@sirketio/auth 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_virtual/_rolldown/runtime.mjs +36 -0
- package/dist/adapter/index.d.mts +4 -0
- package/dist/adapter/index.mjs +7 -0
- package/dist/api/index.d.mts +3872 -0
- package/dist/api/index.mjs +206 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/api/middlewares/index.d.mts +1 -0
- package/dist/api/middlewares/index.mjs +3 -0
- package/dist/api/middlewares/origin-check.d.mts +18 -0
- package/dist/api/middlewares/origin-check.mjs +140 -0
- package/dist/api/middlewares/origin-check.mjs.map +1 -0
- package/dist/api/rate-limiter/index.mjs +204 -0
- package/dist/api/rate-limiter/index.mjs.map +1 -0
- package/dist/api/routes/account.d.mts +410 -0
- package/dist/api/routes/account.mjs +493 -0
- package/dist/api/routes/account.mjs.map +1 -0
- package/dist/api/routes/callback.d.mts +31 -0
- package/dist/api/routes/callback.mjs +179 -0
- package/dist/api/routes/callback.mjs.map +1 -0
- package/dist/api/routes/email-verification.d.mts +161 -0
- package/dist/api/routes/email-verification.mjs +299 -0
- package/dist/api/routes/email-verification.mjs.map +1 -0
- package/dist/api/routes/error.d.mts +28 -0
- package/dist/api/routes/error.mjs +386 -0
- package/dist/api/routes/error.mjs.map +1 -0
- package/dist/api/routes/index.d.mts +11 -0
- package/dist/api/routes/index.mjs +13 -0
- package/dist/api/routes/ok.d.mts +36 -0
- package/dist/api/routes/ok.mjs +30 -0
- package/dist/api/routes/ok.mjs.map +1 -0
- package/dist/api/routes/password.d.mts +182 -0
- package/dist/api/routes/password.mjs +198 -0
- package/dist/api/routes/password.mjs.map +1 -0
- package/dist/api/routes/session.d.mts +415 -0
- package/dist/api/routes/session.mjs +483 -0
- package/dist/api/routes/session.mjs.map +1 -0
- package/dist/api/routes/sign-in.d.mts +171 -0
- package/dist/api/routes/sign-in.mjs +263 -0
- package/dist/api/routes/sign-in.mjs.map +1 -0
- package/dist/api/routes/sign-out.d.mts +36 -0
- package/dist/api/routes/sign-out.mjs +33 -0
- package/dist/api/routes/sign-out.mjs.map +1 -0
- package/dist/api/routes/sign-up.d.mts +160 -0
- package/dist/api/routes/sign-up.mjs +227 -0
- package/dist/api/routes/sign-up.mjs.map +1 -0
- package/dist/api/routes/update-user.d.mts +445 -0
- package/dist/api/routes/update-user.mjs +493 -0
- package/dist/api/routes/update-user.mjs.map +1 -0
- package/dist/api/state/oauth.d.mts +18 -0
- package/dist/api/state/oauth.mjs +8 -0
- package/dist/api/state/oauth.mjs.map +1 -0
- package/dist/api/state/should-session-refresh.d.mts +13 -0
- package/dist/api/state/should-session-refresh.mjs +16 -0
- package/dist/api/state/should-session-refresh.mjs.map +1 -0
- package/dist/api/to-auth-endpoints.mjs +197 -0
- package/dist/api/to-auth-endpoints.mjs.map +1 -0
- package/dist/auth/base.mjs +45 -0
- package/dist/auth/base.mjs.map +1 -0
- package/dist/auth/minimal.d.mts +12 -0
- package/dist/auth/minimal.mjs +14 -0
- package/dist/auth/minimal.mjs.map +1 -0
- package/dist/auth/trusted-origins.mjs +31 -0
- package/dist/auth/trusted-origins.mjs.map +1 -0
- package/dist/client/broadcast-channel.d.mts +20 -0
- package/dist/client/broadcast-channel.mjs +46 -0
- package/dist/client/broadcast-channel.mjs.map +1 -0
- package/dist/client/config.mjs +90 -0
- package/dist/client/config.mjs.map +1 -0
- package/dist/client/fetch-plugins.mjs +18 -0
- package/dist/client/fetch-plugins.mjs.map +1 -0
- package/dist/client/focus-manager.d.mts +11 -0
- package/dist/client/focus-manager.mjs +32 -0
- package/dist/client/focus-manager.mjs.map +1 -0
- package/dist/client/index.d.mts +33 -0
- package/dist/client/index.mjs +21 -0
- package/dist/client/index.mjs.map +1 -0
- package/dist/client/online-manager.d.mts +12 -0
- package/dist/client/online-manager.mjs +35 -0
- package/dist/client/online-manager.mjs.map +1 -0
- package/dist/client/parser.mjs +73 -0
- package/dist/client/parser.mjs.map +1 -0
- package/dist/client/path-to-object.d.mts +65 -0
- package/dist/client/plugins/index.d.mts +53 -0
- package/dist/client/plugins/index.mjs +30 -0
- package/dist/client/plugins/infer-plugin.d.mts +16 -0
- package/dist/client/plugins/infer-plugin.mjs +11 -0
- package/dist/client/plugins/infer-plugin.mjs.map +1 -0
- package/dist/client/proxy.mjs +79 -0
- package/dist/client/proxy.mjs.map +1 -0
- package/dist/client/query.d.mts +23 -0
- package/dist/client/query.mjs +98 -0
- package/dist/client/query.mjs.map +1 -0
- package/dist/client/react/index.d.mts +128 -0
- package/dist/client/react/index.mjs +24 -0
- package/dist/client/react/index.mjs.map +1 -0
- package/dist/client/react/react-store.d.mts +47 -0
- package/dist/client/react/react-store.mjs +47 -0
- package/dist/client/react/react-store.mjs.map +1 -0
- package/dist/client/session-atom.mjs +29 -0
- package/dist/client/session-atom.mjs.map +1 -0
- package/dist/client/session-refresh.d.mts +28 -0
- package/dist/client/session-refresh.mjs +140 -0
- package/dist/client/session-refresh.mjs.map +1 -0
- package/dist/client/types.d.mts +41 -0
- package/dist/client/vanilla.d.mts +127 -0
- package/dist/client/vanilla.mjs +20 -0
- package/dist/client/vanilla.mjs.map +1 -0
- package/dist/context/create-context.mjs +211 -0
- package/dist/context/create-context.mjs.map +1 -0
- package/dist/context/helpers.mjs +83 -0
- package/dist/context/helpers.mjs.map +1 -0
- package/dist/context/init.mjs +20 -0
- package/dist/context/init.mjs.map +1 -0
- package/dist/cookies/cookie-utils.d.mts +29 -0
- package/dist/cookies/cookie-utils.mjs +105 -0
- package/dist/cookies/cookie-utils.mjs.map +1 -0
- package/dist/cookies/index.d.mts +121 -0
- package/dist/cookies/index.mjs +261 -0
- package/dist/cookies/index.mjs.map +1 -0
- package/dist/cookies/session-store.d.mts +36 -0
- package/dist/cookies/session-store.mjs +200 -0
- package/dist/cookies/session-store.mjs.map +1 -0
- package/dist/crypto/buffer.d.mts +8 -0
- package/dist/crypto/buffer.mjs +18 -0
- package/dist/crypto/buffer.mjs.map +1 -0
- package/dist/crypto/index.d.mts +27 -0
- package/dist/crypto/index.mjs +38 -0
- package/dist/crypto/index.mjs.map +1 -0
- package/dist/crypto/jwt.d.mts +8 -0
- package/dist/crypto/jwt.mjs +95 -0
- package/dist/crypto/jwt.mjs.map +1 -0
- package/dist/crypto/password.d.mts +12 -0
- package/dist/crypto/password.mjs +36 -0
- package/dist/crypto/password.mjs.map +1 -0
- package/dist/crypto/random.d.mts +5 -0
- package/dist/crypto/random.mjs +8 -0
- package/dist/crypto/random.mjs.map +1 -0
- package/dist/db/adapter-base.d.mts +8 -0
- package/dist/db/adapter-base.mjs +19 -0
- package/dist/db/adapter-base.mjs.map +1 -0
- package/dist/db/field-converter.d.mts +8 -0
- package/dist/db/field-converter.mjs +21 -0
- package/dist/db/field-converter.mjs.map +1 -0
- package/dist/db/field.d.mts +42 -0
- package/dist/db/get-schema.d.mts +11 -0
- package/dist/db/get-schema.mjs +39 -0
- package/dist/db/get-schema.mjs.map +1 -0
- package/dist/db/index.d.mts +18 -0
- package/dist/db/index.mjs +34 -0
- package/dist/db/index.mjs.map +1 -0
- package/dist/db/internal-adapter.d.mts +14 -0
- package/dist/db/internal-adapter.mjs +616 -0
- package/dist/db/internal-adapter.mjs.map +1 -0
- package/dist/db/schema.d.mts +49 -0
- package/dist/db/schema.mjs +118 -0
- package/dist/db/schema.mjs.map +1 -0
- package/dist/db/to-zod.d.mts +36 -0
- package/dist/db/to-zod.mjs +26 -0
- package/dist/db/to-zod.mjs.map +1 -0
- package/dist/db/verification-token-storage.mjs +28 -0
- package/dist/db/verification-token-storage.mjs.map +1 -0
- package/dist/db/with-hooks.d.mts +33 -0
- package/dist/db/with-hooks.mjs +159 -0
- package/dist/db/with-hooks.mjs.map +1 -0
- package/dist/index.d.mts +53 -0
- package/dist/index.mjs +27 -0
- package/dist/integrations/next-js.d.mts +29 -0
- package/dist/integrations/next-js.mjs +85 -0
- package/dist/integrations/next-js.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +5 -0
- package/dist/oauth2/index.mjs +7 -0
- package/dist/oauth2/link-account.d.mts +48 -0
- package/dist/oauth2/link-account.mjs +143 -0
- package/dist/oauth2/link-account.mjs.map +1 -0
- package/dist/oauth2/state.d.mts +26 -0
- package/dist/oauth2/state.mjs +51 -0
- package/dist/oauth2/state.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +31 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/plugins/access/access.d.mts +30 -0
- package/dist/plugins/access/access.mjs +46 -0
- package/dist/plugins/access/access.mjs.map +1 -0
- package/dist/plugins/access/index.d.mts +3 -0
- package/dist/plugins/access/index.mjs +3 -0
- package/dist/plugins/access/types.d.mts +17 -0
- package/dist/plugins/additional-fields/client.d.mts +96 -0
- package/dist/plugins/additional-fields/client.mjs +11 -0
- package/dist/plugins/additional-fields/client.mjs.map +1 -0
- package/dist/plugins/admin/access/index.d.mts +2 -0
- package/dist/plugins/admin/access/index.mjs +3 -0
- package/dist/plugins/admin/access/statement.d.mts +118 -0
- package/dist/plugins/admin/access/statement.mjs +53 -0
- package/dist/plugins/admin/access/statement.mjs.map +1 -0
- package/dist/plugins/admin/admin.d.mts +911 -0
- package/dist/plugins/admin/admin.mjs +95 -0
- package/dist/plugins/admin/admin.mjs.map +1 -0
- package/dist/plugins/admin/client.d.mts +76 -0
- package/dist/plugins/admin/client.mjs +36 -0
- package/dist/plugins/admin/client.mjs.map +1 -0
- package/dist/plugins/admin/error-codes.d.mts +29 -0
- package/dist/plugins/admin/error-codes.mjs +30 -0
- package/dist/plugins/admin/error-codes.mjs.map +1 -0
- package/dist/plugins/admin/has-permission.mjs +16 -0
- package/dist/plugins/admin/has-permission.mjs.map +1 -0
- package/dist/plugins/admin/index.d.mts +3 -0
- package/dist/plugins/admin/index.mjs +3 -0
- package/dist/plugins/admin/routes.mjs +841 -0
- package/dist/plugins/admin/routes.mjs.map +1 -0
- package/dist/plugins/admin/schema.d.mts +40 -0
- package/dist/plugins/admin/schema.mjs +34 -0
- package/dist/plugins/admin/schema.mjs.map +1 -0
- package/dist/plugins/admin/types.d.mts +89 -0
- package/dist/plugins/api-key/adapter.mjs +468 -0
- package/dist/plugins/api-key/adapter.mjs.map +1 -0
- package/dist/plugins/api-key/client.d.mts +46 -0
- package/dist/plugins/api-key/client.mjs +19 -0
- package/dist/plugins/api-key/client.mjs.map +1 -0
- package/dist/plugins/api-key/error-codes.d.mts +33 -0
- package/dist/plugins/api-key/error-codes.mjs +34 -0
- package/dist/plugins/api-key/error-codes.mjs.map +1 -0
- package/dist/plugins/api-key/index.d.mts +1251 -0
- package/dist/plugins/api-key/index.mjs +134 -0
- package/dist/plugins/api-key/index.mjs.map +1 -0
- package/dist/plugins/api-key/rate-limit.mjs +74 -0
- package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/index.mjs +71 -0
- package/dist/plugins/api-key/routes/index.mjs.map +1 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs +224 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/schema.d.mts +199 -0
- package/dist/plugins/api-key/schema.mjs +130 -0
