')) {
79
+ scopes.push('profile');
80
+ }
72
81
  providers[name] = {
73
82
  clientId: oauth.clientId,
74
83
  clientSecret: oauth.clientSecret,
75
- scope: oauth.scopes?.split(' '),
84
+ scope: scopes.length > 0 ? scopes : undefined,
85
+ // Google is overly eager to reuse the last account unless we
86
+ // explicitly ask for account selection on each social login.
87
+ prompt: typeof rawPrompt === 'string'
88
+ ? rawPrompt
89
+ : name === 'google'
90
+ ? 'select_account'
91
+ : undefined,
92
+ accessType: rawAccessType === 'online' ? 'online' : rawAccessType === 'offline' ? 'offline' : undefined,
93
+ hd: typeof rawHostedDomain === 'string' ? rawHostedDomain : undefined,
76
94
  };
77
95
  }
78
96
  return providers;
@@ -301,8 +319,11 @@ async function exchangeOAuthForIdpTokens(sessionToken, provider = 'google') {
301
319
  userId: String(result.user?.user_id || result.user?.id || result.user_id || baUserId),
302
320
  email: result.user?.email || result.email || email,
303
321
  name: result.user?.full_name || result.user?.name || result.name || name,
322
+ image: image,
304
323
  roles: result.user?.roles || result.roles || [],
305
324
  mfaVerified: !requiresTwoFactor,
325
+ idpClientId: result.client_id ? String(result.client_id) : undefined,
326
+ merchantId: result.merchant_id ? String(result.merchant_id) : undefined,
306
327
  };
307
328
  // Store in BA Redis session (for decodeSession)
308
329
  baData.idpTokens = idpTokenData;