@sirketio/auth 0.0.1

package/dist/plugins/one-tap/client.d.mts

@@ -0,0 +1,174 @@
+import * as _better_auth_core0 from "@better-auth/core";
+import { ClientFetchOption } from "@better-auth/core";
+import * as _better_fetch_fetch0 from "@better-fetch/fetch";
+
+//#region src/plugins/one-tap/client.d.ts
+declare global {
+  interface Window {
+    googleScriptInitialized?: boolean | undefined;
+  }
+}
+interface GsiButtonConfiguration {
+  /**
+   * The button type: icon, or standard button.
+   */
+  type: "standard" | "icon";
+  /**
+   * The button theme. For example, filled_blue or filled_black.
+   * outline  A standard button theme:
+   * filled_blue  A blue-filled button theme:
+   * filled_black  A black-filled button theme:
+   */
+  theme?: "outline" | "filled_blue" | "filled_black";
+  /**
+   * The button size. For example, small or large.
+   */
+  size?: "small" | "medium" | "large";
+  /**
+   * The button text. The default value is signin_with.
+   * There are no visual differences for the text of icon buttons that
+   * have different text attributes. The only exception is when the
+   * text is read for screen accessibility.
+   *
+   * signin_with  The button text is “Sign in with Google”:
+   * signup_with  The button text is “Sign up with Google”:
+   * continue_with  The button text is “Continue with Google”:
+   * signup_with  The button text is “Sign in”:
+   */
+  text?: "signin_with" | "signup_with" | "continue_with" | "signin";
+  /**
+   * The button shape. The default value is rectangular.
+   */
+  shape?: "rectangular" | "pill" | "circle" | "square";
+  /**
+   * The alignment of the Google logo. The default value is left.
+   * This attribute only applies to the standard button type.
+   */
+  logo_alignment?: "left" | "center";
+  /**
+   * The minimum button width, in pixels. The maximum width is 400
+   * pixels.
+   */
+  width?: number;
+  /**
+   * The pre-set locale of the button text. If it's not set, the
+   * browser's default locale or the Google session user’s preference
+   * is used.
+   */
+  locale?: string;
+  /**
+   * You can define a JavaScript function to be called when the
+   * Sign in with Google button is clicked.
+   */
+  click_listener?: () => void;
+  /**
+   * Optional, as multiple Sign in with Google buttons can be
+   * rendered on the same page, you can assign each button with a
+   * unique string. The same string would return along with the ID
+   * token, so you can identify which button user clicked to sign in.
+   */
+  state?: string;
+}
+interface GoogleOneTapOptions {
+  /**
+   * Google client ID
+   */
+  clientId: string;
+  /**
+   * Auto select the account if the user is already signed in
+   */
+  autoSelect?: boolean | undefined;
+  /**
+   * Cancel the flow when the user taps outside the prompt
+   *
+   * Note: To use this option, disable `promptOptions.fedCM`
+   */
+  cancelOnTapOutside?: boolean | undefined;
+  /**
+   * The mode to use for the Google One Tap flow
+   *
+   * popup: Use a popup window
+   * redirect: Redirect the user to the Google One Tap flow
+   *
+   * @default "popup"
+   */
+  uxMode?: ("popup" | "redirect") | undefined;
+  /**
+   * The context to use for the Google One Tap flow.
+   *
+   * @see {@link https://developers.google.com/identity/gsi/web/reference/js-reference}
+   * @default "signin"
+   */
+  context?: ("signin" | "signup" | "use") | undefined;
+  /**
+   * Additional configuration options to pass to the Google One Tap API.
+   */
+  additionalOptions?: Record<string, any> | undefined;
+  /**
+   * Configuration options for the prompt and exponential backoff behavior.
+   */
+  promptOptions?: {
+    /**
+     * Base delay (in milliseconds) for exponential backoff.
+     * @default 1000
+     */
+    baseDelay?: number;
+    /**
+     * Maximum number of prompt attempts before calling onPromptNotification.
+     * @default 5
+     */
+    maxAttempts?: number;
+    /**
+     * Whether to support FedCM (Federated Credential Management) support.
+     *
+     * @see {@link https://developer.chrome.com/docs/identity/fedcm/overview}
+     * @default true
+     */
+    fedCM?: boolean | undefined;
+  } | undefined;
+}
+interface GoogleOneTapActionOptions extends Omit<GoogleOneTapOptions, "clientId" | "promptOptions"> {
+  fetchOptions?: ClientFetchOption | undefined;
+  /**
+   * Callback URL.
+   */
+  callbackURL?: string | undefined;
+  /**
+   * Optional callback that receives the prompt notification if (or when) the prompt is dismissed or skipped.
+   * This lets you render an alternative UI (e.g. a Google Sign-In button) to restart the process.
+   */
+  onPromptNotification?: ((notification?: any | undefined) => void) | undefined;
+  nonce?: string | undefined;
+  /**
+   * Button mode configuration. When provided, renders a "Sign In with Google" button
+   * instead of showing the One Tap prompt.
+   */
+  button?: {
+    /**
+     * The HTML element or CSS selector where the button should be rendered.
+     * If a string is provided, it will be used as a CSS selector.
+     */
+    container: HTMLElement | string;
+    /**
+     * Button configuration options
+     */
+    config?: GsiButtonConfiguration | undefined;
+  } | undefined;
+}
+declare const oneTapClient: (options: GoogleOneTapOptions) => {
+  id: "one-tap";
+  fetchPlugins: {
+    id: string;
+    name: string;
+    hooks: {
+      onResponse(ctx: _better_fetch_fetch0.ResponseContext): Promise<void>;
+    };
+  }[];
+  getActions: ($fetch: _better_fetch_fetch0.BetterFetch, _: _better_auth_core0.ClientStore) => {
+    oneTap: (opts?: GoogleOneTapActionOptions | undefined, fetchOptions?: ClientFetchOption | undefined) => Promise<void>;
+  };
+  getAtoms($fetch: _better_fetch_fetch0.BetterFetch): {};
+};
+//#endregion
+export { GoogleOneTapActionOptions, GoogleOneTapOptions, GsiButtonConfiguration, oneTapClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/one-tap/client.mjs

@@ -0,0 +1,188 @@
+//#region src/plugins/one-tap/client.ts
+let isRequestInProgress = false;
+function isFedCMSupported() {
+	return typeof window !== "undefined" && "IdentityCredential" in window;
+}
+/**
+* Reasons that should NOT trigger a retry.