- package/dist/plugins/api-key/schema.mjs.map +1 -0
- package/dist/plugins/api-key/types.d.mts +346 -0
- package/dist/plugins/bearer/index.d.mts +45 -0
- package/dist/plugins/bearer/index.mjs +66 -0
- package/dist/plugins/bearer/index.mjs.map +1 -0
- package/dist/plugins/captcha/constants.d.mts +10 -0
- package/dist/plugins/captcha/constants.mjs +22 -0
- package/dist/plugins/captcha/constants.mjs.map +1 -0
- package/dist/plugins/captcha/error-codes.mjs +16 -0
- package/dist/plugins/captcha/error-codes.mjs.map +1 -0
- package/dist/plugins/captcha/index.d.mts +21 -0
- package/dist/plugins/captcha/index.mjs +62 -0
- package/dist/plugins/captcha/index.mjs.map +1 -0
- package/dist/plugins/captcha/types.d.mts +28 -0
- package/dist/plugins/captcha/utils.mjs +11 -0
- package/dist/plugins/captcha/utils.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs +28 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +26 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +30 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +28 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
- package/dist/plugins/custom-session/client.d.mts +17 -0
- package/dist/plugins/custom-session/client.mjs +11 -0
- package/dist/plugins/custom-session/client.mjs.map +1 -0
- package/dist/plugins/custom-session/index.d.mts +72 -0
- package/dist/plugins/custom-session/index.mjs +78 -0
- package/dist/plugins/custom-session/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/client.d.mts +17 -0
- package/dist/plugins/device-authorization/client.mjs +18 -0
- package/dist/plugins/device-authorization/client.mjs.map +1 -0
- package/dist/plugins/device-authorization/error-codes.mjs +21 -0
- package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
- package/dist/plugins/device-authorization/index.d.mts +424 -0
- package/dist/plugins/device-authorization/index.mjs +50 -0
- package/dist/plugins/device-authorization/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/routes.mjs +510 -0
- package/dist/plugins/device-authorization/routes.mjs.map +1 -0
- package/dist/plugins/device-authorization/schema.mjs +57 -0
- package/dist/plugins/device-authorization/schema.mjs.map +1 -0
- package/dist/plugins/email-otp/client.d.mts +21 -0
- package/dist/plugins/email-otp/client.mjs +18 -0
- package/dist/plugins/email-otp/client.mjs.map +1 -0
- package/dist/plugins/email-otp/error-codes.d.mts +11 -0
- package/dist/plugins/email-otp/error-codes.mjs +12 -0
- package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
- package/dist/plugins/email-otp/index.d.mts +428 -0
- package/dist/plugins/email-otp/index.mjs +130 -0
- package/dist/plugins/email-otp/index.mjs.map +1 -0
- package/dist/plugins/email-otp/otp-token.mjs +29 -0
- package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
- package/dist/plugins/email-otp/routes.mjs +631 -0
- package/dist/plugins/email-otp/routes.mjs.map +1 -0
- package/dist/plugins/email-otp/types.d.mts +86 -0
- package/dist/plugins/email-otp/utils.mjs +17 -0
- package/dist/plugins/email-otp/utils.mjs.map +1 -0
- package/dist/plugins/generic-oauth/client.d.mts +33 -0
- package/dist/plugins/generic-oauth/client.mjs +14 -0
- package/dist/plugins/generic-oauth/client.mjs.map +1 -0
- package/dist/plugins/generic-oauth/error-codes.d.mts +16 -0
- package/dist/plugins/generic-oauth/error-codes.mjs +17 -0
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/index.d.mts +201 -0
- package/dist/plugins/generic-oauth/index.mjs +145 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
- package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
- package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
- package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
- package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
- package/dist/plugins/generic-oauth/routes.mjs +411 -0
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/types.d.mts +159 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +46 -0
- package/dist/plugins/haveibeenpwned/index.mjs +57 -0
- package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
- package/dist/plugins/index.d.mts +65 -0
- package/dist/plugins/index.mjs +48 -0
- package/dist/plugins/jwt/adapter.mjs +27 -0
- package/dist/plugins/jwt/adapter.mjs.map +1 -0
- package/dist/plugins/jwt/client.d.mts +40 -0
- package/dist/plugins/jwt/client.mjs +19 -0
- package/dist/plugins/jwt/client.mjs.map +1 -0
- package/dist/plugins/jwt/index.d.mts +224 -0
- package/dist/plugins/jwt/index.mjs +202 -0
- package/dist/plugins/jwt/index.mjs.map +1 -0
- package/dist/plugins/jwt/schema.d.mts +26 -0
- package/dist/plugins/jwt/schema.mjs +23 -0
- package/dist/plugins/jwt/schema.mjs.map +1 -0
- package/dist/plugins/jwt/sign.d.mts +57 -0
- package/dist/plugins/jwt/sign.mjs +66 -0
- package/dist/plugins/jwt/sign.mjs.map +1 -0
- package/dist/plugins/jwt/types.d.mts +194 -0
- package/dist/plugins/jwt/utils.d.mts +42 -0
- package/dist/plugins/jwt/utils.mjs +64 -0
- package/dist/plugins/jwt/utils.mjs.map +1 -0
- package/dist/plugins/jwt/verify.d.mts +12 -0
- package/dist/plugins/jwt/verify.mjs +46 -0
- package/dist/plugins/jwt/verify.mjs.map +1 -0
- package/dist/plugins/last-login-method/client.d.mts +38 -0
- package/dist/plugins/last-login-method/client.mjs +32 -0
- package/dist/plugins/last-login-method/client.mjs.map +1 -0
- package/dist/plugins/last-login-method/index.d.mts +118 -0
- package/dist/plugins/last-login-method/index.mjs +76 -0
- package/dist/plugins/last-login-method/index.mjs.map +1 -0
- package/dist/plugins/magic-link/client.d.mts +10 -0
- package/dist/plugins/magic-link/client.mjs +11 -0
- package/dist/plugins/magic-link/client.mjs.map +1 -0
- package/dist/plugins/magic-link/index.d.mts +193 -0
- package/dist/plugins/magic-link/index.mjs +177 -0
- package/dist/plugins/magic-link/index.mjs.map +1 -0
- package/dist/plugins/magic-link/utils.mjs +12 -0
- package/dist/plugins/magic-link/utils.mjs.map +1 -0
- package/dist/plugins/mcp/authorize.mjs +133 -0
- package/dist/plugins/mcp/authorize.mjs.map +1 -0
- package/dist/plugins/mcp/index.d.mts +458 -0
- package/dist/plugins/mcp/index.mjs +717 -0
- package/dist/plugins/mcp/index.mjs.map +1 -0
- package/dist/plugins/multi-session/client.d.mts +19 -0
- package/dist/plugins/multi-session/client.mjs +20 -0
- package/dist/plugins/multi-session/client.mjs.map +1 -0
- package/dist/plugins/multi-session/error-codes.d.mts +9 -0
- package/dist/plugins/multi-session/error-codes.mjs +8 -0
- package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
- package/dist/plugins/multi-session/index.d.mts +235 -0
- package/dist/plugins/multi-session/index.mjs +172 -0
- package/dist/plugins/multi-session/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/index.d.mts +97 -0
- package/dist/plugins/oauth-proxy/index.mjs +305 -0
- package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/utils.mjs +51 -0
- package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
- package/dist/plugins/oidc-provider/authorize.mjs +194 -0
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
- package/dist/plugins/oidc-provider/client.d.mts +12 -0
- package/dist/plugins/oidc-provider/client.mjs +11 -0
- package/dist/plugins/oidc-provider/client.mjs.map +1 -0
- package/dist/plugins/oidc-provider/error.mjs +17 -0
- package/dist/plugins/oidc-provider/error.mjs.map +1 -0
- package/dist/plugins/oidc-provider/index.d.mts +702 -0
- package/dist/plugins/oidc-provider/index.mjs +1093 -0
- package/dist/plugins/oidc-provider/index.mjs.map +1 -0
- package/dist/plugins/oidc-provider/schema.d.mts +160 -0
- package/dist/plugins/oidc-provider/schema.mjs +132 -0
- package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
- package/dist/plugins/oidc-provider/types.d.mts +517 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
- package/dist/plugins/oidc-provider/utils.mjs +15 -0
- package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
- package/dist/plugins/one-tap/client.d.mts +174 -0
- package/dist/plugins/one-tap/client.mjs +188 -0
- package/dist/plugins/one-tap/client.mjs.map +1 -0
- package/dist/plugins/one-tap/index.d.mts +83 -0
- package/dist/plugins/one-tap/index.mjs +95 -0
- package/dist/plugins/one-tap/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/client.d.mts +10 -0
- package/dist/plugins/one-time-token/client.mjs +11 -0
- package/dist/plugins/one-time-token/client.mjs.map +1 -0
- package/dist/plugins/one-time-token/index.d.mts +133 -0
- package/dist/plugins/one-time-token/index.mjs +82 -0
- package/dist/plugins/one-time-token/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/utils.mjs +12 -0
- package/dist/plugins/one-time-token/utils.mjs.map +1 -0
- package/dist/plugins/open-api/generator.d.mts +115 -0
- package/dist/plugins/open-api/generator.mjs +315 -0
- package/dist/plugins/open-api/generator.mjs.map +1 -0
- package/dist/plugins/open-api/index.d.mts +97 -0
- package/dist/plugins/open-api/index.mjs +67 -0
- package/dist/plugins/open-api/index.mjs.map +1 -0
- package/dist/plugins/open-api/logo.mjs +15 -0
- package/dist/plugins/open-api/logo.mjs.map +1 -0
- package/dist/plugins/organization/access/index.d.mts +2 -0
- package/dist/plugins/organization/access/index.mjs +3 -0
- package/dist/plugins/organization/access/statement.d.mts +249 -0
- package/dist/plugins/organization/access/statement.mjs +81 -0
- package/dist/plugins/organization/access/statement.mjs.map +1 -0
- package/dist/plugins/organization/adapter.d.mts +792 -0
- package/dist/plugins/organization/adapter.mjs +624 -0
- package/dist/plugins/organization/adapter.mjs.map +1 -0
- package/dist/plugins/organization/call.mjs +19 -0
- package/dist/plugins/organization/call.mjs.map +1 -0
- package/dist/plugins/organization/client.d.mts +372 -0
- package/dist/plugins/organization/client.mjs +95 -0
- package/dist/plugins/organization/client.mjs.map +1 -0
- package/dist/plugins/organization/error-codes.d.mts +65 -0
- package/dist/plugins/organization/error-codes.mjs +66 -0
- package/dist/plugins/organization/error-codes.mjs.map +1 -0
- package/dist/plugins/organization/has-permission.mjs +35 -0
- package/dist/plugins/organization/has-permission.mjs.map +1 -0
- package/dist/plugins/organization/index.d.mts +5 -0
- package/dist/plugins/organization/index.mjs +4 -0
- package/dist/plugins/organization/organization.d.mts +394 -0
- package/dist/plugins/organization/organization.mjs +428 -0
- package/dist/plugins/organization/organization.mjs.map +1 -0
- package/dist/plugins/organization/permission.d.mts +17 -0
- package/dist/plugins/organization/permission.mjs +16 -0
- package/dist/plugins/organization/permission.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-access-control.d.mts +394 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs +678 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-invites.d.mts +1031 -0
- package/dist/plugins/organization/routes/crud-invites.mjs +551 -0
