@soapjs/soap-auth 0.3.3 → 0.4.4

package/build/strategies/local/local.strategy.js

@@ -3,24 +3,105 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.LocalStrategy = void 0;
 const credential_auth_strategy_1 = require("../credential-auth.strategy");
 const local_tools_1 = require("./local.tools");
+const errors_1 = require("../../errors");
+const validation_1 = require("../../utils/validation");
 class LocalStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
     session;
     jwt;
     logger;
+    name = "local";
     constructor(config, session, jwt, logger) {
+        LocalStrategy.validateConfig(config);
         super((0, local_tools_1.prepareLocalConfig)(config), session, jwt, logger);
         this.session = session;
         this.jwt = jwt;
         this.logger = logger;
     }
+    static validateConfig(config) {
+        try {
+            validation_1.ValidationUtils.required(config, "config");
+            if (config.credentials) {
+                validation_1.ValidationUtils.required(config.credentials.extractCredentials, "config.credentials.extractCredentials");
+                validation_1.ValidationUtils.function(config.credentials.extractCredentials, "config.credentials.extractCredentials");
+                validation_1.ValidationUtils.required(config.credentials.verifyCredentials, "config.credentials.verifyCredentials");
+                validation_1.ValidationUtils.function(config.credentials.verifyCredentials, "config.credentials.verifyCredentials");
+            }
+            if (config.user) {
+                validation_1.ValidationUtils.required(config.user.fetchUser, "config.user.fetchUser");
+                validation_1.ValidationUtils.function(config.user.fetchUser, "config.user.fetchUser");
+            }
+            if (config.routes) {
+                validation_1.ValidationUtils.required(config.routes.login, "config.routes.login");
+                validation_1.ValidationUtils.required(config.routes.logout, "config.routes.logout");
+                validation_1.ValidationUtils.object(config.routes.login, "config.routes.login");
+                validation_1.ValidationUtils.object(config.routes.logout, "config.routes.logout");
+                if (config.routes.login) {
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.login.path, "config.routes.login.path");
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.login.method, "config.routes.login.method");
+                }
+                if (config.routes.logout) {
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.logout.path, "config.routes.logout.path");
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.logout.method, "config.routes.logout.method");
+                }
+            }
+        }
+        catch (error) {
+            if (error instanceof validation_1.ValidationError) {
+                throw error;
+            }
+            throw new validation_1.ValidationError(`Invalid Local strategy configuration: ${error.message}`);
+        }
+    }
     extractCredentials(context) {
+        validation_1.ValidationUtils.required(context, "context");
         return this.config.credentials.extractCredentials(context);
     }
     async verifyCredentials(identifier, password) {
+        validation_1.ValidationUtils.nonEmptyString(identifier, "identifier");
+        validation_1.ValidationUtils.nonEmptyString(password, "password");
         return this.config.credentials.verifyCredentials(identifier, password);
     }
-    async fetchUser(credentials) {
-        return this.config.user.fetchUser(credentials.identifier);
+    async fetchUser(identifierOrCredentials) {
+        validation_1.ValidationUtils.required(identifierOrCredentials, "identifier");
+        const identifier = typeof identifierOrCredentials === "string"
+            ? identifierOrCredentials
+            : identifierOrCredentials?.identifier;
+        validation_1.ValidationUtils.nonEmptyString(identifier, "identifier");
+        return this.config.user.fetchUser(identifier);
+    }
+    async changePassword(context) {
+        try {
+            const credentials = await this.config.credentials.extractCredentials(context);
+            if (!credentials) {
+                throw new errors_1.MissingCredentialsError();
+            }
+            if (!credentials.identifier ||
+                !credentials.password ||
+                !credentials.newPassword) {
+                throw new errors_1.InvalidCredentialsError();
+            }
+            await this.accountLock?.isAccountLocked(credentials.identifier);
+            await this.throttle?.checkFailedAttempts(credentials.identifier);
+            const user = await this.fetchUser(credentials);
+            if (!user) {
+                throw new errors_1.UserNotFoundError();
+            }
+            if ((await this.verifyCredentials(credentials.identifier, credentials.password)) === false) {
+                await this.throttle?.incrementFailedAttempts(credentials.identifier);
+                throw new errors_1.InvalidCredentialsError();
+            }
+            await this.password.validatePassword(credentials.newPassword, credentials.password);
+            await this.password.updatePassword(credentials.identifier, credentials.newPassword);
+            await this.throttle?.resetFailedAttempts(credentials.identifier);
+            await this.onSuccess("change_password", {
+                identifier: credentials.identifier,
+            });
+            this.logger?.info(`User password ${credentials.identifier} changed.`);
+        }
+        catch (error) {
+            await this.onFailure("change_password", { context, error });
+            throw error;
+        }
     }
 }
 exports.LocalStrategy = LocalStrategy;