+* @see https://developers.google.com/identity/gsi/web/reference/js-reference
+*/
+const noRetryReasons = {
+	dismissed: ["credential_returned", "cancel_called"],
+	skipped: ["user_cancel", "tap_outside"]
+};
+const oneTapClient = (options) => {
+	return {
+		id: "one-tap",
+		fetchPlugins: [{
+			id: "fedcm-signout-handle",
+			name: "FedCM Sign-Out Handler",
+			hooks: { async onResponse(ctx) {
+				if (!ctx.request.url.toString().includes("/sign-out")) return;
+				if (options.promptOptions?.fedCM === false || !isFedCMSupported()) return;
+				navigator.credentials.preventSilentAccess();
+			} }
+		}],
+		getActions: ($fetch, _) => {
+			return { oneTap: async (opts, fetchOptions) => {
+				if (isRequestInProgress) {
+					console.warn("A Google One Tap request is already in progress. Please wait.");
+					return;
+				}
+				if (typeof window === "undefined" || !window.document) {
+					console.warn("Google One Tap is only available in browser environments");
+					return;
+				}
+				if (opts?.button) {
+					await loadGoogleScript();
+					const container = typeof opts.button.container === "string" ? document.querySelector(opts.button.container) : opts.button.container;
+					if (!container) {
+						console.error("Google One Tap: Button container not found", opts.button.container);
+						return;
+					}
+					async function callback(idToken) {
+						await $fetch("/one-tap/callback", {
+							method: "POST",
+							body: { idToken },
+							...opts?.fetchOptions,
+							...fetchOptions
+						});
+						if (!opts?.fetchOptions && !fetchOptions || opts?.callbackURL) window.location.href = opts?.callbackURL ?? "/";
+					}
+					const { autoSelect, cancelOnTapOutside, context } = opts ?? {};
+					const contextValue = context ?? options.context ?? "signin";
+					window.google?.accounts.id.initialize({
+						client_id: options.clientId,
+						callback: async (response) => {
+							try {
+								await callback(response.credential);
+							} catch (error) {
+								console.error("Error during button callback:", error);
+							}
+						},
+						auto_select: autoSelect,
+						cancel_on_tap_outside: cancelOnTapOutside,
+						context: contextValue,
+						ux_mode: opts?.uxMode || "popup",
+						nonce: opts?.nonce,
+						itp_support: true,
+						...options.additionalOptions
+					});
+					window.google?.accounts.id.renderButton(container, opts.button.config ?? { type: "icon" });
+					return;
+				}
+				async function callback(idToken) {
+					await $fetch("/one-tap/callback", {
+						method: "POST",
+						body: { idToken },
+						...opts?.fetchOptions,
+						...fetchOptions
+					});
+					if (!opts?.fetchOptions && !fetchOptions || opts?.callbackURL) window.location.href = opts?.callbackURL ?? "/";
+				}
+				const { autoSelect, cancelOnTapOutside, context } = opts ?? {};
+				const contextValue = context ?? options.context ?? "signin";
+				isRequestInProgress = true;
+				try {
+					await loadGoogleScript();
+					await new Promise((resolve, reject) => {
+						let isResolved = false;
+						const baseDelay = options.promptOptions?.baseDelay ?? 1e3;
+						const maxAttempts = options.promptOptions?.maxAttempts ?? 5;
+						window.google?.accounts.id.initialize({
+							client_id: options.clientId,
+							callback: async (response) => {
+								isResolved = true;
+								try {
+									await callback(response.credential);
+									resolve();
+								} catch (error) {
+									console.error("Error during One Tap callback:", error);
+									reject(error);
+								}
+							},
+							auto_select: autoSelect,
+							cancel_on_tap_outside: cancelOnTapOutside,
+							context: contextValue,
+							ux_mode: opts?.uxMode || "popup",
+							nonce: opts?.nonce,
+							itp_support: true,
+							...options.additionalOptions
+						});
+						const handlePrompt = (attempt) => {
+							if (isResolved) return;
+							window.google?.accounts.id.prompt((notification) => {
+								if (isResolved) return;
+								if (notification.isDismissedMoment && notification.isDismissedMoment()) {
+									const reason = notification.getDismissedReason?.();
+									if (noRetryReasons.dismissed.includes(reason)) {
+										opts?.onPromptNotification?.(notification);
+										resolve();
+										return;
+									}
+									if (attempt < maxAttempts) {
+										const delay = Math.pow(2, attempt) * baseDelay;
+										setTimeout(() => handlePrompt(attempt + 1), delay);
+									} else {
+										opts?.onPromptNotification?.(notification);
+										resolve();
+									}
+								} else if (notification.isSkippedMoment && notification.isSkippedMoment()) {
+									const reason = notification.getSkippedReason?.();
+									if (!reason || noRetryReasons.skipped.includes(reason)) {
+										opts?.onPromptNotification?.(notification);
+										resolve();
+										return;
+									}
+									if (attempt < maxAttempts) {
+										const delay = Math.pow(2, attempt) * baseDelay;
+										setTimeout(() => handlePrompt(attempt + 1), delay);
+									} else {
+										opts?.onPromptNotification?.(notification);
+										resolve();
+									}
+								} else if (notification.isNotDisplayed && notification.isNotDisplayed()) {
+									opts?.onPromptNotification?.(notification);
+									resolve();
+								}
+							});
+						};
+						handlePrompt(0);
+					});
+				} catch (error) {
+					console.error("Error during Google One Tap flow:", error);
+					throw error;
+				} finally {