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-members.d.mts +940 -0
- package/dist/plugins/organization/routes/crud-members.mjs +466 -0
- package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-org.d.mts +708 -0
- package/dist/plugins/organization/routes/crud-org.mjs +423 -0
- package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-team.d.mts +1071 -0
- package/dist/plugins/organization/routes/crud-team.mjs +676 -0
- package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
- package/dist/plugins/organization/schema.d.mts +376 -0
- package/dist/plugins/organization/schema.mjs +68 -0
- package/dist/plugins/organization/schema.mjs.map +1 -0
- package/dist/plugins/organization/types.d.mts +677 -0
- package/dist/plugins/phone-number/client.d.mts +31 -0
- package/dist/plugins/phone-number/client.mjs +20 -0
- package/dist/plugins/phone-number/client.mjs.map +1 -0
- package/dist/plugins/phone-number/error-codes.d.mts +20 -0
- package/dist/plugins/phone-number/error-codes.mjs +21 -0
- package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
- package/dist/plugins/phone-number/index.d.mts +318 -0
- package/dist/plugins/phone-number/index.mjs +49 -0
- package/dist/plugins/phone-number/index.mjs.map +1 -0
- package/dist/plugins/phone-number/routes.mjs +472 -0
- package/dist/plugins/phone-number/routes.mjs.map +1 -0
- package/dist/plugins/phone-number/schema.d.mts +23 -0
- package/dist/plugins/phone-number/schema.mjs +20 -0
- package/dist/plugins/phone-number/schema.mjs.map +1 -0
- package/dist/plugins/phone-number/types.d.mts +118 -0
- package/dist/plugins/two-factor/backup-codes/index.d.mts +279 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
- package/dist/plugins/two-factor/client.d.mts +55 -0
- package/dist/plugins/two-factor/client.mjs +37 -0
- package/dist/plugins/two-factor/client.mjs.map +1 -0
- package/dist/plugins/two-factor/constant.mjs +8 -0
- package/dist/plugins/two-factor/constant.mjs.map +1 -0
- package/dist/plugins/two-factor/error-code.d.mts +17 -0
- package/dist/plugins/two-factor/error-code.mjs +18 -0
- package/dist/plugins/two-factor/error-code.mjs.map +1 -0
- package/dist/plugins/two-factor/index.d.mts +670 -0
- package/dist/plugins/two-factor/index.mjs +228 -0
- package/dist/plugins/two-factor/index.mjs.map +1 -0
- package/dist/plugins/two-factor/otp/index.d.mts +216 -0
- package/dist/plugins/two-factor/otp/index.mjs +199 -0
- package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/schema.d.mts +41 -0
- package/dist/plugins/two-factor/schema.mjs +36 -0
- package/dist/plugins/two-factor/schema.mjs.map +1 -0
- package/dist/plugins/two-factor/totp/index.d.mts +210 -0
- package/dist/plugins/two-factor/totp/index.mjs +157 -0
- package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/types.d.mts +73 -0
- package/dist/plugins/two-factor/utils.mjs +12 -0
- package/dist/plugins/two-factor/utils.mjs.map +1 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs +85 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
- package/dist/plugins/username/client.d.mts +26 -0
- package/dist/plugins/username/client.mjs +18 -0
- package/dist/plugins/username/client.mjs.map +1 -0
- package/dist/plugins/username/error-codes.d.mts +16 -0
- package/dist/plugins/username/error-codes.mjs +17 -0
- package/dist/plugins/username/error-codes.mjs.map +1 -0
- package/dist/plugins/username/index.d.mts +251 -0
- package/dist/plugins/username/index.mjs +234 -0
- package/dist/plugins/username/index.mjs.map +1 -0
- package/dist/plugins/username/schema.d.mts +33 -0
- package/dist/plugins/username/schema.mjs +26 -0
- package/dist/plugins/username/schema.mjs.map +1 -0
- package/dist/providers/index.d.mts +1 -0
- package/dist/providers/index.mjs +3 -0
- package/dist/state.d.mts +42 -0
- package/dist/state.mjs +107 -0
- package/dist/state.mjs.map +1 -0
- package/dist/types/adapter.d.mts +2 -0
- package/dist/types/api.d.mts +29 -0
- package/dist/types/auth.d.mts +29 -0
- package/dist/types/helper.d.mts +10 -0
- package/dist/types/index.d.mts +11 -0
- package/dist/types/index.mjs +1 -0
- package/dist/types/models.d.mts +11 -0
- package/dist/types/plugins.d.mts +20 -0
- package/dist/utils/boolean.mjs +8 -0
- package/dist/utils/boolean.mjs.map +1 -0
- package/dist/utils/constants.mjs +6 -0
- package/dist/utils/constants.mjs.map +1 -0
- package/dist/utils/date.mjs +8 -0
- package/dist/utils/date.mjs.map +1 -0
- package/dist/utils/get-request-ip.d.mts +7 -0
- package/dist/utils/get-request-ip.mjs +23 -0
- package/dist/utils/get-request-ip.mjs.map +1 -0
- package/dist/utils/hide-metadata.d.mts +7 -0
- package/dist/utils/hide-metadata.mjs +6 -0
- package/dist/utils/hide-metadata.mjs.map +1 -0
- package/dist/utils/index.d.mts +4 -0
- package/dist/utils/index.mjs +6 -0
- package/dist/utils/is-api-error.d.mts +7 -0
- package/dist/utils/is-api-error.mjs +11 -0
- package/dist/utils/is-api-error.mjs.map +1 -0
- package/dist/utils/is-atom.mjs +8 -0
- package/dist/utils/is-atom.mjs.map +1 -0
- package/dist/utils/is-promise.mjs +8 -0
- package/dist/utils/is-promise.mjs.map +1 -0
- package/dist/utils/middleware-response.mjs +9 -0
- package/dist/utils/middleware-response.mjs.map +1 -0
- package/dist/utils/password.mjs +26 -0
- package/dist/utils/password.mjs.map +1 -0
- package/dist/utils/plugin-helper.mjs +17 -0
- package/dist/utils/plugin-helper.mjs.map +1 -0
- package/dist/utils/shim.mjs +24 -0
- package/dist/utils/shim.mjs.map +1 -0
- package/dist/utils/time.d.mts +49 -0
- package/dist/utils/time.mjs +100 -0
- package/dist/utils/time.mjs.map +1 -0
- package/dist/utils/url.d.mts +8 -0
- package/dist/utils/url.mjs +92 -0
- package/dist/utils/url.mjs.map +1 -0
- package/dist/utils/wildcard.mjs +108 -0
- package/dist/utils/wildcard.mjs.map +1 -0
- package/package.json +428 -0
|
@@ -0,0 +1,411 @@
|
|
|
1
|
+
import { setSessionCookie } from "../../cookies/index.mjs";
|
|
2
|
+
import { generateState, parseState } from "../../oauth2/state.mjs";
|
|
3
|
+
import { setTokenUtil } from "../../oauth2/utils.mjs";
|
|
4
|
+
import { sessionMiddleware } from "../../api/routes/session.mjs";
|
|
5
|
+
import { handleOAuthUserInfo } from "../../oauth2/link-account.mjs";
|
|
6
|
+
import { HIDE_METADATA } from "../../utils/hide-metadata.mjs";
|
|
7
|
+
import "../../utils/index.mjs";
|
|
8
|
+
import { APIError as APIError$1 } from "../../api/index.mjs";
|
|
9
|
+
import { GENERIC_OAUTH_ERROR_CODES } from "./error-codes.mjs";
|
|
10
|
+
import { BASE_ERROR_CODES } from "@better-auth/core/error";
|
|
11
|
+
import { createAuthorizationURL, validateAuthorizationCode } from "@better-auth/core/oauth2";
|
|
12
|
+
import { createAuthEndpoint } from "@better-auth/core/api";
|
|
13
|
+
import * as z from "zod";
|
|
14
|
+
import { decodeJwt } from "jose";
|
|
15
|
+
import { betterFetch } from "@better-fetch/fetch";
|
|
16
|
+
|
|
17
|
+
//#region src/plugins/generic-oauth/routes.ts
|
|
18
|
+
const signInWithOAuth2BodySchema = z.object({
|
|
19
|
+
providerId: z.string().meta({ description: "The provider ID for the OAuth provider" }),
|
|
20
|
+
callbackURL: z.string().meta({ description: "The URL to redirect to after sign in" }).optional(),
|
|
21
|
+
errorCallbackURL: z.string().meta({ description: "The URL to redirect to if an error occurs" }).optional(),
|
|
22
|
+
newUserCallbackURL: z.string().meta({ description: "The URL to redirect to after login if the user is new. Eg: \"/welcome\"" }).optional(),
|
|
23
|
+
disableRedirect: z.boolean().meta({ description: "Disable redirect" }).optional(),
|
|
24
|
+
scopes: z.array(z.string()).meta({ description: "Scopes to be passed to the provider authorization request." }).optional(),
|
|
25
|
+
requestSignUp: z.boolean().meta({ description: "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider. Eg: false" }).optional(),
|
|
26
|
+
additionalData: z.record(z.string(), z.any()).optional()
|
|
27
|
+
});
|
|
28
|
+
/**
|
|
29
|
+
* ### Endpoint
|
|
30
|
+
*
|
|
31
|
+
* POST `/sign-in/oauth2`
|
|
32
|
+
*
|
|
33
|
+
* ### API Methods
|
|
34
|
+
*
|
|
35
|
+
* **server:**
|
|
36
|
+
* `auth.api.signInWithOAuth2`
|
|
37
|
+
*
|
|
38
|
+
* **client:**
|
|
39
|
+
* `authClient.signIn.oauth2`
|
|
40
|
+
*
|
|
41
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/sign-in#api-method-sign-in-oauth2)
|
|
42
|
+
*/
|
|
43
|
+
const signInWithOAuth2 = (options) => createAuthEndpoint("/sign-in/oauth2", {
|
|
44
|
+
method: "POST",
|
|
45
|
+
body: signInWithOAuth2BodySchema,
|
|
46
|
+
metadata: { openapi: {
|
|
47
|
+
description: "Sign in with OAuth2",
|
|
48
|
+
responses: { 200: {
|
|
49
|
+
description: "Sign in with OAuth2",
|
|
50
|
+
content: { "application/json": { schema: {
|
|
51
|
+
type: "object",
|
|
52
|
+
properties: {
|
|
53
|
+
url: { type: "string" },
|
|
54
|
+
redirect: { type: "boolean" }
|
|
55
|
+
}
|
|
56
|
+
} } }
|
|
57
|
+
} }
|
|
58
|
+
} }
|
|
59
|
+
}, async (ctx) => {
|
|
60
|
+
const { providerId } = ctx.body;
|
|
61
|
+
const config = options.config.find((c) => c.providerId === providerId);
|
|
62
|
+
if (!config) throw APIError$1.fromStatus("BAD_REQUEST", { message: `${GENERIC_OAUTH_ERROR_CODES.PROVIDER_CONFIG_NOT_FOUND} ${providerId}` });
|
|
63
|
+
const { discoveryUrl, authorizationUrl, tokenUrl, clientId, clientSecret, scopes, redirectURI, responseType, pkce, prompt, accessType, authorizationUrlParams, responseMode } = config;
|
|
64
|
+
let finalAuthUrl = authorizationUrl;
|
|
65
|
+
let finalTokenUrl = tokenUrl;
|
|
66
|
+
if (discoveryUrl) {
|
|
67
|
+
const discovery = await betterFetch(discoveryUrl, {
|
|
68
|
+
method: "GET",
|
|
69
|
+
headers: config.discoveryHeaders,
|
|
70
|
+
onError(context) {
|
|
71
|
+
ctx.context.logger.error(context.error.message, context.error, { discoveryUrl });
|
|
72
|
+
}
|
|
73
|
+
});
|
|
74
|
+
if (discovery.data) {
|
|
75
|
+
finalAuthUrl = discovery.data.authorization_endpoint;
|
|
76
|
+
finalTokenUrl = discovery.data.token_endpoint;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
if (!finalAuthUrl || !finalTokenUrl) throw APIError$1.from("BAD_REQUEST", GENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIGURATION);
|
|
80
|
+
if (authorizationUrlParams) {
|
|
81
|
+
const withAdditionalParams = new URL(finalAuthUrl);
|
|
82
|
+
for (const [paramName, paramValue] of Object.entries(authorizationUrlParams)) withAdditionalParams.searchParams.set(paramName, paramValue);
|
|
83
|
+
finalAuthUrl = withAdditionalParams.toString();
|
|
84
|
+
}
|
|
85
|
+
const additionalParams = typeof authorizationUrlParams === "function" ? authorizationUrlParams(ctx) : authorizationUrlParams;
|
|
86
|
+
const { state, codeVerifier } = await generateState(ctx, void 0, ctx.body.additionalData);
|
|
87
|
+
const authUrl = await createAuthorizationURL({
|
|
88
|
+
id: providerId,
|
|
89
|
+
options: {
|
|
90
|
+
clientId,
|
|
91
|
+
clientSecret,
|
|