package/build/strategies/oauth2/hybrid.oauth2.strategy.d.ts

@@ -1,5 +1,5 @@
-import { AuthResult } from "../../types";
+import * as Soap from "@soapjs/soap";
 import { OAuth2Strategy } from "./oauth2.strategy";
-export declare abstract class HybridOAuth2Strategy<TContext = unknown, TUser = unknown> extends OAuth2Strategy<TContext, TUser> {
-    authenticate(context: TContext): Promise<AuthResult<TUser>>;
+export declare abstract class HybridOAuth2Strategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends OAuth2Strategy<TContext, TUser> {
+    authenticate(context: TContext): Promise<Soap.AuthResult<TUser> | null>;
 }

package/build/strategies/oauth2/hybrid.oauth2.strategy.js

@@ -3,8 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.HybridOAuth2Strategy = void 0;
 const errors_1 = require("../../errors");
 const oauth2_strategy_1 = require("./oauth2.strategy");
-const oauth2_errors_1 = require("./oauth2.errors");
-const oauth2_tools_1 = require("./oauth2.tools");
 class HybridOAuth2Strategy extends oauth2_strategy_1.OAuth2Strategy {
     async authenticate(context) {
         try {
@@ -54,10 +52,7 @@ class HybridOAuth2Strategy extends oauth2_strategy_1.OAuth2Strategy {
                     this.login(context);
                     throw new errors_1.MissingAuthorizationCodeError();
                 }
-                const returnedState = oauth2_tools_1.OAuth2Tools.extractState(context);
-                if (!(await this.config.state?.validateState(context, returnedState))) {
-                    throw new oauth2_errors_1.InvalidStateError();
-                }
+                await this.validateState(context);
                 const exchangedTokens = await this.exchangeCodeForToken(context, code);
                 accessToken = exchangedTokens.accessToken;
                 refreshToken = exchangedTokens.refreshToken;

package/build/strategies/oauth2/oauth2.errors.d.ts

@@ -1,6 +1,7 @@
 export declare class InvalidNonceError extends Error {
 }
 export declare class InvalidStateError extends Error {
+    constructor(message?: string);
 }
 export declare class InvalidIdTokenError extends Error {
 }

package/build/strategies/oauth2/oauth2.errors.js

@@ -5,6 +5,10 @@ class InvalidNonceError extends Error {
 }
 exports.InvalidNonceError = InvalidNonceError;
 class InvalidStateError extends Error {
+    constructor(message = "OAuth2 state mismatch (possible CSRF).") {
+        super(message);
+        this.name = "InvalidStateError";
+    }
 }
 exports.InvalidStateError = InvalidStateError;
 class InvalidIdTokenError extends Error {

package/build/strategies/oauth2/oauth2.strategy.d.ts

@@ -1,16 +1,16 @@
 import * as Soap from "@soapjs/soap";
-import { AuthResult } from "../../types";
 import { OAuth2StrategyConfig } from "./oauth2.types";
 import { SessionHandler } from "../../session/session-handler";
 import { BaseAuthStrategy } from "../base-auth.strategy";
 import { JwtStrategy } from "../jwt/jwt.strategy";
 import { JwtService } from "../../services/jwks.service";
 import { PKCEService } from "../../services/pkce.service";
-export declare abstract class OAuth2Strategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
+export declare abstract class OAuth2Strategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends BaseAuthStrategy<TContext, TUser> {
     protected config: OAuth2StrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected jwt?: JwtStrategy<TContext, TUser>;
     protected logger?: Soap.Logger;
+    abstract readonly name: string;
     protected jwks: JwtService;
     protected pkce: PKCEService<TContext>;
     protected abstract extractAccessToken(context: TContext): Promise<string | undefined>;
@@ -27,13 +27,15 @@ export declare abstract class OAuth2Strategy<TContext = unknown, TUser = unknown
         identifier: string;
         password: string;
     }>;
-    authenticate(context: TContext): Promise<AuthResult<TUser>>;
+    authenticate(context: TContext): Promise<Soap.AuthResult<TUser> | null>;
     protected processOAuthFlow(context: TContext): Promise<{
         accessToken: string;
         refreshToken?: string;
     }>;
     protected verifyAuthorizationCode(context: TContext, code: string): Promise<void>;
-    protected buildAuthorizationUrl(context: TContext): Promise<string>;
+    protected startAuthorizationFlow(context: TContext): Promise<void>;
+    protected validateState(context: TContext): Promise<void>;
+    protected buildAuthorizationUrl(context: TContext, state?: string, nonce?: string): Promise<string>;
     protected exchangeCodeForToken(context: TContext, code: string): Promise<{
         accessToken: string;
         idToken?: string;