+					isRequestInProgress = false;
+				}
+			} };
+		},
+		getAtoms($fetch) {
+			return {};
+		}
+	};
+};
+const loadGoogleScript = () => {
+	return new Promise((resolve, reject) => {
+		if (window.googleScriptInitialized) {
+			resolve();
+			return;
+		}
+		const script = document.createElement("script");
+		script.src = "https://accounts.google.com/gsi/client";
+		script.async = true;
+		script.defer = true;
+		script.onload = () => {
+			window.googleScriptInitialized = true;
+			resolve();
+		};
+		script.onerror = () => {
+			reject(/* @__PURE__ */ new Error("Failed to load Google Identity Services script"));
+		};
+		document.head.appendChild(script);
+	});
+};
+
+//#endregion
+export { oneTapClient };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/one-tap/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/one-tap/client.ts"],"sourcesContent":["/// <reference types=\"@types/google.accounts\" />\nimport type {\n\tBetterAuthClientPlugin,\n\tClientFetchOption,\n} from \"@better-auth/core\";\n\ndeclare global {\n\tinterface Window {\n\t\tgoogleScriptInitialized?: boolean | undefined;\n\t}\n}\n\nexport interface GsiButtonConfiguration {\n\t/**\n\t * The button type: icon, or standard button.\n\t */\n\ttype: \"standard\" | \"icon\";\n\n\t/**\n\t * The button theme. For example, filled_blue or filled_black.\n\t * outline  A standard button theme:\n\t * filled_blue  A blue-filled button theme:\n\t * filled_black  A black-filled button theme:\n\t */\n\ttheme?: \"outline\" | \"filled_blue\" | \"filled_black\";\n\n\t/**\n\t * The button size. For example, small or large.\n\t */\n\tsize?: \"small\" | \"medium\" | \"large\";\n\n\t/**\n\t * The button text. The default value is signin_with.\n\t * There are no visual differences for the text of icon buttons that\n\t * have different text attributes. The only exception is when the\n\t * text is read for screen accessibility.\n\t *\n\t * signin_with  The button text is “Sign in with Google”:\n\t * signup_with  The button text is “Sign up with Google”:\n\t * continue_with  The button text is “Continue with Google”:\n\t * signup_with  The button text is “Sign in”:\n\t */\n\ttext?: \"signin_with\" | \"signup_with\" | \"continue_with\" | \"signin\";\n\n\t/**\n\t * The button shape. The default value is rectangular.\n\t */\n\tshape?: \"rectangular\" | \"pill\" | \"circle\" | \"square\";\n\n\t/**\n\t * The alignment of the Google logo. The default value is left.\n\t * This attribute only applies to the standard button type.\n\t */\n\tlogo_alignment?: \"left\" | \"center\";\n\n\t/**\n\t * The minimum button width, in pixels. The maximum width is 400\n\t * pixels.\n\t */\n\twidth?: number;\n\n\t/**\n\t * The pre-set locale of the button text. If it's not set, the\n\t * browser's default locale or the Google session user’s preference\n\t * is used.\n\t */\n\tlocale?: string;\n\n\t/**\n\t * You can define a JavaScript function to be called when the\n\t * Sign in with Google button is clicked.\n\t */\n\tclick_listener?: () => void;\n\n\t/**\n\t * Optional, as multiple Sign in with Google buttons can be\n\t * rendered on the same page, you can assign each button with a\n\t * unique string. The same string would return along with the ID\n\t * token, so you can identify which button user clicked to sign in.\n\t */\n\tstate?: string;\n}\n\nexport interface GoogleOneTapOptions {\n\t/**\n\t * Google client ID\n\t */\n\tclientId: string;\n\t/**\n\t * Auto select the account if the user is already signed in\n\t */\n\tautoSelect?: boolean | undefined;\n\t/**\n\t * Cancel the flow when the user taps outside the prompt\n\t *\n\t * Note: To use this option, disable `promptOptions.fedCM`\n\t */\n\tcancelOnTapOutside?: boolean | undefined;\n\t/**\n\t * The mode to use for the Google One Tap flow\n\t *\n\t * popup: Use a popup window\n\t * redirect: Redirect the user to the Google One Tap flow\n\t *\n\t * @default \"popup\"\n\t */\n\tuxMode?: (\"popup\" | \"redirect\") | undefined;\n\t/**\n\t * The context to use for the Google One Tap flow.\n\t *\n\t * @see {@link https://developers.google.com/identity/gsi/web/reference/js-reference}\n\t * @default \"signin\"\n\t */\n\tcontext?: (\"signin\" | \"signup\" | \"use\") | undefined;\n\t/**\n\t * Additional configuration options to pass to the Google One Tap API.\n\t */\n\tadditionalOptions?: Record<string, any> | undefined;\n\t/**\n\t * Configuration options for the prompt and exponential backoff behavior.\n\t */\n\tpromptOptions?:\n\t\t| {\n\t\t\t\t/**\n\t\t\t\t * Base delay (in milliseconds) for exponential backoff.\n\t\t\t\t * @default 1000\n\t\t\t\t */\n\t\t\t\tbaseDelay?: number;\n\t\t\t\t/**\n\t\t\t\t * Maximum number of prompt attempts before calling onPromptNotification.\n\t\t\t\t * @default 5\n\t\t\t\t */\n\t\t\t\tmaxAttempts?: number;\n\t\t\t\t/**\n\t\t\t\t * Whether to support FedCM (Federated Credential Management) support.\n\t\t\t\t *\n\t\t\t\t * @see {@link https://developer.chrome.com/docs/identity/fedcm/overview}\n\t\t\t\t * @default true\n\t\t\t\t */\n\t\t\t\tfedCM?: boolean | undefined;\n\t\t  }\n\t\t| undefined;\n}\n\nexport interface GoogleOneTapActionOptions\n\textends Omit<GoogleOneTapOptions, \"clientId\" | \"promptOptions\"> {\n\tfetchOptions?: ClientFetchOption | undefined;\n\t/**\n\t * Callback URL.\n\t */\n\tcallbackURL?: string | undefined;\n\t/**\n\t * Optional callback that receives the prompt notification if (or when) the prompt is dismissed or skipped.\n\t * This lets you render an alternative UI (e.g. a Google Sign-In button) to restart the process.