92
|
+
redirectURI
|
|
93
|
+
},
|
|
94
|
+
authorizationEndpoint: finalAuthUrl,
|
|
95
|
+
state,
|
|
96
|
+
codeVerifier: pkce ? codeVerifier : void 0,
|
|
97
|
+
scopes: ctx.body.scopes ? [...ctx.body.scopes, ...scopes || []] : scopes || [],
|
|
98
|
+
redirectURI: `${ctx.context.baseURL}/oauth2/callback/${providerId}`,
|
|
99
|
+
prompt,
|
|
100
|
+
accessType,
|
|
101
|
+
responseType,
|
|
102
|
+
responseMode,
|
|
103
|
+
additionalParams
|
|
104
|
+
});
|
|
105
|
+
return ctx.json({
|
|
106
|
+
url: authUrl.toString(),
|
|
107
|
+
redirect: !ctx.body.disableRedirect
|
|
108
|
+
});
|
|
109
|
+
});
|
|
110
|
+
const OAuth2CallbackQuerySchema = z.object({
|
|
111
|
+
code: z.string().meta({ description: "The OAuth2 code" }).optional(),
|
|
112
|
+
error: z.string().meta({ description: "The error message, if any" }).optional(),
|
|
113
|
+
error_description: z.string().meta({ description: "The error description, if any" }).optional(),
|
|
114
|
+
state: z.string().meta({ description: "The state parameter from the OAuth2 request" }).optional(),
|
|
115
|
+
iss: z.string().meta({ description: "The issuer identifier" }).optional()
|
|
116
|
+
});
|
|
117
|
+
const oAuth2Callback = (options) => createAuthEndpoint("/oauth2/callback/:providerId", {
|
|
118
|
+
method: "GET",
|
|
119
|
+
query: OAuth2CallbackQuerySchema,
|
|
120
|
+
metadata: {
|
|
121
|
+
...HIDE_METADATA,
|
|
122
|
+
allowedMediaTypes: ["application/x-www-form-urlencoded", "application/json"],
|
|
123
|
+
openapi: {
|
|
124
|
+
description: "OAuth2 callback",
|
|
125
|
+
responses: { 200: {
|
|
126
|
+
description: "OAuth2 callback",
|
|
127
|
+
content: { "application/json": { schema: {
|
|
128
|
+
type: "object",
|
|
129
|
+
properties: { url: { type: "string" } }
|
|
130
|
+
} } }
|
|
131
|
+
} }
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
}, async (ctx) => {
|
|
135
|
+
const defaultErrorURL = ctx.context.options.onAPIError?.errorURL || `${ctx.context.baseURL}/error`;
|
|
136
|
+
if (ctx.query.error || !ctx.query.code) throw ctx.redirect(`${defaultErrorURL}?error=${ctx.query.error || "oAuth_code_missing"}&error_description=${ctx.query.error_description}`);
|
|
137
|
+
const providerId = ctx.params?.providerId;
|
|
138
|
+
if (!providerId) throw APIError$1.from("BAD_REQUEST", GENERIC_OAUTH_ERROR_CODES.PROVIDER_ID_REQUIRED);
|
|
139
|
+
const providerConfig = options.config.find((p) => p.providerId === providerId);
|
|
140
|
+
if (!providerConfig) throw APIError$1.fromStatus("BAD_REQUEST", { message: `${GENERIC_OAUTH_ERROR_CODES.PROVIDER_CONFIG_NOT_FOUND} ${providerId}` });
|
|
141
|
+
let tokens = void 0;
|
|
142
|
+
const { callbackURL, codeVerifier, errorURL, requestSignUp, newUserURL, link } = await parseState(ctx);
|
|
143
|
+
const code = ctx.query.code;
|
|
144
|
+
function redirectOnError(error) {
|
|
145
|
+
const defaultErrorURL = ctx.context.options.onAPIError?.errorURL || `${ctx.context.baseURL}/error`;
|
|
146
|
+
let url = errorURL || defaultErrorURL;
|
|
147
|
+
if (url.includes("?")) url = `${url}&error=${error}`;
|
|
148
|
+
else url = `${url}?error=${error}`;
|
|
149
|
+
throw ctx.redirect(url);
|
|
150
|
+
}
|
|
151
|
+
let finalTokenUrl = providerConfig.tokenUrl;
|
|
152
|
+
let finalUserInfoUrl = providerConfig.userInfoUrl;
|
|
153
|
+
let expectedIssuer = providerConfig.issuer;
|
|
154
|
+
if (providerConfig.discoveryUrl) {
|
|
155
|
+
const discovery = await betterFetch(providerConfig.discoveryUrl, {
|
|
156
|
+
method: "GET",
|
|
157
|
+
headers: providerConfig.discoveryHeaders
|
|
158
|
+
});
|
|
159
|
+
if (discovery.data) {
|
|
160
|
+
finalTokenUrl = discovery.data.token_endpoint;
|
|
161
|
+
finalUserInfoUrl = discovery.data.userinfo_endpoint;
|
|
162
|
+
if (!expectedIssuer && discovery.data.issuer) expectedIssuer = discovery.data.issuer;
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
if (expectedIssuer) {
|
|
166
|
+
if (ctx.query.iss) {
|
|
167
|
+
if (ctx.query.iss !== expectedIssuer) {
|
|
168
|
+
ctx.context.logger.error("OAuth issuer mismatch", {
|
|
169
|
+
expected: expectedIssuer,
|
|
170
|
+
received: ctx.query.iss
|
|
171
|
+
});
|
|
172
|
+
return redirectOnError("issuer_mismatch");
|
|
173
|
+
}
|
|
174
|
+
} else if (providerConfig.requireIssuerValidation) {
|
|
175
|
+
ctx.context.logger.error("OAuth issuer parameter missing", { expected: expectedIssuer });
|
|
176
|
+
return redirectOnError("issuer_missing");
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
try {
|
|
180
|
+
if (providerConfig.getToken) tokens = await providerConfig.getToken({
|
|
181
|
+
code,
|
|
182
|
+
redirectURI: `${ctx.context.baseURL}/oauth2/callback/${providerConfig.providerId}`,
|
|
183
|
+
codeVerifier: providerConfig.pkce ? codeVerifier : void 0
|
|
184
|
+
});
|
|
185
|
+
else {
|
|
186
|
+
if (!finalTokenUrl) throw APIError$1.from("BAD_REQUEST", GENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIG);
|
|
187
|
+
const additionalParams = typeof providerConfig.tokenUrlParams === "function" ? providerConfig.tokenUrlParams(ctx) : providerConfig.tokenUrlParams;
|
|
188
|
+
tokens = await validateAuthorizationCode({
|
|
189
|
+
headers: providerConfig.authorizationHeaders,
|
|
190
|
+
code,
|
|
191
|
+
codeVerifier: providerConfig.pkce ? codeVerifier : void 0,
|
|
192
|
+
redirectURI: `${ctx.context.baseURL}/oauth2/callback/${providerConfig.providerId}`,
|
|
193
|
+
options: {
|
|
194
|
+
clientId: providerConfig.clientId,
|
|
195
|
+
clientSecret: providerConfig.clientSecret,
|
|
196
|
+
redirectURI: providerConfig.redirectURI
|
|
197
|
+
},
|
|
198
|
+
tokenEndpoint: finalTokenUrl,
|
|
199
|
+
authentication: providerConfig.authentication,
|
|
200
|
+
additionalParams
|
|
201
|
+
});
|
|
202
|
+
}
|
|
203
|
+
} catch (e) {
|
|
204
|
+
ctx.context.logger.error(e && typeof e === "object" && "name" in e ? e.name : "", e);
|
|
205
|
+
throw redirectOnError("oauth_code_verification_failed");
|
|
206
|
+
}
|
|
207
|
+
if (!tokens) throw APIError$1.from("BAD_REQUEST", GENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIG);
|
|
208
|
+
const userInfo = await (async function handleUserInfo() {
|
|
209
|
+
const userInfo = providerConfig.getUserInfo ? await providerConfig.getUserInfo(tokens) : await getUserInfo(tokens, finalUserInfoUrl);
|
|
210
|
+
if (!userInfo) throw redirectOnError("user_info_is_missing");
|
|
211
|
+
const mapUser = providerConfig.mapProfileToUser ? await providerConfig.mapProfileToUser(userInfo) : userInfo;
|
|
212
|
+
const email = mapUser.email ? mapUser.email.toLowerCase() : userInfo.email?.toLowerCase();
|
|
213
|
+
if (!email) {
|
|
214
|
+
ctx.context.logger.error("Unable to get user info", userInfo);
|
|
215
|
+
throw redirectOnError("email_is_missing");
|
|
216
|
+
}
|
|
217
|
+
const id = mapUser.id ? String(mapUser.id) : String(userInfo.id);
|
|
218
|
+
const name = mapUser.name ? mapUser.name : userInfo.name;
|
|
219
|
+
if (!name) {
|
|
220
|
+
ctx.context.logger.error("Unable to get user info", userInfo);
|
|
221
|
+
throw redirectOnError("name_is_missing");
|
|
222
|
+
}
|
|
223
|
+
return {
|
|
224
|
+
...userInfo,
|
|
225
|
+
...mapUser,
|
|
226
|
+
email,
|
|
227
|
+
id,
|
|
228
|
+
name
|
|
229
|
+
};
|
|
230
|
+
})();
|
|
231
|
+
if (link) {
|
|
232
|
+
if (ctx.context.options.account?.accountLinking?.allowDifferentEmails !== true && link.email.toLowerCase() !== userInfo.email.toLowerCase()) return redirectOnError("email_doesn't_match");
|
|
233
|
+
const existingAccount = await ctx.context.internalAdapter.findAccountByProviderId(String(userInfo.id), providerConfig.providerId);
|
|
234
|
+
if (existingAccount) {
|
|
235
|
+
if (existingAccount.userId !== link.userId) return redirectOnError("account_already_linked_to_different_user");
|
|
236
|
+
const updateData = Object.fromEntries(Object.entries({
|
|
237
|
+
accessToken: await setTokenUtil(tokens.accessToken, ctx.context),
|
|
238
|
+
idToken: tokens.idToken,
|
|
239
|
+
refreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),
|
|
240
|
+
accessTokenExpiresAt: tokens.accessTokenExpiresAt,
|
|
241
|
+
refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
|
|
242
|
+
scope: tokens.scopes?.join(",")
|
|
243
|
+
}).filter(([_, value]) => value !== void 0));
|
|
244
|
+
await ctx.context.internalAdapter.updateAccount(existingAccount.id, updateData);
|
|
245
|
+
} else if (!await ctx.context.internalAdapter.createAccount({
|
|
246
|
+
userId: link.userId,
|
|
247
|
+
providerId: providerConfig.providerId,
|
|
248
|
+
accountId: userInfo.id,
|
|
249
|
+
accessToken: await setTokenUtil(tokens.accessToken, ctx.context),
|
|
250
|
+
accessTokenExpiresAt: tokens.accessTokenExpiresAt,
|
|
251
|
+
refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
|
|
252
|
+
scope: tokens.scopes?.join(","),
|
|
253
|
+
refreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),
|
|
254
|
+
idToken: tokens.idToken
|
|
255
|
+
})) return redirectOnError("unable_to_link_account");
|
|
256
|
+
let toRedirectTo;
|
|
257
|
+
try {
|
|
258
|
+
toRedirectTo = callbackURL.toString();
|
|
259
|
+
} catch {
|
|
260
|
+
toRedirectTo = callbackURL;
|
|
261
|
+
}
|
|
262
|
+
throw ctx.redirect(toRedirectTo);
|
|
263
|
+
}
|
|
264
|
+
const result = await handleOAuthUserInfo(ctx, {
|
|
265
|
+
userInfo,
|
|
266
|
+
account: {
|
|
267
|
+
providerId: providerConfig.providerId,
|
|
268
|
+
accountId: userInfo.id,
|
|
269
|
+
...tokens,
|
|
270
|
+
scope: tokens.scopes?.join(",")
|
|
271
|
+
},
|
|
272
|
+
callbackURL,
|
|
273
|
+
disableSignUp: providerConfig.disableImplicitSignUp && !requestSignUp || providerConfig.disableSignUp,
|
|
274
|
+
overrideUserInfo: providerConfig.overrideUserInfo
|
|
275
|
+
});
|
|
276
|
+
if (result.error) return redirectOnError(result.error.split(" ").join("_"));
|
|
277
|
+
const { session, user } = result.data;
|
|
278
|
+
await setSessionCookie(ctx, {
|
|
279
|
+
session,
|
|
280
|
+
user
|
|
281
|
+
});
|
|
282
|
+
let toRedirectTo;
|
|
283
|
+
try {
|
|
284
|
+
toRedirectTo = (result.isRegister ? newUserURL || callbackURL : callbackURL).toString();
|
|
285
|
+
} catch {
|
|
286
|
+
toRedirectTo = result.isRegister ? newUserURL || callbackURL : callbackURL;
|
|
287
|
+
}
|
|
288
|
+
throw ctx.redirect(toRedirectTo);
|
|
289
|
+
});
|
|
290
|
+
const OAuth2LinkAccountBodySchema = z.object({
|
|
291
|
+
providerId: z.string(),
|
|
292
|
+
callbackURL: z.string(),
|
|
293
|
+
scopes: z.array(z.string()).meta({ description: "Additional scopes to request when linking the account" }).optional(),
|
|
294
|
+
errorCallbackURL: z.string().meta({ description: "The URL to redirect to if there is an error during the link process" }).optional()
|
|
295
|
+
});
|
|
296
|
+
/**
|
|
297
|
+
* ### Endpoint
|
|
298
|
+
*
|
|
299
|
+
* POST `/oauth2/link`
|
|
300
|
+
*
|
|
301
|
+
* ### API Methods
|
|
302
|
+
*
|
|
303
|
+
* **server:**
|
|
304
|
+
* `auth.api.oAuth2LinkAccount`