package/build/strategies/oauth2/oauth2.strategy.js

@@ -1,10 +1,6 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OAuth2Strategy = void 0;
-const axios_1 = __importDefault(require("axios"));
 const errors_1 = require("../../errors");
 const oauth2_tools_1 = require("./oauth2.tools");
 const base_auth_strategy_1 = require("../base-auth.strategy");
@@ -118,7 +114,7 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
             if (this.session) {
                 session = await this.session.issueSession(user, context);
             }
-            await this.role.isAuthorized(user);
+            await this.role?.isAuthorized(user);
             return { user: user, tokens: { accessToken, refreshToken }, session };
         }
         catch (error) {
@@ -133,6 +129,7 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
         if (this.config.grantType === "authorization_code") {
             const authorizationCode = this.extractAuthorizationCode(context);
             await this.verifyAuthorizationCode(context, authorizationCode);
+            await this.validateState(context);
             const tokenResult = await this.exchangeCodeForToken(context, authorizationCode);
             return tokenResult;
         }
@@ -155,13 +152,54 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
     async verifyAuthorizationCode(context, code) {
         if (!code) {
             this.logger?.warn("Authorization code missing, redirecting user.");
-            const authUrl = await this.buildAuthorizationUrl(context);
-            this.redirectUser(context, authUrl);
+            await this.startAuthorizationFlow(context);
             throw new errors_1.MissingAuthorizationCodeError();
         }
     }
-    async buildAuthorizationUrl(context) {
-        let authorizationUrl = `${this.config.endpoints.authorizationUrl}?client_id=${this.config.clientId}&redirect_uri=${encodeURIComponent(this.config.redirectUri)}&response_type=code&scope=${this.config.scope ?? ""}`;
+    async startAuthorizationFlow(context) {
+        let state;
+        let nonce;
+        if (this.config.state) {
+            state = await oauth2_tools_1.OAuth2Tools.generateState(this.config);
+            await this.config.state.persistence?.store?.(state);
+        }
+        if (this.config.nonce) {
+            nonce = await oauth2_tools_1.OAuth2Tools.generateNonce(this.config);
+            await this.config.nonce.persistence?.store?.(nonce);
+        }
+        const authUrl = await this.buildAuthorizationUrl(context, state, nonce);
+        this.redirectUser(context, authUrl);
+    }
+    async validateState(context) {
+        if (!this.config.state) {
+            return;
+        }
+        const returnedState = oauth2_tools_1.OAuth2Tools.extractState(context);
+        const storedState = (await this.config.state.persistence?.read?.());
+        const valid = this.config.state.validateState
+            ? await this.config.state.validateState(storedState, returnedState)
+            : !!storedState && storedState === returnedState;
+        if (!valid) {
+            throw new oauth2_errors_1.InvalidStateError();
+        }
+        await this.config.state.persistence?.remove?.();
+    }
+    async buildAuthorizationUrl(context, state, nonce) {
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            redirect_uri: this.config.redirectUri,
+            response_type: "code",
+            scope: Array.isArray(this.config.scope)
+                ? this.config.scope.join(" ")
+                : this.config.scope ?? "",
+        });
+        if (state) {
+            params.set("state", state);
+        }
+        if (nonce) {
+            params.set("nonce", nonce);
+        }
+        let authorizationUrl = `${this.config.endpoints.authorizationUrl}?${params.toString()}`;
         if (this.pkce) {
             const codeVerifier = await this.pkce.generateCodeVerifier(context);
             const codeChallenge = this.pkce.generateCodeChallenge(codeVerifier, context);
@@ -186,11 +224,15 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
         else if (this.config.clientSecret) {
             data.client_secret = this.config.clientSecret;
         }
-        const response = await axios_1.default.post(this.config.endpoints.tokenUrl, {
+        const response = await fetch(this.config.endpoints.tokenUrl, {
+            method: "POST",
             headers: { "Content-Type": "application/x-www-form-urlencoded" },
             body: new URLSearchParams(data).toString(),
         });
-        const tokenData = await response.data();
+        if (!response.ok) {
+            throw new Error(`Token exchange failed: ${response.status} ${response.statusText}`);
+        }
+        const tokenData = await response.json();
         return {
             accessToken: tokenData.access_token,
             refreshToken: tokenData.refresh_token,
@@ -199,12 +241,7 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
     }
     async login(context) {
         try {