\n\t */\n\tonPromptNotification?: ((notification?: any | undefined) => void) | undefined;\n\tnonce?: string | undefined;\n\t/**\n\t * Button mode configuration. When provided, renders a \"Sign In with Google\" button\n\t * instead of showing the One Tap prompt.\n\t */\n\tbutton?:\n\t\t| {\n\t\t\t\t/**\n\t\t\t\t * The HTML element or CSS selector where the button should be rendered.\n\t\t\t\t * If a string is provided, it will be used as a CSS selector.\n\t\t\t\t */\n\t\t\t\tcontainer: HTMLElement | string;\n\t\t\t\t/**\n\t\t\t\t * Button configuration options\n\t\t\t\t */\n\t\t\t\tconfig?: GsiButtonConfiguration | undefined;\n\t\t  }\n\t\t| undefined;\n}\n\nlet isRequestInProgress = false;\n\nfunction isFedCMSupported() {\n\treturn typeof window !== \"undefined\" && \"IdentityCredential\" in window;\n}\n\n/**\n * Reasons that should NOT trigger a retry.\n * @see https://developers.google.com/identity/gsi/web/reference/js-reference\n */\nconst noRetryReasons = {\n\tdismissed: [\"credential_returned\", \"cancel_called\"],\n\tskipped: [\"user_cancel\", \"tap_outside\"],\n} as const;\n\nexport const oneTapClient = (options: GoogleOneTapOptions) => {\n\treturn {\n\t\tid: \"one-tap\",\n\t\tfetchPlugins: [\n\t\t\t{\n\t\t\t\tid: \"fedcm-signout-handle\",\n\t\t\t\tname: \"FedCM Sign-Out Handler\",\n\t\t\t\thooks: {\n\t\t\t\t\tasync onResponse(ctx) {\n\t\t\t\t\t\tif (!ctx.request.url.toString().includes(\"/sign-out\")) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (options.promptOptions?.fedCM === false || !isFedCMSupported()) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tnavigator.credentials.preventSilentAccess();\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t],\n\t\tgetActions: ($fetch, _) => {\n\t\t\treturn {\n\t\t\t\toneTap: async (\n\t\t\t\t\topts?: GoogleOneTapActionOptions | undefined,\n\t\t\t\t\tfetchOptions?: ClientFetchOption | undefined,\n\t\t\t\t) => {\n\t\t\t\t\tif (isRequestInProgress) {\n\t\t\t\t\t\tconsole.warn(\n\t\t\t\t\t\t\t\"A Google One Tap request is already in progress. Please wait.\",\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\n\t\t\t\t\tif (typeof window === \"undefined\" || !window.document) {\n\t\t\t\t\t\tconsole.warn(\n\t\t\t\t\t\t\t\"Google One Tap is only available in browser environments\",\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\n\t\t\t\t\t// Button mode: render a button instead of showing the prompt\n\t\t\t\t\tif (opts?.button) {\n\t\t\t\t\t\tawait loadGoogleScript();\n\n\t\t\t\t\t\tconst container =\n\t\t\t\t\t\t\ttypeof opts.button.container === \"string\"\n\t\t\t\t\t\t\t\t? document.querySelector<HTMLElement>(opts.button.container)\n\t\t\t\t\t\t\t\t: opts.button.container;\n\n\t\t\t\t\t\tif (!container) {\n\t\t\t\t\t\t\tconsole.error(\n\t\t\t\t\t\t\t\t\"Google One Tap: Button container not found\",\n\t\t\t\t\t\t\t\topts.button.container,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tasync function callback(idToken: string) {\n\t\t\t\t\t\t\tawait $fetch(\"/one-tap/callback\", {\n\t\t\t\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\t\t\t\tbody: { idToken },\n\t\t\t\t\t\t\t\t...opts?.fetchOptions,\n\t\t\t\t\t\t\t\t...fetchOptions,\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tif ((!opts?.fetchOptions && !fetchOptions) || opts?.callbackURL) {\n\t\t\t\t\t\t\t\twindow.location.href = opts?.callbackURL ?? \"/\";\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst { autoSelect, cancelOnTapOutside, context } = opts ?? {};\n\t\t\t\t\t\tconst contextValue = context ?? options.context ?? \"signin\";\n\n\t\t\t\t\t\twindow.google?.accounts.id.initialize({\n\t\t\t\t\t\t\tclient_id: options.clientId,\n\t\t\t\t\t\t\tcallback: async (response: { credential: string }) => {\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tawait callback(response.credential);\n\t\t\t\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\t\t\t\tconsole.error(\"Error during button callback:\", error);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tauto_select: autoSelect,\n\t\t\t\t\t\t\tcancel_on_tap_outside: cancelOnTapOutside,\n\t\t\t\t\t\t\tcontext: contextValue,\n\t\t\t\t\t\t\tux_mode: opts?.uxMode || \"popup\",\n\t\t\t\t\t\t\tnonce: opts?.nonce,\n\t\t\t\t\t\t\titp_support: true,\n\t\t\t\t\t\t\t...options.additionalOptions,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\twindow.google?.accounts.id.renderButton(\n\t\t\t\t\t\t\tcontainer,\n\t\t\t\t\t\t\topts.button.config ?? {\n\t\t\t\t\t\t\t\ttype: \"icon\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\n\t\t\t\t\tasync function callback(idToken: string) {\n\t\t\t\t\t\tawait $fetch(\"/one-tap/callback\", {\n\t\t\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\t\t\tbody: { idToken },\n\t\t\t\t\t\t\t...opts?.fetchOptions,\n\t\t\t\t\t\t\t...fetchOptions,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tif ((!opts?.fetchOptions && !fetchOptions) || opts?.callbackURL) {\n\t\t\t\t\t\t\twindow.location.href = opts?.callbackURL ?? \"/\";\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tconst { autoSelect, cancelOnTapOutside, context } = opts ?? {};\n\t\t\t\t\tconst contextValue = context ?? options.context ?? \"signin\";\n\t\t\t\t\tisRequestInProgress = true;\n\n\t\t\t\t\ttry {\n\t\t\t\t\t\tawait loadGoogleScript();\n\t\t\t\t\t\tawait new Promise<void>((resolve, reject) => {\n\t\t\t\t\t\t\tlet isResolved = false;\n\t\t\t\t\t\t\tconst baseDelay = options.promptOptions?.baseDelay ?? 1000;\n\t\t\t\t\t\t\tconst maxAttempts = options.promptOptions?.maxAttempts ?? 