|
|
305
|
+
*
|
|
306
|
+
* **client:**
|
|
307
|
+
* `authClient.oauth2.link`
|
|
308
|
+
*
|
|
309
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/generic-oauth#api-method-oauth2-link)
|
|
310
|
+
*/
|
|
311
|
+
const oAuth2LinkAccount = (options) => createAuthEndpoint("/oauth2/link", {
|
|
312
|
+
method: "POST",
|
|
313
|
+
body: OAuth2LinkAccountBodySchema,
|
|
314
|
+
use: [sessionMiddleware],
|
|
315
|
+
metadata: { openapi: {
|
|
316
|
+
description: "Link an OAuth2 account to the current user session",
|
|
317
|
+
responses: { "200": {
|
|
318
|
+
description: "Authorization URL generated successfully for linking an OAuth2 account",
|
|
319
|
+
content: { "application/json": { schema: {
|
|
320
|
+
type: "object",
|
|
321
|
+
properties: {
|
|
322
|
+
url: {
|
|
323
|
+
type: "string",
|
|
324
|
+
format: "uri",
|
|
325
|
+
description: "The authorization URL to redirect the user to for linking the OAuth2 account"
|
|
326
|
+
},
|
|
327
|
+
redirect: {
|
|
328
|
+
type: "boolean",
|
|
329
|
+
description: "Indicates that the client should redirect to the provided URL",
|
|
330
|
+
enum: [true]
|
|
331
|
+
}
|
|
332
|
+
},
|
|
333
|
+
required: ["url", "redirect"]
|
|
334
|
+
} } }
|
|
335
|
+
} }
|
|
336
|
+
} }
|
|
337
|
+
}, async (c) => {
|
|
338
|
+
const session = c.context.session;
|
|
339
|
+
if (!session) throw APIError$1.from("UNAUTHORIZED", GENERIC_OAUTH_ERROR_CODES.SESSION_REQUIRED);
|
|
340
|
+
const provider = options.config.find((p) => p.providerId === c.body.providerId);
|
|
341
|
+
if (!provider) throw APIError$1.from("NOT_FOUND", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);
|
|
342
|
+
const { providerId, clientId, clientSecret, redirectURI, authorizationUrl, discoveryUrl, pkce, scopes, prompt, accessType, authorizationUrlParams } = provider;
|
|
343
|
+
let finalAuthUrl = authorizationUrl;
|
|
344
|
+
if (!finalAuthUrl) {
|
|
345
|
+
if (!discoveryUrl) throw APIError$1.from("BAD_REQUEST", GENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIGURATION);
|
|
346
|
+
const discovery = await betterFetch(discoveryUrl, {
|
|
347
|
+
method: "GET",
|
|
348
|
+
headers: provider.discoveryHeaders,
|
|
349
|
+
onError(context) {
|
|
350
|
+
c.context.logger.error(context.error.message, context.error, { discoveryUrl });
|
|
351
|
+
}
|
|
352
|
+
});
|
|
353
|
+
if (discovery.data) finalAuthUrl = discovery.data.authorization_endpoint;
|
|
354
|
+
}
|
|
355
|
+
if (!finalAuthUrl) throw APIError$1.from("BAD_REQUEST", GENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIGURATION);
|
|
356
|
+
const state = await generateState(c, {
|
|
357
|
+
userId: session.user.id,
|
|
358
|
+
email: session.user.email
|
|
359
|
+
}, void 0);
|
|
360
|
+
const additionalParams = typeof authorizationUrlParams === "function" ? authorizationUrlParams(c) : authorizationUrlParams;
|
|
361
|
+
const url = await createAuthorizationURL({
|
|
362
|
+
id: providerId,
|
|
363
|
+
options: {
|
|
364
|
+
clientId,
|
|
365
|
+
clientSecret,
|
|
366
|
+
redirectURI: redirectURI || `${c.context.baseURL}/oauth2/callback/${providerId}`
|
|
367
|
+
},
|
|
368
|
+
authorizationEndpoint: finalAuthUrl,
|
|
369
|
+
state: state.state,
|
|
370
|
+
codeVerifier: pkce ? state.codeVerifier : void 0,
|
|
371
|
+
scopes: c.body.scopes || scopes || [],
|
|
372
|
+
redirectURI: redirectURI || `${c.context.baseURL}/oauth2/callback/${providerId}`,
|
|
373
|
+
prompt,
|
|
374
|
+
accessType,
|
|
375
|
+
additionalParams
|
|
376
|
+
});
|
|
377
|
+
return c.json({
|
|
378
|
+
url: url.toString(),
|
|
379
|
+
redirect: true
|
|
380
|
+
});
|
|
381
|
+
});
|
|
382
|
+
async function getUserInfo(tokens, finalUserInfoUrl) {
|
|
383
|
+
if (tokens.idToken) {
|
|
384
|
+
const decoded = decodeJwt(tokens.idToken);
|
|
385
|
+
if (decoded) {
|
|
386
|
+
if (decoded.sub && decoded.email) return {
|
|
387
|
+
id: decoded.sub,
|
|
388
|
+
emailVerified: decoded.email_verified,
|
|
389
|
+
image: decoded.picture,
|
|
390
|
+
...decoded
|
|
391
|
+
};
|
|
392
|
+
}
|
|
393
|
+
}
|
|
394
|
+
if (!finalUserInfoUrl) return null;
|
|
395
|
+
const userInfo = await betterFetch(finalUserInfoUrl, {
|
|
396
|
+
method: "GET",
|
|
397
|
+
headers: { Authorization: `Bearer ${tokens.accessToken}` }
|
|
398
|
+
});
|
|
399
|
+
return {
|
|
400
|
+
id: userInfo.data?.sub ?? "",
|
|
401
|
+
emailVerified: userInfo.data?.email_verified ?? false,
|
|
402
|
+
email: userInfo.data?.email,
|
|
403
|
+
image: userInfo.data?.picture,
|
|
404
|
+
name: userInfo.data?.name,
|
|
405
|
+
...userInfo.data
|
|
406
|
+
};
|
|
407
|
+
}
|
|
408
|
+
|
|
409
|
+
//#endregion
|
|
410
|
+
export { getUserInfo, oAuth2Callback, oAuth2LinkAccount, signInWithOAuth2 };
|
|
411
|
+
//# sourceMappingURL=routes.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"routes.mjs","names":["APIError"],"sources":["../../../src/plugins/generic-oauth/routes.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport type { OAuth2Tokens, OAuth2UserInfo } from \"@better-auth/core/oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\tvalidateAuthorizationCode,\n} from \"@better-auth/core/oauth2\";\nimport { betterFetch } from \"@better-fetch/fetch\";\nimport { decodeJwt } from \"jose\";\nimport * as z from \"zod\";\nimport { APIError, sessionMiddleware } from \"../../api\";\nimport { setSessionCookie } from \"../../cookies\";\nimport { handleOAuthUserInfo } from \"../../oauth2/link-account\";\nimport { generateState, parseState } from \"../../oauth2/state\";\nimport { setTokenUtil } from \"../../oauth2/utils\";\nimport type { User } from \"../../types\";\nimport { HIDE_METADATA } from \"../../utils\";\nimport { GENERIC_OAUTH_ERROR_CODES } from \"./error-codes\";\nimport type { GenericOAuthOptions } from \"./types\";\n\nconst signInWithOAuth2BodySchema = z.object({\n\tproviderId: z.string().meta({\n\t\tdescription: \"The provider ID for the OAuth provider\",\n\t}),\n\tcallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The URL to redirect to after sign in\",\n\t\t})\n\t\t.optional(),\n\terrorCallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The URL to redirect to if an error occurs\",\n\t\t})\n\t\t.optional(),\n\tnewUserCallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The URL to redirect to after login if the user is new. Eg: \"/welcome\"',\n\t\t})\n\t\t.optional(),\n\tdisableRedirect: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription: \"Disable redirect\",\n\t\t})\n\t\t.optional(),\n\tscopes: z\n\t\t.array(z.string())\n\t\t.meta({\n\t\t\tdescription: \"Scopes to be passed to the provider authorization request.\",\n\t\t})\n\t\t.optional(),\n\trequestSignUp: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider. Eg: false\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Any additional data to pass through the oauth flow.\n\t */\n\tadditionalData: z.record(z.string(), z.any()).optional(),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/sign-in/oauth2`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.signInWithOAuth2`\n *\n * **client:**\n * `authClient.signIn.oauth2`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/sign-in#api-method-sign-in-oauth2)\n */\nexport const signInWithOAuth2 = (options: GenericOAuthOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/sign-in/oauth2\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: signInWithOAuth2BodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Sign in with OAuth2\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Sign in with OAuth2\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx: GenericEndpointContext) => {\n\t\t\tconst { providerId } = ctx.body;\n\t\t\tconst config = options.config.find((c) => c.providerId === providerId);\n\t\t\tif (!config) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: `${GENERIC_OAUTH_ERROR_CODES.PROVIDER_CONFIG_NOT_FOUND} ${providerId}`,\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst {\n\t\t\t\tdiscoveryUrl,\n\t\t\t\tauthorizationUrl,\n\t\t\t\ttokenUrl,\n\t\t\t\tclientId,\n\t\t\t\tclientSecret,\n\t\t\t\tscopes,\n\t\t\t\tredirectURI,\n\t\t\t\tresponseType,\n\t\t\t\tpkce,\n\t\t\t\tprompt,\n\t\t\t\taccessType,\n\t\t\t\tauthorizationUrlParams,\n\t\t\t\tresponseMode,\n\t\t\t} = config;\n\t\t\tlet finalAuthUrl = authorizationUrl;\n\t\t\tlet finalTokenUrl = tokenUrl;\n\t\t\tif (discoveryUrl) {\n\t\t\t\tconst discovery = await betterFetch<{\n\t\t\t\t\tauthorization_endpoint: string;\n\t\t\t\t\ttoken_endpoint: string;\n\t\t\t\t}>(discoveryUrl, {\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: config.discoveryHeaders,\n\t\t\t\t\tonError(context) {\n\t\t\t\t\t\tctx.context.logger.error(context.error.message, context.error, {\n\t\t\t\t\t\t\tdiscoveryUrl,\n\t\t\t\t\t\t});\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (discovery.data) {\n\t\t\t\t\tfinalAuthUrl = discovery.data.authorization_endpoint;\n\t\t\t\t\tfinalTokenUrl = discovery.data.token_endpoint;\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (!finalAuthUrl || !finalTokenUrl) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tGENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIGURATION,\n\t\t\t\t);\n\t\t\t}\n\t\t\tif (authorizationUrlParams) {\n\t\t\t\tconst withAdditionalParams = new URL(finalAuthUrl);\n\t\t\t\tfor (const [paramName, paramValue] of Object.entries(\n\t\t\t\t\tauthorizationUrlParams,\n\t\t\t\t)) {\n\t\t\t\t\twithAdditionalParams.searchParams.set(paramName, paramValue);\n\t\t\t\t}\n\t\t\t\tfinalAuthUrl = withAdditionalParams.toString();\n\t\t\t}\n\t\t\tconst additionalParams =\n\t\t\t\ttypeof authorizationUrlParams === \"function\"\n\t\t\t\t\t? authorizationUrlParams(ctx)\n\t\t\t\t\t: authorizationUrlParams;\n\n\t\t\tconst { state, codeVerifier } = await generateState(\n\t\t\t\tctx,\n\t\t\t\tundefined,\n\t\t\t\tctx.body.additionalData,\n\t\t\t);\n\t\t\tconst authUrl = await createAuthorizationURL({\n\t\t\t\tid: providerId,\n\t\t\t\toptions: {\n\t\t\t\t\tclientId,\n\t\t\t\t\tclientSecret,\n\t\t\t\t\tredirectURI,\n\t\t\t\t},\n\t\t\t\tauthorizationEndpoint: finalAuthUrl,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier: pkce ? codeVerifier : undefined,\n\t\t\t\tscopes: ctx.body.scopes\n\t\t\t\t\t? [...ctx.body.scopes, ...