5;\n\n\t\t\t\t\t\t\twindow.google?.accounts.id.initialize({\n\t\t\t\t\t\t\t\tclient_id: options.clientId,\n\t\t\t\t\t\t\t\tcallback: async (response: { credential: string }) => {\n\t\t\t\t\t\t\t\t\tisResolved = true;\n\t\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\t\tawait callback(response.credential);\n\t\t\t\t\t\t\t\t\t\tresolve();\n\t\t\t\t\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\t\t\t\t\tconsole.error(\"Error during One Tap callback:\", error);\n\t\t\t\t\t\t\t\t\t\treject(error);\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tauto_select: autoSelect,\n\t\t\t\t\t\t\t\tcancel_on_tap_outside: cancelOnTapOutside,\n\t\t\t\t\t\t\t\tcontext: contextValue,\n\t\t\t\t\t\t\t\tux_mode: opts?.uxMode || \"popup\",\n\t\t\t\t\t\t\t\tnonce: opts?.nonce,\n\t\t\t\t\t\t\t\t/**\n\t\t\t\t\t\t\t\t * @see {@link https://developers.google.com/identity/gsi/web/guides/overview}\n\t\t\t\t\t\t\t\t */\n\t\t\t\t\t\t\t\titp_support: true,\n\n\t\t\t\t\t\t\t\t...options.additionalOptions,\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tconst handlePrompt = (attempt: number) => {\n\t\t\t\t\t\t\t\tif (isResolved) return;\n\n\t\t\t\t\t\t\t\twindow.google?.accounts.id.prompt((notification: any) => {\n\t\t\t\t\t\t\t\t\tif (isResolved) return;\n\n\t\t\t\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t\t\t\tnotification.isDismissedMoment &&\n\t\t\t\t\t\t\t\t\t\tnotification.isDismissedMoment()\n\t\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t\tconst reason = notification.getDismissedReason?.();\n\t\t\t\t\t\t\t\t\t\tif (noRetryReasons.dismissed.includes(reason)) {\n\t\t\t\t\t\t\t\t\t\t\topts?.onPromptNotification?.(notification);\n\t\t\t\t\t\t\t\t\t\t\tresolve();\n\t\t\t\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\tif (attempt < maxAttempts) {\n\t\t\t\t\t\t\t\t\t\t\tconst delay = Math.pow(2, attempt) * baseDelay;\n\t\t\t\t\t\t\t\t\t\t\tsetTimeout(() => handlePrompt(attempt + 1), delay);\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\topts?.onPromptNotification?.(notification);\n\t\t\t\t\t\t\t\t\t\t\tresolve();\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t} else if (\n\t\t\t\t\t\t\t\t\t\tnotification.isSkippedMoment &&\n\t\t\t\t\t\t\t\t\t\tnotification.isSkippedMoment()\n\t\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t\tconst reason = notification.getSkippedReason?.();\n\t\t\t\t\t\t\t\t\t\tif (!reason || noRetryReasons.skipped.includes(reason)) {\n\t\t\t\t\t\t\t\t\t\t\topts?.onPromptNotification?.(notification);\n\t\t\t\t\t\t\t\t\t\t\tresolve();\n\t\t\t\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\tif (attempt < maxAttempts) {\n\t\t\t\t\t\t\t\t\t\t\tconst delay = Math.pow(2, attempt) * baseDelay;\n\t\t\t\t\t\t\t\t\t\t\tsetTimeout(() => handlePrompt(attempt + 1), delay);\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\topts?.onPromptNotification?.(notification);\n\t\t\t\t\t\t\t\t\t\t\tresolve();\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t} else if (\n\t\t\t\t\t\t\t\t\t\tnotification.isNotDisplayed &&\n\t\t\t\t\t\t\t\t\t\tnotification.isNotDisplayed()\n\t\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t\topts?.onPromptNotification?.(notification);\n\t\t\t\t\t\t\t\t\t\tresolve();\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t};\n\n\t\t\t\t\t\t\thandlePrompt(0);\n\t\t\t\t\t\t});\n\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\tconsole.error(\"Error during Google One Tap flow:\", error);\n\t\t\t\t\t\tthrow error;\n\t\t\t\t\t} finally {\n\t\t\t\t\t\tisRequestInProgress = false;\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t\tgetAtoms($fetch) {\n\t\t\treturn {};\n\t\t},\n\t} satisfies BetterAuthClientPlugin;\n};\n\nconst loadGoogleScript = (): Promise<void> => {\n\treturn new Promise((resolve, reject) => {\n\t\tif (window.googleScriptInitialized) {\n\t\t\tresolve();\n\t\t\treturn;\n\t\t}\n\n\t\tconst script = document.createElement(\"script\");\n\t\tscript.src = \"https://accounts.google.com/gsi/client\";\n\t\tscript.async = true;\n\t\tscript.defer = true;\n\t\tscript.onload = () => {\n\t\t\twindow.googleScriptInitialized = true;\n\t\t\tresolve();\n\t\t};\n\t\tscript.onerror = () => {\n\t\t\treject(new Error(\"Failed to load Google Identity Services script\"));\n\t\t};\n\t\tdocument.head.appendChild(script);\n\t});\n};\n"],"mappings":";AAgLA,IAAI,sBAAsB;AAE1B,SAAS,mBAAmB;AAC3B,QAAO,OAAO,WAAW,eAAe,wBAAwB;;;;;;AAOjE,MAAM,iBAAiB;CACtB,WAAW,CAAC,uBAAuB,gBAAgB;CACnD,SAAS,CAAC,eAAe,cAAc;CACvC;AAED,MAAa,gBAAgB,YAAiC;AAC7D,QAAO;EACN,IAAI;EACJ,cAAc,CACb;GACC,IAAI;GACJ,MAAM;GACN,OAAO,EACN,MAAM,WAAW,KAAK;AACrB,QAAI,CAAC,IAAI,QAAQ,IAAI,UAAU,CAAC,SAAS,YAAY,CACpD;AAED,QAAI,QAAQ,eAAe,UAAU,SAAS,CAAC,kBAAkB,CAChE;AAED,cAAU,YAAY,qBAAqB;MAE5C;GACD,CACD;EACD,aAAa,QAAQ,MAAM;AAC1B,UAAO,EACN,QAAQ,OACP,MACA,iBACI;AACJ,QAAI,qBAAqB;AACxB,aAAQ,KACP,gEACA;AACD;;AAGD,QAAI,OAAO,WAAW,eAAe,CAAC,OAAO,UAAU;AACtD,aAAQ,KACP,2DACA;AACD;;AAID,QAAI,MAAM,QAAQ;AACjB,WAAM,kBAAkB;KAExB,MAAM,YACL,OAAO,KAAK,OAAO,cAAc,WAC9B,SAAS,cAA2B,KAAK,OAAO,UAAU,GAC1D,KAAK,OAAO;AAEhB,SAAI,CAAC,WAAW;AACf,cAAQ,MACP,8CACA,KAAK,OAAO,UACZ;AACD;;KAGD,eAAe,SAAS,SAAiB;AACxC,YAAM,OAAO,qBAAqB;OACjC,QAAQ;OACR,MAAM,EAAE,SAAS;OACjB,GAAG,MAAM;OACT,GAAG;OACH,CAAC;AAEF,UAAK,CAAC,MAAM,gBAAgB,CAAC,gBAAiB,MAAM,YACnD,QAAO,SAAS,OAAO,MAAM,eAAe;;KAI9C,MAAM,EAAE,YAAY,oBAAoB,YAAY,QAAQ,EAAE;KAC9D,MAAM,eAAe,WAAW,QAAQ,WAAW;AAEnD,YAAO,QAAQ,SAAS,GAAG,WAAW;MACrC,WAAW,QAAQ;MACnB,UAAU,OAAO,aAAqC;AACrD,WAAI;AACH,cAAM,SAAS,SAAS,WAAW;gBAC3B,OAAO;AACf,gBAAQ,MAAM,iCAAiC,MAAM;;;MAGvD,aAAa;MACb,uBAAuB;MACvB,SAAS;MACT,SAAS,MAAM,UAAU;MACzB,OAAO,MAAM;MACb,aAAa;MACb,GAAG,QAAQ;MACX,CAAC;AAEF,YAAO,QAAQ,SAAS,GAAG,aAC1B,WACA,KAAK,OAAO,UAAU,EACrB,MAAM,QACN,CACD;AAED;;IAGD,eAAe,SAAS,SAAiB;AACxC,WAAM,OAAO,qBAAqB;MACjC,QAAQ;MACR,MAAM,EAAE,SAAS;MACjB,GAAG,MAAM;MACT,GAAG;MACH,CAAC;AAEF,SAAK,CAAC,MAAM,gBAAgB,CAAC,gBAAiB,MAAM,YACnD,QAAO,SAAS,OAAO,MAAM,eAAe;;IAI9C,MAAM,EAAE,YAAY,oBAAoB,YAAY,QAAQ,EAAE;IAC9D,MAAM,eAAe,WAAW,QAAQ,WAAW;AACnD,0BAAsB;AAEtB,QAAI;AACH,WAAM,kBAAkB;AACxB,WAAM,IAAI,SAAe,SAAS,WAAW;MAC5C,IAAI,aAAa;MACjB,MAAM,YAAY,QAAQ,eAAe,aAAa;MACtD,MAAM,cAAc,QAAQ,eAAe,eAAe;AAE1D,aAAO,QAAQ,SAAS,GAAG,WAAW;OACrC,WAAW,QAAQ;OACnB,UAAU,OAAO,aAAqC;AACrD,qBAAa;AACb,YAAI;AACH,eAAM,SAAS,SAAS,WAAW;AACnC,kBAAS;iBACD,OAAO;AACf,iBAAQ,MAAM,kCAAkC,MAAM;AACtD,gBAAO,MAAM;;;OAGf,aAAa;OACb,uBAAuB;OACvB,SAAS;OACT,SAAS,MAAM,UAAU;OACzB,OAAO,MAAM;OAIb,aAAa;OAEb,GAAG,QAAQ;OACX,CAAC;MAEF,MAAM,gBAAgB,YAAoB;AACzC,WAAI,WAAY;AAEhB,cAAO,QAAQ,SAAS,GAAG,QAAQ,iBAAsB;AACxD,YAAI,WAAY;AAEhB,YACC,aAAa,qBACb,aAAa,mBAAmB,EAC/B;SACD,MAAM,SAAS,aAAa,sBAAsB;AAClD,aAAI,eAAe,UAAU,SAAS,OAAO,EAAE;AAC9C,gBAAM,uBAAuB,aAAa;AAC1C,mBAAS;AACT;;AAED,aAAI,UAAU,aAAa;UAC1B,MAAM,QAAQ,KAAK,IAAI,GAAG,QAAQ,GAAG;AACrC,2BAAiB,aAAa,UAAU,EAAE,EAAE,MAAM;gBAC5C;AACN,gBAAM,uBAAuB,aAAa;AAC1C,mBAAS;;mBAGV,aAAa,mBACb,aAAa,iBAAiB,EAC7B;SACD,MAAM,SAAS,aAAa,oBAAoB;AAChD,aAAI,CAAC,UAAU,eAAe,QAAQ,SAAS,OAAO,EAAE;AACvD,gBAAM,uBAAuB,aAAa;AAC1C,mBAAS;AACT;;AAED,aAAI,UAAU,aAAa;UAC1B,MAAM,QAAQ,KAAK,IAAI,GAAG,QAAQ,GAAG;AACrC,2BAAiB,aAAa,UAAU,EAAE,EAAE,MAAM;gBAC5C;AACN,gBAAM,uBAAuB,aAAa;AAC1C,mBAAS;;mBAGV,aAAa,kBACb,aAAa,gBAAgB,EAC5B;AACD,eAAM,uBAAuB,aAAa;AAC1C,kBAAS;;SAET;;AAGH,mBAAa,EAAE;OACd;aACM,OAAO;AACf,aAAQ,MAAM,qCAAqC,MAAM;AACzD,WAAM;cACG;AACT,2BAAsB;;MAGxB;;EAEF,SAAS,QAAQ;AAChB,UAAO,EAAE;;EAEV;;AAGF,MAAM,yBAAwC;AAC7C,QAAO,IAAI,SAAS,SAAS,WAAW;AACvC,MAAI,OAAO,yBAAyB;AACnC,YAAS;AACT;;EAGD,MAAM,SAAS,SAAS,cAAc,SAAS;AAC/C,SAAO,MAAM;AACb,SAAO,QAAQ;AACf,SAAO,QAAQ;AACf,SAAO,eAAe;AACrB,UAAO,0BAA0B;AACjC,YAAS;;AAEV,SAAO,gBAAgB;AACtB,0BAAO,IAAI,MAAM,iDAAiD,CAAC;;AAEpE,WAAS,KAAK,YAAY,OAAO;GAChC"}

package/dist/plugins/one-tap/index.d.mts

@@ -0,0 +1,83 @@
+import * as better_call0 from "better-call";
+import * as z from "zod";
+
+//#region src/plugins/one-tap/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    "one-tap": {
+      creator: typeof oneTap;
+    };
+  }
+}
+interface OneTapOptions {
+  /**
+   * Disable the signup flow
+   *
+   * @default false
+   */
+  disableSignup?: boolean | undefined;
+  /**
+   * Google Client ID
+   *
+   * If a client ID is provided in the social provider configuration,
+   * it will be used.
+   */
+  clientId?: string | undefined;
+}
+declare const oneTap: (options?: OneTapOptions | undefined) => {
+  id: "one-tap";
+  endpoints: {
+    oneTapCallback: better_call0.StrictEndpoint<"/one-tap/callback", {
+      method: "POST";
+      body: z.ZodObject<{
+        idToken: z.ZodString;
+      }, z.core.$strip>;
+      metadata: {
+        openapi: {
+          summary: string;
+          description: string;
+          responses: {
+            200: {
+              description: string;
+              content: {
+                "application/json": {
+                  schema: {
+                    type: "object";
+                    properties: {
+                      session: {
+                        $ref: string;
+                      };
+                      user: {
+                        $ref: string;
+                      };
+                    };
+                  };
+                };
+              };
+            };
+            400: {
+              description: string;
+            };
+          };
+        };
+      };
+    }, {
+      error: string;
+    } | {
+      token: string;
+      user: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      };
+    }>;
+  };
+  options: OneTapOptions | undefined;
+};
+//#endregion
+export { OneTapOptions, oneTap };
+//# sourceMappingURL=index.d.mts.map

package/dist/plugins/one-tap/index.mjs

@@ -0,0 +1,95 @@
+import { parseUserOutput } from "../../db/schema.mjs";
+import { setSessionCookie } from "../../cookies/index.mjs";
+import { APIError } from "../../api/index.mjs";
+import { toBoolean } from "../../utils/boolean.mjs";
+import { createAuthEndpoint } from "@better-auth/core/api";
+import * as z from "zod";
+import { createRemoteJWKSet, jwtVerify } from "jose";
+
+//#region src/plugins/one-tap/index.ts
+const oneTapCallbackBodySchema = z.object({ idToken: z.string().meta({ description: "Google ID token, which the client obtains from the One Tap API" }) });
+const oneTap = (options) => ({
+	id: "one-tap",
+	endpoints: { oneTapCallback: createAuthEndpoint("/one-tap/callback", {
+		method: "POST",
+		body: oneTapCallbackBodySchema,
+		metadata: { openapi: {
+			summary: "One tap callback",
+			description: "Use this endpoint to authenticate with Google One Tap",
+			responses: {
+				200: {
+					description: "Successful response",
+					content: { "application/json": { schema: {
+						type: "object",
+						properties: {
+							session: { $ref: "#/components/schemas/Session" },
+							user: { $ref: "#/components/schemas/User" }
+						}
+					} } }
+				},
+				400: { description: "Invalid token" }
+			}
+		} }
+	}, async (ctx) => {
+		const { idToken } = ctx.body;
+		let payload;
+		try {
+			const JWKS = createRemoteJWKSet(new URL("https://www.googleapis.com/oauth2/v3/certs"));
+			const googleProvider = typeof ctx.context.options.socialProviders?.google === "function" ? await ctx.context.options.socialProviders?.google() : ctx.context.options.socialProviders?.google;