(scopes || [])]\n\t\t\t\t\t: scopes || [],\n\t\t\t\tredirectURI: `${ctx.context.baseURL}/oauth2/callback/${providerId}`,\n\t\t\t\tprompt,\n\t\t\t\taccessType,\n\t\t\t\tresponseType,\n\t\t\t\tresponseMode,\n\t\t\t\tadditionalParams,\n\t\t\t});\n\t\t\treturn ctx.json({\n\t\t\t\turl: authUrl.toString(),\n\t\t\t\tredirect: !ctx.body.disableRedirect,\n\t\t\t});\n\t\t},\n\t);\n\nconst OAuth2CallbackQuerySchema = z.object({\n\tcode: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The OAuth2 code\",\n\t\t})\n\t\t.optional(),\n\terror: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The error message, if any\",\n\t\t})\n\t\t.optional(),\n\terror_description: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The error description, if any\",\n\t\t})\n\t\t.optional(),\n\tstate: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The state parameter from the OAuth2 request\",\n\t\t})\n\t\t.optional(),\n\tiss: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The issuer identifier\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const oAuth2Callback = (options: GenericOAuthOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/oauth2/callback/:providerId\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tquery: OAuth2CallbackQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\t...HIDE_METADATA,\n\t\t\t\tallowedMediaTypes: [\n\t\t\t\t\t\"application/x-www-form-urlencoded\",\n\t\t\t\t\t\"application/json\",\n\t\t\t\t],\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"OAuth2 callback\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"OAuth2 callback\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx: GenericEndpointContext) => {\n\t\t\tconst defaultErrorURL =\n\t\t\t\tctx.context.options.onAPIError?.errorURL ||\n\t\t\t\t`${ctx.context.baseURL}/error`;\n\t\t\tif (ctx.query.error || !ctx.query.code) {\n\t\t\t\tthrow ctx.redirect(\n\t\t\t\t\t`${defaultErrorURL}?error=${\n\t\t\t\t\t\tctx.query.error || \"oAuth_code_missing\"\n\t\t\t\t\t}&error_description=${ctx.query.error_description}`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst providerId = ctx.params?.providerId;\n\t\t\tif (!providerId) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tGENERIC_OAUTH_ERROR_CODES.PROVIDER_ID_REQUIRED,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst providerConfig = options.config.find(\n\t\t\t\t(p) => p.providerId === providerId,\n\t\t\t);\n\n\t\t\tif (!providerConfig) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: `${GENERIC_OAUTH_ERROR_CODES.PROVIDER_CONFIG_NOT_FOUND} ${providerId}`,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tlet tokens: OAuth2Tokens | undefined = undefined;\n\t\t\tconst parsedState = await parseState(ctx);\n\t\t\tconst {\n\t\t\t\tcallbackURL,\n\t\t\t\tcodeVerifier,\n\t\t\t\terrorURL,\n\t\t\t\trequestSignUp,\n\t\t\t\tnewUserURL,\n\t\t\t\tlink,\n\t\t\t} = parsedState;\n\t\t\tconst code = ctx.query.code;\n\n\t\t\tfunction redirectOnError(error: string) {\n\t\t\t\tconst defaultErrorURL =\n\t\t\t\t\tctx.context.options.onAPIError?.errorURL ||\n\t\t\t\t\t`${ctx.context.baseURL}/error`;\n\t\t\t\tlet url = errorURL || defaultErrorURL;\n\t\t\t\tif (url.includes(\"?\")) {\n\t\t\t\t\turl = `${url}&error=${error}`;\n\t\t\t\t} else {\n\t\t\t\t\turl = `${url}?error=${error}`;\n\t\t\t\t}\n\t\t\t\tthrow ctx.redirect(url);\n\t\t\t}\n\n\t\t\tlet finalTokenUrl = providerConfig.tokenUrl;\n\t\t\tlet finalUserInfoUrl = providerConfig.userInfoUrl;\n\t\t\tlet expectedIssuer = providerConfig.issuer;\n\n\t\t\tif (providerConfig.discoveryUrl) {\n\t\t\t\tconst discovery = await betterFetch<{\n\t\t\t\t\ttoken_endpoint: string;\n\t\t\t\t\tuserinfo_endpoint: string;\n\t\t\t\t\tissuer: string;\n\t\t\t\t}>(providerConfig.discoveryUrl, {\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: providerConfig.discoveryHeaders,\n\t\t\t\t});\n\t\t\t\tif (discovery.data) {\n\t\t\t\t\tfinalTokenUrl = discovery.data.token_endpoint;\n\t\t\t\t\tfinalUserInfoUrl = discovery.data.userinfo_endpoint;\n\t\t\t\t\tif (!expectedIssuer && discovery.data.issuer) {\n\t\t\t\t\t\texpectedIssuer = discovery.data.issuer;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (expectedIssuer) {\n\t\t\t\tif (ctx.query.iss) {\n\t\t\t\t\tif (ctx.query.iss !== expectedIssuer) {\n\t\t\t\t\t\tctx.context.logger.error(\"OAuth issuer mismatch\", {\n\t\t\t\t\t\t\texpected: expectedIssuer,\n\t\t\t\t\t\t\treceived: ctx.query.iss,\n\t\t\t\t\t\t});\n\t\t\t\t\t\treturn redirectOnError(\"issuer_mismatch\");\n\t\t\t\t\t}\n\t\t\t\t} else if (providerConfig.requireIssuerValidation) {\n\t\t\t\t\tctx.context.logger.error(\"OAuth issuer parameter missing\", {\n\t\t\t\t\t\texpected: expectedIssuer,\n\t\t\t\t\t});\n\t\t\t\t\treturn redirectOnError(\"issuer_missing\");\n\t\t\t\t}\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\t// Use custom getToken if provided\n\t\t\t\tif (providerConfig.getToken) {\n\t\t\t\t\ttokens = await providerConfig.getToken({\n\t\t\t\t\t\tcode,\n\t\t\t\t\t\tredirectURI: `${ctx.context.baseURL}/oauth2/callback/${providerConfig.providerId}`,\n\t\t\t\t\t\tcodeVerifier: providerConfig.pkce ? codeVerifier : undefined,\n\t\t\t\t\t});\n\t\t\t\t} else {\n\t\t\t\t\t// Standard token exchange with tokenUrlParams support\n\t\t\t\t\tif (!finalTokenUrl) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tGENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIG,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst additionalParams =\n\t\t\t\t\t\ttypeof providerConfig.tokenUrlParams === \"function\"\n\t\t\t\t\t\t\t? providerConfig.tokenUrlParams(ctx)\n\t\t\t\t\t\t\t: providerConfig.tokenUrlParams;\n\t\t\t\t\ttokens = await validateAuthorizationCode({\n\t\t\t\t\t\theaders: providerConfig.authorizationHeaders,\n\t\t\t\t\t\tcode,\n\t\t\t\t\t\tcodeVerifier: providerConfig.pkce ? codeVerifier : undefined,\n\t\t\t\t\t\tredirectURI: `${ctx.context.baseURL}/oauth2/callback/${providerConfig.providerId}`,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: providerConfig.clientId,\n\t\t\t\t\t\t\tclientSecret: providerConfig.clientSecret,\n\t\t\t\t\t\t\tredirectURI: providerConfig.redirectURI,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: finalTokenUrl,\n\t\t\t\t\t\tauthentication: providerConfig.authentication,\n\t\t\t\t\t\tadditionalParams,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\te && typeof e === \"object\" && \"name\" in e ? (e.name as string) : \"\",\n\t\t\t\t\te,\n\t\t\t\t);\n\t\t\t\tthrow redirectOnError(\"oauth_code_verification_failed\");\n\t\t\t}\n\t\t\tif (!tokens) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tGENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIG,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst userInfo: Omit<User, \"createdAt\" | \"updatedAt\"> =\n\t\t\t\tawait (async function handleUserInfo() {\n\t\t\t\t\tconst userInfo = (\n\t\t\t\t\t\tproviderConfig.getUserInfo\n\t\t\t\t\t\t\t? await providerConfig.getUserInfo(tokens)\n\t\t\t\t\t\t\t: await getUserInfo(tokens, finalUserInfoUrl)\n\t\t\t\t\t) as OAuth2UserInfo | null;\n\t\t\t\t\tif (!userInfo) {\n\t\t\t\t\t\tthrow redirectOnError(\"user_info_is_missing\");\n\t\t\t\t\t}\n\t\t\t\t\tconst mapUser = providerConfig.mapProfileToUser\n\t\t\t\t\t\t? await providerConfig.mapProfileToUser(userInfo)\n\t\t\t\t\t\t: userInfo;\n\t\t\t\t\tconst email = mapUser.email\n\t\t\t\t\t\t? mapUser.email.toLowerCase()\n\t\t\t\t\t\t: userInfo.email?.toLowerCase();\n\t\t\t\t\tif (!email) {\n\t\t\t\t\t\tctx.context.logger.error(\"Unable to get user info\", userInfo);\n\t\t\t\t\t\tthrow redirectOnError(\"email_is_missing\");\n\t\t\t\t\t}\n\t\t\t\t\tconst id = mapUser.id ? String(mapUser.id) : String(userInfo.id);\n\t\t\t\t\tconst name = mapUser.name ? mapUser.name : userInfo.name;\n\t\t\t\t\tif (!name) {\n\t\t\t\t\t\tctx.context.logger.error(\"Unable to get user info\", userInfo);\n\t\t\t\t\t\tthrow redirectOnError(\"name_is_missing\");\n\t\t\t\t\t}\n\t\t\t\t\treturn {\n\t\t\t\t\t\t...userInfo,\n\t\t\t\t\t\t...mapUser,\n\t\t\t\t\t\temail,\n\t\t\t\t\t\tid,\n\t\t\t\t\t\tname,\n\t\t\t\t\t};\n\t\t\t\t})();\n\t\t\tif (link) {\n\t\t\t\tif (\n\t\t\t\t\tctx.context.options.account?.accountLinking?.allowDifferentEmails !==\n\t\t\t\t\t\ttrue &&\n\t\t\t\t\tlink.email.toLowerCase() !== userInfo.email.toLowerCase()\n\t\t\t\t) {\n\t\t\t\t\treturn redirectOnError(\"email_doesn't_match\");\n\t\t\t\t}\n\t\t\t\tconst existingAccount =\n\t\t\t\t\tawait ctx.context.internalAdapter.findAccountByProviderId(\n\t\t\t\t\t\tString(userInfo.id),\n\t\t\t\t\t\tproviderConfig.providerId,\n\t\t\t\t\t);\n\t\t\t\tif (existingAccount) {\n\t\t\t\t\tif (existingAccount.userId !== link.userId) {\n\t\t\t\t\t\treturn redirectOnError(\"account_already_linked_to_different_user\");\n\t\t\t\t\t}\n\t\t\t\t\tconst updateData = Object.fromEntries(\n\t\t\t\t\t\tObject.entries({\n\t\t\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\t\t\tidToken: tokens.idToken,\n\t\t\t\t\t\t\trefreshToken: await setTokenUtil(\n\t\t\t\t\t\t\t\ttokens.refreshToken,\n\t\t\t\t\t\t\t\tctx.context,\n\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\t\t\trefreshTokenExpiresAt: tokens.refreshTokenExpiresAt,\n\t\t\t\t\t\t\tscope: tokens.scopes?.join(\",\"),\n\t\t\t\t\t\t}).filter(([_, value]) => value !== undefined),\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.context.internalAdapter.updateAccount(\n\t\t\t\t\t\texistingAccount.id,\n\t\t\t\t\t\tupdateData,\n\t\t\t\t\t);\n\t\t\t\t} else {\n\t\t\t\t\tconst newAccount = await ctx.context.internalAdapter.createAccount({\n\t\t\t\t\t\tuserId: link.userId,\n\t\t\t\t\t\tproviderId: providerConfig.providerId,\n\t\t\t\t\t\taccountId: userInfo.id,\n\t\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\t\trefreshTokenExpiresAt: tokens.refreshTokenExpiresAt,\n\t\t\t\t\t\tscope: tokens.scopes?.join(\",\"),\n\t\t\t\t\t\trefreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),\n\t\t\t\t\t\tidToken: tokens.idToken,\n\t\t\t\t\t});\n\t\t\t\t\tif (!newAccount) {\n\t\t\t\t\t\treturn redirectOnError(\"unable_to_link_account\");\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tlet toRedirectTo: string;\n\t\t\t\ttry {\n\t\t\t\t\tconst url = callbackURL;\n\t\t\t\t\ttoRedirectTo = url.toString();\n\t\t\t\t} catch {\n\t\t\t\t\ttoRedirectTo = callbackURL;\n\t\t\t\t}\n\t\t\t\tthrow ctx.redirect(toRedirectTo);\n\t\t\t}\n\n\t\t\tconst result = await handleOAuthUserInfo(ctx, {\n\t\t\t\tuserInfo,\n\t\t\t\taccount: {\n\t\t\t\t\tproviderId: providerConfig.providerId,\n\t\t\t\t\taccountId: userInfo.id,\n\t\t\t\t\t...tokens,\n\t\t\t\t\tscope: tokens.scopes?.join(\",\"),\n\t\t\t\t},\n\t\t\t\tcallbackURL: callbackURL,\n\t\t\t\tdisableSignUp:\n\t\t\t\t\t(providerConfig.disableImplicitSignUp && !requestSignUp) ||\n\t\t\t\t\tproviderConfig.disableSignUp,\n\t\t\t\toverrideUserInfo: providerConfig.overrideUserInfo,\n\t\t\t});\n\n\t\t\tif (result.error) {\n\t\t\t\treturn redirectOnError(result.error.split(\" \").join(\"_\"));\n\t\t\t}\n\t\t\tconst { session, user } = result.data!;\n\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\tsession,\n\t\t\t\tuser,\n\t\t\t});\n\t\t\tlet toRedirectTo: string;\n\t\t\ttry {\n\t\t\t\tconst url = result.isRegister ? newUserURL || callbackURL : callbackURL;\n\t\t\t\ttoRedirectTo = url.toString();\n\t\t\t} catch {\n\t\t\t\ttoRedirectTo = result.isRegister\n\t\t\t\t\t? newUserURL || callbackURL\n\t\t\t\t\t: callbackURL;\n\t\t\t}\n\t\t\tthrow ctx.redirect(toRedirectTo);\n\t\t},\n\t);\n\nconst OAuth2LinkAccountBodySchema = z.object({\n\tproviderId: z.string(),\n\t/**\n\t * Callback URL to redirect to after the user has signed in.