+			const { payload: verifiedPayload } = await jwtVerify(idToken, JWKS, {
+				issuer: ["https://accounts.google.com", "accounts.google.com"],
+				audience: options?.clientId || googleProvider?.clientId
+			});
+			payload = verifiedPayload;
+		} catch {
+			throw new APIError("BAD_REQUEST", { message: "invalid id token" });
+		}
+		const { email, email_verified, name, picture, sub } = payload;
+		if (!email) return ctx.json({ error: "Email not available in token" });
+		const user = await ctx.context.internalAdapter.findUserByEmail(email);
+		if (!user) {
+			if (options?.disableSignup) throw new APIError("BAD_GATEWAY", { message: "User not found" });
+			const newUser = await ctx.context.internalAdapter.createOAuthUser({
+				email,
+				emailVerified: typeof email_verified === "boolean" ? email_verified : toBoolean(email_verified),
+				name,
+				image: picture
+			}, {
+				providerId: "google",
+				accountId: sub
+			});
+			if (!newUser) throw new APIError("INTERNAL_SERVER_ERROR", { message: "Could not create user" });
+			const session = await ctx.context.internalAdapter.createSession(newUser.user.id);
+			await setSessionCookie(ctx, {
+				user: newUser.user,
+				session
+			});
+			return ctx.json({
+				token: session.token,
+				user: parseUserOutput(ctx.context.options, newUser.user)
+			});
+		}
+		if (!await ctx.context.internalAdapter.findAccount(sub)) if ((ctx.context.options.account?.accountLinking)?.enabled !== false && (ctx.context.trustedProviders.includes("google") || email_verified)) await ctx.context.internalAdapter.linkAccount({
+			userId: user.user.id,
+			providerId: "google",
+			accountId: sub,
+			scope: "openid,profile,email",
+			idToken
+		});
+		else throw new APIError("UNAUTHORIZED", { message: "Google sub doesn't match" });
+		const session = await ctx.context.internalAdapter.createSession(user.user.id);
+		await setSessionCookie(ctx, {
+			user: user.user,
+			session
+		});
+		return ctx.json({
+			token: session.token,
+			user: parseUserOutput(ctx.context.options, user.user)
+		});
+	}) },
+	options
+});
+
+//#endregion
+export { oneTap };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/one-tap/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/one-tap/index.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { createRemoteJWKSet, jwtVerify } from \"jose\";\nimport * as z from \"zod\";\nimport { APIError } from \"../../api\";\nimport { setSessionCookie } from \"../../cookies\";\nimport { parseUserOutput } from \"../../db/schema\";\nimport { toBoolean } from \"../../utils/boolean\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\t\"one-tap\": {\n\t\t\tcreator: typeof oneTap;\n\t\t};\n\t}\n}\n\nexport interface OneTapOptions {\n\t/**\n\t * Disable the signup flow\n\t *\n\t * @default false\n\t */\n\tdisableSignup?: boolean | undefined;\n\t/**\n\t * Google Client ID\n\t *\n\t * If a client ID is provided in the social provider configuration,\n\t * it will be used.\n\t */\n\tclientId?: string | undefined;\n}\n\nconst oneTapCallbackBodySchema = z.object({\n\tidToken: z.string().meta({\n\t\tdescription:\n\t\t\t\"Google ID token, which the client obtains from the One Tap API\",\n\t}),\n});\n\nexport const oneTap = (options?: OneTapOptions | undefined) =>\n\t({\n\t\tid: \"one-tap\",\n\t\tendpoints: {\n\t\t\toneTapCallback: createAuthEndpoint(\n\t\t\t\t\"/one-tap/callback\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: oneTapCallbackBodySchema,\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tsummary: \"One tap callback\",\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Use this endpoint to authenticate with Google One Tap\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\t\t\tdescription: \"Successful response\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t400: {\n\t\t\t\t\t\t\t\t\tdescription: \"Invalid token\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst { idToken } = ctx.body;\n\t\t\t\t\tlet payload: any;\n\t\t\t\t\ttry {\n\t\t\t\t\t\tconst JWKS = createRemoteJWKSet(\n\t\t\t\t\t\t\tnew URL(\"https://www.googleapis.com/oauth2/v3/certs\"),\n\t\t\t\t\t\t);\n\t\t\t\t\t\tconst googleProvider =\n\t\t\t\t\t\t\ttypeof ctx.context.options.socialProviders?.google === \"function\"\n\t\t\t\t\t\t\t\t? await ctx.context.options.socialProviders?.google()\n\t\t\t\t\t\t\t\t: ctx.context.options.socialProviders?.google;\n\t\t\t\t\t\tconst { payload: verifiedPayload } = await jwtVerify(\n\t\t\t\t\t\t\tidToken,\n\t\t\t\t\t\t\tJWKS,\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tissuer: [\"https://accounts.google.com\", \"accounts.google.com\"],\n\t\t\t\t\t\t\t\taudience: options?.clientId || googleProvider?.clientId,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t\tpayload = verifiedPayload;\n\t\t\t\t\t} catch {\n\t\t\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\t\t\tmessage: \"invalid id token\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst { email, email_verified, name, picture, sub } = payload;\n\t\t\t\t\tif (!email) {\n\t\t\t\t\t\treturn ctx.json({ error: \"Email not available in token\" });\n\t\t\t\t\t}\n\n\t\t\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\t\t\tif (!user) {\n\t\t\t\t\t\tif (options?.disableSignup) {\n\t\t\t\t\t\t\tthrow new APIError(\"BAD_GATEWAY\", {\n\t\t\t\t\t\t\t\tmessage: \"User not found\",\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst newUser = await ctx.context.internalAdapter.createOAuthUser(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\temailVerified:\n\t\t\t\t\t\t\t\t\ttypeof email_verified === \"boolean\"\n\t\t\t\t\t\t\t\t\t\t? email_verified\n\t\t\t\t\t\t\t\t\t\t: toBoolean(email_verified),\n\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\timage: picture,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tproviderId: \"google\",\n\t\t\t\t\t\t\t\taccountId: sub,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t\tif (!newUser) {\n\t\t\t\t\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\t\t\t\tmessage: \"Could not create user\",\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\t\tnewUser.user.id,\n\t\t\t\t\t\t);\n\t\t\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\t\t\tuser: newUser.user,\n\t\t\t\t\t\t\tsession,\n\t\t\t\t\t\t});\n\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\ttoken: session.token,\n\t\t\t\t\t\t\tuser: parseUserOutput(ctx.context.options, newUser.user),\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst account = await ctx.context.internalAdapter.findAccount(sub);\n\t\t\t\t\tif (!account) {\n\t\t\t\t\t\tconst accountLinking = ctx.context.options.account?.accountLinking;\n\t\t\t\t\t\tconst shouldLinkAccount =\n\t\t\t\t\t\t\taccountLinking?.enabled !== false &&\n\t\t\t\t\t\t\t(ctx.context.trustedProviders.includes(\"google\") ||\n\t\t\t\t\t\t\t\temail_verified);\n\t\t\t\t\t\tif (shouldLinkAccount) {\n\t\t\t\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\t\t\t\tuserId: user.user.id,\n\t\t\t\t\t\t\t\tproviderId: \"google\",\n\t\t\t\t\t\t\t\taccountId: sub,\n\t\t\t\t\t\t\t\tscope: \"openid,profile,email\",\n\t\t\t\t\t\t\t\tidToken,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\t\tmessage: \"Google sub doesn't match\",\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\tuser.user.id,\n\t\t\t\t\t);\n\n\t\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\t\tuser: user.user,\n\t\t\t\t\t\tsession,\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\ttoken: session.token,\n\t\t\t\t\t\tuser: parseUserOutput(ctx.context.options, user.user),\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\toptions,\n\t}) satisfies BetterAuthPlugin;\n"],"mappings":";;;;;;;;;AAiCA,MAAM,2BAA2B,EAAE,OAAO,EACzC,SAAS,EAAE,QAAQ,CAAC,KAAK,EACxB,aACC,kEACD,CAAC,EACF,CAAC;AAEF,MAAa,UAAU,aACrB;CACA,IAAI;CACJ,WAAW,EACV,gBAAgB,mBACf,qBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU,EACT,SAAS;GACR,SAAS;GACT,aACC;GACD,WAAW;IACV,KAAK;KACJ,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,SAAS,EACR,MAAM,gCACN;OACD,MAAM,EACL,MAAM,6BACN;OACD;MACD,EACD,EACD;KACD;IACD,KAAK,EACJ,aAAa,iBACb;IACD;GACD,EACD;EACD,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,YAAY,IAAI;EACxB,IAAI;AACJ,MAAI;GACH,MAAM,OAAO,mBACZ,IAAI,IAAI,6CAA6C,CACrD;GACD,MAAM,iBACL,OAAO,IAAI,QAAQ,QAAQ,iBAAiB,WAAW,aACpD,MAAM,IAAI,QAAQ,QAAQ,iBAAiB,QAAQ,GACnD,IAAI,QAAQ,QAAQ,iBAAiB;GACzC,MAAM,EAAE,SAAS,oBAAoB,MAAM,UAC1C,SACA,MACA;IACC,QAAQ,CAAC,+BAA+B,sBAAsB;IAC9D,UAAU,SAAS,YAAY,gBAAgB;IAC/C,CACD;AACD,aAAU;UACH;AACP,SAAM,IAAI,SAAS,eAAe,EACjC,SAAS,oBACT,CAAC;;EAEH,MAAM,EAAE,OAAO,gBAAgB,MAAM,SAAS,QAAQ;AACtD,MAAI,CAAC,MACJ,QAAO,IAAI,KAAK,EAAE,OAAO,gCAAgC,CAAC;EAG3D,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM;AACrE,MAAI,CAAC,MAAM;AACV,OAAI,SAAS,cACZ,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;GAEH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,gBACjD;IACC;IACA,eACC,OAAO,mBAAmB,YACvB,iBACA,UAAU,eAAe;IAC7B;IACA,OAAO;IACP,EACD;IACC,YAAY;IACZ,WAAW;IACX,CACD;AACD,OAAI,CAAC,QACJ,OAAM,IAAI,SAAS,yBAAyB,EAC3C,SAAS,yBACT,CAAC;GAEH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,QAAQ,KAAK,GACb;AACD,SAAM,iBAAiB,KAAK;IAC3B,MAAM,QAAQ;IACd;IACA,CAAC;AACF,UAAO,IAAI,KAAK;IACf,OAAO,QAAQ;IACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,QAAQ,KAAK;IACxD,CAAC;;AAGH,MAAI,CADY,MAAM,IAAI,QAAQ,gBAAgB,YAAY,IAAI,CAOjE,MALuB,IAAI,QAAQ,QAAQ,SAAS,iBAEnC,YAAY,UAC3B,IAAI,QAAQ,iBAAiB,SAAS,SAAS,IAC/C,gBAED,OAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,QAAQ,KAAK,KAAK;GAClB,YAAY;GACZ,WAAW;GACX,OAAO;GACP;GACA,CAAC;MAEF,OAAM,IAAI,SAAS,gBAAgB,EAClC,SAAS,4BACT,CAAC;EAGJ,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,KAAK,KAAK,GACV;AAED,QAAM,iBAAiB,KAAK;GAC3B,MAAM,KAAK;GACX;GACA,CAAC;AACF,SAAO,IAAI,KAAK;GACf,OAAO,QAAQ;GACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,KAAK;GACrD,CAAC;GAEH,EACD;CACD;CACA"}

package/dist/plugins/one-time-token/client.d.mts

@@ -0,0 +1,10 @@
+import { OneTimeTokenOptions, oneTimeToken } from "./index.mjs";
+
+//#region src/plugins/one-time-token/client.d.ts
+declare const oneTimeTokenClient: () => {
+  id: "one-time-token";
+  $InferServerPlugin: ReturnType<typeof oneTimeToken>;
+};
+//#endregion
+export { oneTimeTokenClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/one-time-token/client.mjs

@@ -0,0 +1,11 @@
+//#region src/plugins/one-time-token/client.ts
+const oneTimeTokenClient = () => {
+	return {
+		id: "one-time-token",
+		$InferServerPlugin: {}
+	};
+};
+
+//#endregion
+export { oneTimeTokenClient };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/one-time-token/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/one-time-token/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { oneTimeToken } from \"./index\";\n\nexport const oneTimeTokenClient = () => {\n\treturn {\n\t\tid: \"one-time-token\",\n\t\t$InferServerPlugin: {} as ReturnType<typeof oneTimeToken>,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport type { OneTimeTokenOptions } from \"./index\";\n"],"mappings":";AAGA,MAAa,2BAA2B;AACvC,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EACtB"}