\n\t */\n\tcallbackURL: z.string(),\n\t/**\n\t * Additional scopes to request when linking the account.\n\t * This is useful for requesting additional permissions when\n\t * linking a social account compared to the initial authentication.\n\t */\n\tscopes: z\n\t\t.array(z.string())\n\t\t.meta({\n\t\t\tdescription: \"Additional scopes to request when linking the account\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * The URL to redirect to if there is an error during the link process.\n\t */\n\terrorCallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The URL to redirect to if there is an error during the link process\",\n\t\t})\n\t\t.optional(),\n});\n/**\n * ### Endpoint\n *\n * POST `/oauth2/link`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.oAuth2LinkAccount`\n *\n * **client:**\n * `authClient.oauth2.link`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/generic-oauth#api-method-oauth2-link)\n */\nexport const oAuth2LinkAccount = (options: GenericOAuthOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/oauth2/link\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: OAuth2LinkAccountBodySchema,\n\t\t\tuse: [sessionMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Link an OAuth2 account to the current user session\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Authorization URL generated successfully for linking an OAuth2 account\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"uri\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"The authorization URL to redirect the user to for linking the OAuth2 account\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"Indicates that the client should redirect to the provided URL\",\n\t\t\t\t\t\t\t\t\t\t\t\tenum: [true],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"url\", \"redirect\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (c: GenericEndpointContext) => {\n\t\t\tconst session = c.context.session;\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tGENERIC_OAUTH_ERROR_CODES.SESSION_REQUIRED,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst provider = options.config.find(\n\t\t\t\t(p) => p.providerId === c.body.providerId,\n\t\t\t);\n\t\t\tif (!provider) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);\n\t\t\t}\n\t\t\tconst {\n\t\t\t\tproviderId,\n\t\t\t\tclientId,\n\t\t\t\tclientSecret,\n\t\t\t\tredirectURI,\n\t\t\t\tauthorizationUrl,\n\t\t\t\tdiscoveryUrl,\n\t\t\t\tpkce,\n\t\t\t\tscopes,\n\t\t\t\tprompt,\n\t\t\t\taccessType,\n\t\t\t\tauthorizationUrlParams,\n\t\t\t} = provider;\n\n\t\t\tlet finalAuthUrl = authorizationUrl;\n\t\t\tif (!finalAuthUrl) {\n\t\t\t\tif (!discoveryUrl) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tGENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIGURATION,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst discovery = await betterFetch<{\n\t\t\t\t\tauthorization_endpoint: string;\n\t\t\t\t\ttoken_endpoint: string;\n\t\t\t\t}>(discoveryUrl, {\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: provider.discoveryHeaders,\n\t\t\t\t\tonError(context) {\n\t\t\t\t\t\tc.context.logger.error(context.error.message, context.error, {\n\t\t\t\t\t\t\tdiscoveryUrl,\n\t\t\t\t\t\t});\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (discovery.data) {\n\t\t\t\t\tfinalAuthUrl = discovery.data.authorization_endpoint;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (!finalAuthUrl) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tGENERIC_OAUTH_ERROR_CODES.INVALID_OAUTH_CONFIGURATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst state = await generateState(\n\t\t\t\tc,\n\t\t\t\t{\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\temail: session.user.email,\n\t\t\t\t},\n\t\t\t\tundefined,\n\t\t\t);\n\n\t\t\tconst additionalParams =\n\t\t\t\ttypeof authorizationUrlParams === \"function\"\n\t\t\t\t\t? authorizationUrlParams(c)\n\t\t\t\t\t: authorizationUrlParams;\n\n\t\t\tconst url = await createAuthorizationURL({\n\t\t\t\tid: providerId,\n\t\t\t\toptions: {\n\t\t\t\t\tclientId,\n\t\t\t\t\tclientSecret,\n\t\t\t\t\tredirectURI:\n\t\t\t\t\t\tredirectURI || `${c.context.baseURL}/oauth2/callback/${providerId}`,\n\t\t\t\t},\n\t\t\t\tauthorizationEndpoint: finalAuthUrl,\n\t\t\t\tstate: state.state,\n\t\t\t\tcodeVerifier: pkce ? state.codeVerifier : undefined,\n\t\t\t\tscopes: c.body.scopes || scopes || [],\n\t\t\t\tredirectURI:\n\t\t\t\t\tredirectURI || `${c.context.baseURL}/oauth2/callback/${providerId}`,\n\t\t\t\tprompt,\n\t\t\t\taccessType,\n\t\t\t\tadditionalParams,\n\t\t\t});\n\n\t\t\treturn c.json({\n\t\t\t\turl: url.toString(),\n\t\t\t\tredirect: true,\n\t\t\t});\n\t\t},\n\t);\n\nexport async function getUserInfo(\n\ttokens: OAuth2Tokens,\n\tfinalUserInfoUrl: string | undefined,\n): Promise<OAuth2UserInfo | null> {\n\tif (tokens.idToken) {\n\t\tconst decoded = decodeJwt(tokens.idToken) as {\n\t\t\tsub: string;\n\t\t\temail_verified: boolean;\n\t\t\temail: string;\n\t\t\tname: string;\n\t\t\tpicture: string;\n\t\t};\n\t\tif (decoded) {\n\t\t\tif (decoded.sub && decoded.email) {\n\t\t\t\treturn {\n\t\t\t\t\tid: decoded.sub,\n\t\t\t\t\temailVerified: decoded.email_verified,\n\t\t\t\t\timage: decoded.picture,\n\t\t\t\t\t...decoded,\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\t}\n\n\tif (!finalUserInfoUrl) {\n\t\treturn null;\n\t}\n\n\tconst userInfo = await betterFetch<{\n\t\temail: string;\n\t\tsub?: string | undefined;\n\t\tname: string;\n\t\temail_verified: boolean;\n\t\tpicture: string;\n\t}>(finalUserInfoUrl, {\n\t\tmethod: \"GET\",\n\t\theaders: {\n\t\t\tAuthorization: `Bearer ${tokens.accessToken}`,\n\t\t},\n\t});\n\treturn {\n\t\tid: userInfo.data?.sub ?? \"\",\n\t\temailVerified: userInfo.data?.email_verified ?? false,\n\t\temail: userInfo.data?.email,\n\t\timage: userInfo.data?.picture,\n\t\tname: userInfo.data?.name,\n\t\t...userInfo.data,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAqBA,MAAM,6BAA6B,EAAE,OAAO;CAC3C,YAAY,EAAE,QAAQ,CAAC,KAAK,EAC3B,aAAa,0CACb,CAAC;CACF,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,wCACb,CAAC,CACD,UAAU;CACZ,kBAAkB,EAChB,QAAQ,CACR,KAAK,EACL,aAAa,6CACb,CAAC,CACD,UAAU;CACZ,oBAAoB,EAClB,QAAQ,CACR,KAAK,EACL,aACC,2EACD,CAAC,CACD,UAAU;CACZ,iBAAiB,EACf,SAAS,CACT,KAAK,EACL,aAAa,oBACb,CAAC,CACD,UAAU;CACZ,QAAQ,EACN,MAAM,EAAE,QAAQ,CAAC,CACjB,KAAK,EACL,aAAa,8DACb,CAAC,CACD,UAAU;CACZ,eAAe,EACb,SAAS,CACT,KAAK,EACL,aACC,sGACD,CAAC,CACD,UAAU;CAIZ,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU;CACxD,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,oBAAoB,YAChC,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,KAAK,EACJ,MAAM,UACN;KACD,UAAU,EACT,MAAM,WACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAgC;CACtC,MAAM,EAAE,eAAe,IAAI;CAC3B,MAAM,SAAS,QAAQ,OAAO,MAAM,MAAM,EAAE,eAAe,WAAW;AACtE,KAAI,CAAC,OACJ,OAAMA,WAAS,WAAW,eAAe,EACxC,SAAS,GAAG,0BAA0B,0BAA0B,GAAG,cACnE,CAAC;CAEH,MAAM,EACL,cACA,kBACA,UACA,UACA,cACA,QACA,aACA,cACA,MACA,QACA,YACA,wBACA,iBACG;CACJ,IAAI,eAAe;CACnB,IAAI,gBAAgB;AACpB,KAAI,cAAc;EACjB,MAAM,YAAY,MAAM,YAGrB,cAAc;GAChB,QAAQ;GACR,SAAS,OAAO;GAChB,QAAQ,SAAS;AAChB,QAAI,QAAQ,OAAO,MAAM,QAAQ,MAAM,SAAS,QAAQ,OAAO,EAC9D,cACA,CAAC;;GAEH,CAAC;AACF,MAAI,UAAU,MAAM;AACnB,kBAAe,UAAU,KAAK;AAC9B,mBAAgB,UAAU,KAAK;;;AAGjC,KAAI,CAAC,gBAAgB,CAAC,cACrB,OAAMA,WAAS,KACd,eACA,0BAA0B,4BAC1B;AAEF,KAAI,wBAAwB;EAC3B,MAAM,uBAAuB,IAAI,IAAI,aAAa;AAClD,OAAK,MAAM,CAAC,WAAW,eAAe,OAAO,QAC5C,uBACA,CACA,sBAAqB,aAAa,IAAI,WAAW,WAAW;AAE7D,iBAAe,qBAAqB,UAAU;;CAE/C,MAAM,mBACL,OAAO,2BAA2B,aAC/B,uBAAuB,IAAI,GAC3B;CAEJ,MAAM,EAAE,OAAO,iBAAiB,MAAM,cACrC,KACA,QACA,IAAI,KAAK,eACT;CACD,MAAM,UAAU,MAAM,uBAAuB;EAC5C,IAAI;EACJ,SAAS;GACR;GACA;GACA;GACA;EACD,uBAAuB;EACvB;EACA,cAAc,OAAO,eAAe;EACpC,QAAQ,IAAI,KAAK,SACd,CAAC,GAAG,IAAI,KAAK,QAAQ,GAAI,UAAU,EAAE,CAAE,GACvC,UAAU,EAAE;EACf,aAAa,GAAG,IAAI,QAAQ,QAAQ,mBAAmB;EACvD;EACA;EACA;EACA;EACA;EACA,CAAC;AACF,QAAO,IAAI,KAAK;EACf,KAAK,QAAQ,UAAU;EACvB,UAAU,CAAC,IAAI,KAAK;EACpB,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,MAAM,EACJ,QAAQ,CACR,KAAK,EACL,aAAa,mBACb,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,6BACb,CAAC,CACD,UAAU;CACZ,mBAAmB,EACjB,QAAQ,CACR,KAAK,EACL,aAAa,iCACb,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,+CACb,CAAC,CACD,UAAU;CACZ,KAAK,EACH,QAAQ,CACR,KAAK,EACL,aAAa,yBACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,kBAAkB,YAC9B,mBACC,gCACA;CACC,QAAQ;CACR,OAAO;CACP,UAAU;EACT,GAAG;EACH,mBAAmB,CAClB,qCACA,mBACA;EACD,SAAS;GACR,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,KAAK,EACJ,MAAM,UACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD;CACD,EACD,OAAO,QAAgC;CACtC,MAAM,kBACL,IAAI,QAAQ,QAAQ,YAAY,YAChC,GAAG,IAAI,QAAQ,QAAQ;AACxB,KAAI,IAAI,MAAM,SAAS,CAAC,IAAI,MAAM,KACjC,OAAM,IAAI,SACT,GAAG,gBAAgB,SAClB,IAAI,MAAM,SAAS,qBACnB,qBAAqB,IAAI,MAAM,oBAChC;CAEF,MAAM,aAAa,IAAI,QAAQ;AAC/B,KAAI,CAAC,WACJ,OAAMA,WAAS,KACd,eACA,0BAA0B,qBAC1B;CAEF,MAAM,iBAAiB,QAAQ,OAAO,MACpC,MAAM,EAAE,eAAe,WACxB;AAED,KAAI,CAAC,eACJ,OAAMA,WAAS,WAAW,eAAe,EACxC,SAAS,GAAG,0BAA0B,0BAA0B,GAAG,cACnE,CAAC;CAGH,IAAI,SAAmC;CAEvC,MAAM,EACL,aACA,cACA,UACA,eACA,YACA,SAPmB,MAAM,WAAW,IAAI;CASzC,MAAM,OAAO,IAAI,MAAM;CAEvB,SAAS,gBAAgB,OAAe;EACvC,MAAM,kBACL,IAAI,QAAQ,QAAQ,YAAY,YAChC,GAAG,IAAI,QAAQ,QAAQ;EACxB,IAAI,MAAM,YAAY;AACtB,MAAI,IAAI,SAAS,IAAI,CACpB,OAAM,GAAG,IAAI,SAAS;MAEtB,OAAM,GAAG,IAAI,SAAS;AAEvB,QAAM,IAAI,SAAS,IAAI;;CAGxB,IAAI,gBAAgB,eAAe;CACnC,IAAI,mBAAmB,eAAe;CACtC,IAAI,iBAAiB,eAAe;AAEpC,KAAI,eAAe,cAAc;EAChC,MAAM,YAAY,MAAM,YAIrB,eAAe,cAAc;GAC/B,QAAQ;GACR,SAAS,eAAe;GACxB,CAAC;AACF,MAAI,UAAU,MAAM;AACnB,mBAAgB,UAAU,KAAK;AAC/B,sBAAmB,UAAU,KAAK;AAClC,OAAI,CAAC,kBAAkB,UAAU,KAAK,OACrC,kBAAiB,UAAU,KAAK;;;AAKnC,KAAI,gBACH;MAAI,IAAI,MAAM,KACb;OAAI,IAAI,MAAM,QAAQ,gBAAgB;AACrC,QAAI,QAAQ,OAAO,MAAM,yBAAyB;KACjD,UAAU;KACV,UAAU,IAAI,MAAM;KACpB,CAAC;AACF,WAAO,gBAAgB,kBAAkB;;aAEhC,eAAe,yBAAyB;AAClD,OAAI,QAAQ,OAAO,MAAM,kCAAkC,EAC1D,UAAU,gBACV,CAAC;AACF,UAAO,gBAAgB,iBAAiB;;;AAI1C,KAAI;AAEH,MAAI,eAAe,SAClB,UAAS,MAAM,eAAe,SAAS;GACtC;GACA,aAAa,GAAG,IAAI,QAAQ,QAAQ,mBAAmB,eAAe;GACtE,cAAc,eAAe,OAAO,eAAe;GACnD,CAAC;OACI;AAEN,OAAI,CAAC,cACJ,OAAMA,WAAS,KACd,eACA,0BAA0B,qBAC1B;GAEF,MAAM,mBACL,OAAO,eAAe,mBAAmB,aACtC,eAAe,eAAe,IAAI,GAClC,eAAe;AACnB,YAAS,MAAM,0BAA0B;IACxC,SAAS,eAAe;IACxB;IACA,cAAc,eAAe,OAAO,eAAe;IACnD,aAAa,GAAG,IAAI,QAAQ,QAAQ,mBAAmB,eAAe;IACtE,SAAS;KACR,UAAU,eAAe;KACzB,cAAc,eAAe;KAC7B,aAAa,eAAe;KAC5B;IACD,eAAe;IACf,gBAAgB,eAAe;IAC/B;IACA,CAAC;;UAEK,GAAG;AACX,MAAI,QAAQ,OAAO,MAClB,KAAK,OAAO,MAAM,YAAY,UAAU,IAAK,EAAE,OAAkB,IACjE,EACA;AACD,QAAM,gBAAgB,iCAAiC;;AAExD,KAAI,CAAC,OACJ,OAAMA,WAAS,KACd,eACA,0BAA0B,qBAC1B;CAEF,MAAM,WACL,OAAO,eAAe,iBAAiB;EACtC,MAAM,WACL,eAAe,cACZ,MAAM,eAAe,YAAY,OAAO,GACxC,MAAM,YAAY,QAAQ,iBAAiB;AAE/C,MAAI,CAAC,SACJ,OAAM,gBAAgB,uBAAuB;EAE9C,MAAM,UAAU,eAAe,mBAC5B,MAAM,eAAe,iBAAiB,SAAS,GAC/C;EACH,MAAM,QAAQ,QAAQ,QACnB,QAAQ,MAAM,aAAa,GAC3B,SAAS,OAAO,aAAa;AAChC,MAAI,CAAC,OAAO;AACX,OAAI,QAAQ,OAAO,MAAM,2BAA2B,SAAS;AAC7D,SAAM,gBAAgB,mBAAmB;;EAE1C,MAAM,KAAK,QAAQ,KAAK,OAAO,QAAQ,GAAG,GAAG,OAAO,SAAS,GAAG;EAChE,MAAM,OAAO,QAAQ,OAAO,QAAQ,OAAO,SAAS;AACpD,MAAI,CAAC,MAAM;AACV,OAAI,QAAQ,OAAO,MAAM,2BAA2B,SAAS;AAC7D,SAAM,gBAAgB,kBAAkB;;AAEzC,SAAO;GACN,GAAG;GACH,GAAG;GACH;GACA;GACA;GACA;KACE;AACL,KAAI,MAAM;AACT,MACC,IAAI,QAAQ,QAAQ,SAAS,gBAAgB,yBAC5C,QACD,KAAK,MAAM,aAAa,KAAK,SAAS,MAAM,aAAa,CAEzD,QAAO,gBAAgB,sBAAsB;EAE9C,MAAM,kBACL,MAAM,IAAI,QAAQ,gBAAgB,wBACjC,OAAO,SAAS,GAAG,EACnB,eAAe,WACf;AACF,MAAI,iBAAiB;AACpB,OAAI,gBAAgB,WAAW,KAAK,OACnC,QAAO,gBAAgB,2CAA2C;GAEnE,MAAM,aAAa,OAAO,YACzB,OAAO,QAAQ;IACd,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;IAChE,SAAS,OAAO;IAChB,cAAc,MAAM,aACnB,OAAO,cACP,IAAI,QACJ;IACD,sBAAsB,OAAO;IAC7B,uBAAuB,OAAO;IAC9B,OAAO,OAAO,QAAQ,KAAK,IAAI;IAC/B,CAAC,CAAC,QAAQ,CAAC,GAAG,WAAW,UAAU,OAAU,CAC9C;AACD,SAAM,IAAI,QAAQ,gBAAgB,cACjC,gBAAgB,IAChB,WACA;aAaG,CAXe,MAAM,IAAI,QAAQ,gBAAgB,cAAc;GAClE,QAAQ,KAAK;GACb,YAAY,eAAe;GAC3B,WAAW,SAAS;GACpB,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;GAChE,sBAAsB,OAAO;GAC7B,uBAAuB,OAAO;GAC9B,OAAO,OAAO,QAAQ,KAAK,IAAI;GAC/B,cAAc,MAAM,aAAa,OAAO,cAAc,IAAI,QAAQ;GAClE,SAAS,OAAO;GAChB,CAAC,CAED,QAAO,gBAAgB,yBAAyB;EAGlD,IAAI;AACJ,MAAI;AAEH,kBADY,YACO,UAAU;UACtB;AACP,kBAAe;;AAEhB,QAAM,IAAI,SAAS,aAAa;;CAGjC,MAAM,SAAS,MAAM,oBAAoB,KAAK;EAC7C;EACA,SAAS;GACR,YAAY,eAAe;GAC3B,WAAW,SAAS;GACpB,GAAG;GACH,OAAO,OAAO,QAAQ,KAAK,IAAI;GAC/B;EACY;EACb,eACE,eAAe,yBAAyB,CAAC,iBAC1C,eAAe;EAChB,kBAAkB,eAAe;EACjC,CAAC;AAEF,KAAI,OAAO,MACV,QAAO,gBAAgB,OAAO,MAAM,MAAM,IAAI,CAAC,KAAK,IAAI,CAAC;CAE1D,MAAM,EAAE,SAAS,SAAS,OAAO;AACjC,OAAM,iBAAiB,KAAK;EAC3B;EACA;EACA,CAAC;CACF,IAAI;AACJ,KAAI;AAEH,kBADY,OAAO,aAAa,cAAc,cAAc,aACzC,UAAU;SACtB;AACP,iBAAe,OAAO,aACnB,cAAc,cACd;;AAEJ,OAAM,IAAI,SAAS,aAAa;EAEjC;AAEF,MAAM,8BAA8B,EAAE,OAAO;CAC5C,YAAY,EAAE,QAAQ;CAItB,aAAa,EAAE,QAAQ;CAMvB,QAAQ,EACN,MAAM,EAAE,QAAQ,CAAC,CACjB,KAAK,EACL,aAAa,yDACb,CAAC,CACD,UAAU;CAIZ,kBAAkB,EAChB,QAAQ,CACR,KAAK,EACL,aACC,uEACD,CAAC,CACD,UAAU;CACZ,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,qBAAqB,YACjC,mBACC,gBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,OAAO;GACN,aACC;GACD,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,KAAK;MACJ,MAAM;MACN,QAAQ;MACR,aACC;MACD;KACD,UAAU;MACT,MAAM;MACN,aACC;MACD,MAAM,CAAC,KAAK;MACZ;KACD;IACD,UAAU,CAAC,OAAO,WAAW;IAC7B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,MAA8B;CACpC,MAAM,UAAU,EAAE,QAAQ;AAC1B,KAAI,CAAC,QACJ,OAAMA,WAAS,KACd,gBACA,0BAA0B,iBAC1B;CAEF,MAAM,WAAW,QAAQ,OAAO,MAC9B,MAAM,EAAE,eAAe,EAAE,KAAK,WAC/B;AACD,KAAI,CAAC,SACJ,OAAMA,WAAS,KAAK,aAAa,iBAAiB,mBAAmB;CAEtE,MAAM,EACL,YACA,UACA,cACA,aACA,kBACA,cACA,MACA,QACA,QACA,YACA,2BACG;CAEJ,IAAI,eAAe;AACnB,KAAI,CAAC,cAAc;AAClB,MAAI,CAAC,aACJ,OAAMA,WAAS,KACd,eACA,0BAA0B,4BAC1B;EAEF,MAAM,YAAY,MAAM,YAGrB,cAAc;GAChB,QAAQ;GACR,SAAS,SAAS;GAClB,QAAQ,SAAS;AAChB,MAAE,QAAQ,OAAO,MAAM,QAAQ,MAAM,SAAS,QAAQ,OAAO,EAC5D,cACA,CAAC;;GAEH,CAAC;AACF,MAAI,UAAU,KACb,gBAAe,UAAU,KAAK;;AAIhC,KAAI,CAAC,aACJ,OAAMA,WAAS,KACd,eACA,0BAA0B,4BAC1B;CAGF,MAAM,QAAQ,MAAM,cACnB,GACA;EACC,QAAQ,QAAQ,KAAK;EACrB,OAAO,QAAQ,KAAK;EACpB,EACD,OACA;CAED,MAAM,mBACL,OAAO,2BAA2B,aAC/B,uBAAuB,EAAE,GACzB;CAEJ,MAAM,MAAM,MAAM,uBAAuB;EACxC,IAAI;EACJ,SAAS;GACR;GACA;GACA,aACC,eAAe,GAAG,EAAE,QAAQ,QAAQ,mBAAmB;GACxD;EACD,uBAAuB;EACvB,OAAO,MAAM;EACb,cAAc,OAAO,MAAM,eAAe;EAC1C,QAAQ,EAAE,KAAK,UAAU,UAAU,EAAE;EACrC,aACC,eAAe,GAAG,EAAE,QAAQ,QAAQ,mBAAmB;EACxD;EACA;EACA;EACA,CAAC;AAEF,QAAO,EAAE,KAAK;EACb,KAAK,IAAI,UAAU;EACnB,UAAU;EACV,CAAC;EAEH;AAEF,eAAsB,YACrB,QACA,kBACiC;AACjC,KAAI,OAAO,SAAS;EACnB,MAAM,UAAU,UAAU,OAAO,QAAQ;AAOzC,MAAI,SACH;OAAI,QAAQ,OAAO,QAAQ,MAC1B,QAAO;IACN,IAAI,QAAQ;IACZ,eAAe,QAAQ;IACvB,OAAO,QAAQ;IACf,GAAG;IACH;;;AAKJ,KAAI,CAAC,iBACJ,QAAO;CAGR,MAAM,WAAW,MAAM,YAMpB,kBAAkB;EACpB,QAAQ;EACR,SAAS,EACR,eAAe,UAAU,OAAO,eAChC;EACD,CAAC;AACF,QAAO;EACN,IAAI,SAAS,MAAM,OAAO;EAC1B,eAAe,SAAS,MAAM,kBAAkB;EAChD,OAAO,SAAS,MAAM;EACtB,OAAO,SAAS,MAAM;EACtB,MAAM,SAAS,MAAM;EACrB,GAAG,SAAS;EACZ"}
|
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
import { GenericEndpointContext } from "@better-auth/core";
|
|
2
|
+
import { User } from "@better-auth/core/db";
|
|
3
|
+
import { OAuth2Tokens, OAuth2UserInfo } from "@better-auth/core/oauth2";
|
|
4
|
+
|
|
5
|
+
//#region src/plugins/generic-oauth/types.d.ts
|
|
6
|
+
interface GenericOAuthOptions {
|
|
7
|
+
/**
|
|
8
|
+
* Array of OAuth provider configurations.
|
|
9
|
+
*/
|
|
10
|
+
config: GenericOAuthConfig[];
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Configuration interface for generic OAuth providers.
|
|
14
|
+
*/
|
|
15
|
+
interface GenericOAuthConfig {
|
|
16
|
+
/** Unique identifier for the OAuth provider */
|
|
17
|
+
providerId: string;
|
|
18
|
+
/**
|
|
19
|
+
* URL to fetch OAuth 2.0 configuration.
|
|
20
|
+
* If provided, the authorization and token endpoints will be fetched from this URL.
|
|
21
|
+
*/
|
|
22
|
+
discoveryUrl?: string | undefined;
|
|
23
|
+
/**
|
|
24
|
+
* The expected issuer identifier for validation.
|
|
25
|
+
* If not provided but discoveryUrl is set, it will be fetched from the discovery document.
|
|
26
|
+
* When set, the callback validates that the `iss` parameter matches this value.
|
|
27
|
+
* @see https://datatracker.ietf.org/doc/html/rfc9207
|
|
28
|
+
*/
|
|
29
|
+
issuer?: string | undefined;
|
|
30
|
+
/**
|
|
31
|
+
* When true, requires the `iss` parameter in callbacks if an issuer is configured.
|
|
32
|
+
* This provides stricter security but may break with older OAuth servers
|
|
33
|
+
* that don't support issuer identification.
|
|
34
|
+
* @default false
|
|
35
|
+
*/
|
|
36
|
+
requireIssuerValidation?: boolean | undefined;
|
|
37
|
+
/**
|
|
38
|
+
* URL for the authorization endpoint.
|
|
39
|
+
* Optional if using discoveryUrl.
|
|
40
|
+
*/
|
|
41
|
+
authorizationUrl?: string | undefined;
|
|
42
|
+
/**
|
|
43
|
+
* URL for the token endpoint.
|
|
44
|
+
* Optional if using discoveryUrl.
|
|
45
|
+
*/
|
|
46
|
+
tokenUrl?: string | undefined;
|
|
47
|
+
/**
|
|
48
|
+
* URL for the user info endpoint.
|
|
49
|
+
* Optional if using discoveryUrl.
|
|
50
|
+
*/
|
|
51
|
+
userInfoUrl?: string | undefined;
|
|
52
|
+
/** OAuth client ID */
|
|
53
|
+
clientId: string;
|
|
54
|
+
/** OAuth client secret */
|
|
55
|
+
clientSecret?: string | undefined;
|
|
56
|
+
/**
|
|
57
|
+
* Array of OAuth scopes to request.
|
|
58
|
+
* @default []
|
|
59
|
+
*/
|
|
60
|
+
scopes?: string[] | undefined;
|
|
61
|
+
/**
|
|
62
|
+
* Custom redirect URI.
|
|
63
|
+
* If not provided, a default URI will be constructed.
|
|
64
|
+
*/
|
|
65
|
+
redirectURI?: string | undefined;
|
|
66
|
+
/**
|
|
67
|
+
* OAuth response type.
|
|
68
|
+
* @default "code"
|
|
69
|
+
*/
|
|
70
|
+
responseType?: string | undefined;
|
|
71
|
+
/**
|
|
72
|
+
* The response mode to use for the authorization code request.
|
|
73
|
+
*/
|
|
74
|
+
responseMode?: ("query" | "form_post") | undefined;
|
|
75
|
+
/**
|
|
76
|
+
* Prompt parameter for the authorization request.
|
|
77
|
+
* Controls the authentication experience for the user.
|
|
78
|
+
*/
|
|
79
|
+
prompt?: ("none" | "login" | "create" | "consent" | "select_account" | "select_account consent" | "login consent") | undefined;
|
|
80
|
+
/**
|
|
81
|
+
* Whether to use PKCE (Proof Key for Code Exchange)
|
|
82
|
+
* @default false
|
|
83
|
+
*/
|
|
84
|
+
pkce?: boolean | undefined;
|
|
85
|
+
/**
|
|
86
|
+
* Access type for the authorization request.
|
|
87
|
+
* Use "offline" to request a refresh token.
|
|
88
|
+
*/
|
|
89
|
+
accessType?: string | undefined;
|
|
90
|
+
/**
|
|
91
|
+
* Custom function to exchange authorization code for tokens.
|
|
92
|
+
* If provided, this function will be used instead of the default token exchange logic.
|
|
93
|
+
* This is useful for providers with non-standard token endpoints.
|
|
94
|
+
* @param data - Authorization code exchange parameters
|
|
95
|
+
* @returns A promise that resolves to OAuth2Tokens
|
|
96
|
+
*/
|
|
97
|
+
getToken?: ((data: {
|
|
98
|
+
code: string;
|
|
99
|
+
redirectURI: string;
|
|
100
|
+
codeVerifier?: string | undefined;
|
|
101
|
+
deviceId?: string | undefined;
|
|
102
|
+
}) => Promise<OAuth2Tokens>) | undefined;
|
|
103
|
+
/**
|
|
104
|
+
* Custom function to fetch user info.
|
|
105
|
+
* If provided, this function will be used instead of the default user info fetching logic.
|
|
106
|
+
* @param tokens - The OAuth tokens received after successful authentication
|
|
107
|
+
* @returns A promise that resolves to a User object or null
|
|
108
|
+
*/
|
|
109
|
+
getUserInfo?: ((tokens: OAuth2Tokens) => Promise<OAuth2UserInfo | null>) | undefined;
|
|
110
|
+
/**
|
|
111
|
+
* Custom function to map the user profile to a User object.
|
|
112
|
+
*/
|
|
113
|
+
mapProfileToUser?: ((profile: Record<string, any>) => Partial<Partial<User>> | Promise<Partial<User>>) | undefined;
|
|
114
|
+
/**
|
|
115
|
+
* Additional search-params to add to the authorizationUrl.
|
|
116
|
+
* Warning: Search-params added here overwrite any default params.
|
|
117
|
+
*/
|
|
118
|
+
authorizationUrlParams?: (Record<string, string> | ((ctx: GenericEndpointContext) => Record<string, string>)) | undefined;
|
|
119
|
+
/**
|
|
120
|
+
* Additional search-params to add to the tokenUrl.
|
|
121
|
+
* Warning: Search-params added here overwrite any default params.
|
|
122
|
+
*/
|
|
123
|
+
tokenUrlParams?: (Record<string, string> | ((ctx: GenericEndpointContext) => Record<string, string>)) | undefined;
|
|
124
|
+
/**
|
|
125
|
+
* Disable implicit sign up for new users. When set to true for the provider,
|
|
126
|
+
* sign-in need to be called with with requestSignUp as true to create new users.
|
|
127
|
+
*/
|
|
128
|
+
disableImplicitSignUp?: boolean | undefined;
|
|
129
|
+
/**
|
|
130
|
+
* Disable sign up for new users.
|
|
131
|
+
*/
|
|
132
|
+
disableSignUp?: boolean | undefined;
|
|
133
|
+
/**
|
|
134
|
+
* Authentication method for token requests.
|
|
135
|
+
* @default "post"
|
|
136
|
+
*/
|
|
137
|
+
authentication?: ("basic" | "post") | undefined;
|
|
138
|
+
/**
|
|
139
|
+
* Custom headers to include in the discovery request.
|
|
140
|
+
* Useful for providers like Epic that require specific headers (e.g., Epic-Client-ID).
|
|
141
|
+
*/
|
|
142
|
+
discoveryHeaders?: Record<string, string> | undefined;
|
|
143
|
+
/**
|
|
144
|
+
* Custom headers to include in the authorization request.
|
|
145
|
+
* Useful for providers like Qonto that require specific headers (e.g., X-Qonto-Staging-Token for local development).
|
|
146
|
+
*/
|
|
147
|
+
authorizationHeaders?: Record<string, string> | undefined;
|
|
148
|
+
/**
|
|
149
|
+
* Override user info with the provider info.
|
|
150
|
+
*
|
|
151
|
+
* This will update the user info with the provider info,
|
|
152
|
+
* when the user signs in with the provider.
|
|
153
|
+
* @default false
|
|
154
|
+
*/
|
|
155
|
+
overrideUserInfo?: boolean | undefined;
|
|
156
|
+
}
|
|
157
|
+
//#endregion
|
|
158
|
+
export { GenericOAuthConfig, GenericOAuthOptions };
|
|
159
|
+
//# sourceMappingURL=types.d.mts.map
|