-            const state = await oauth2_tools_1.OAuth2Tools.generateState(this.config);
-            const nonce = await oauth2_tools_1.OAuth2Tools.generateNonce(this.config);
-            await this.config.state?.persistence?.store?.(state);
-            await this.config.nonce?.persistence?.store?.(nonce);
-            const authUrl = await this.buildAuthorizationUrl(context);
-            this.redirectUser(context, authUrl);
+            await this.startAuthorizationFlow(context);
         }
         catch (error) {
             await this.onFailure("login", {
@@ -219,10 +256,13 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
             if (!this.config.endpoints.userInfoUrl) {
                 throw new errors_1.MissingConfigError("userInfoUrl");
             }
-            const response = await axios_1.default.get(this.config.endpoints.userInfoUrl, {
+            const response = await fetch(this.config.endpoints.userInfoUrl, {
                 headers: { Authorization: `Bearer ${accessToken}` },
             });
-            return (await this.config.user.validateUser(response.data)) || null;
+            if (!response.ok) {
+                throw new Error(`User info request failed: ${response.status}`);
+            }
+            return (await this.config.user.validateUser(await response.json())) || null;
         }
         catch (error) {
             this.logger?.error("Failed to fetch user information:", error);
@@ -230,25 +270,41 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
         }
     }
     async exchangeClientCredentials() {
-        const response = await axios_1.default.post(this.config.endpoints.tokenUrl, {
-            grant_type: "client_credentials",
-            client_id: this.config.clientId,
-            client_secret: this.config.clientSecret,
+        const response = await fetch(this.config.endpoints.tokenUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+                grant_type: "client_credentials",
+                client_id: this.config.clientId,
+                client_secret: this.config.clientSecret,
+            }).toString(),
         });
-        return { accessToken: response.data.access_token };
+        if (!response.ok) {
+            throw new Error(`Client credentials exchange failed: ${response.status}`);
+        }
+        const data = await response.json();
+        return { accessToken: data.access_token };
     }
     async exchangePasswordGrant(username, password) {
         if (!username || !password) {
             throw new errors_1.MissingCredentialsError();
         }
-        const response = await axios_1.default.post(this.config.endpoints.tokenUrl, {
-            grant_type: "password",
-            client_id: this.config.clientId,
-            client_secret: this.config.clientSecret,
-            username,
-            password,
+        const response = await fetch(this.config.endpoints.tokenUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+                grant_type: "password",
+                client_id: this.config.clientId,
+                client_secret: this.config.clientSecret,
+                username,
+                password,
+            }).toString(),
         });
-        return { accessToken: response.data.access_token };
+        if (!response.ok) {
+            throw new Error(`Password grant failed: ${response.status}`);
+        }
+        const data = await response.json();
+        return { accessToken: data.access_token };
     }
     async refreshAccessToken(context) {
         try {
@@ -256,22 +312,27 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
             if (!refreshToken) {
                 throw new errors_1.MissingTokenError("Refresh");
             }
-            const response = await axios_1.default.post(this.config.endpoints.tokenUrl, {
-                grant_type: "refresh_token",
-                client_id: this.config.clientId,
-                client_secret: this.config.clientSecret,
-                refresh_token: refreshToken,
+            const response = await fetch(this.config.endpoints.tokenUrl, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: new URLSearchParams({
+                    grant_type: "refresh_token",
+                    client_id: this.config.clientId,
+                    client_secret: this.config.clientSecret,
+                    refresh_token: refreshToken,
+                }).toString(),
             });
-            if (response.data.error) {
-                this.logger?.warn(`OAuth2 error: ${response.data.error_description || response.data.error}`);
+            const responseData = await response.json();
+            if (responseData.error) {
+                this.logger?.warn(`OAuth2 error: ${responseData.error_description || responseData.error}`);
             }
-            if (response.status !== 200 || !response.data.access_token) {
+            if (!response.ok || !responseData.access_token) {
                 throw new Error("Failed to refresh token");
             }
             const refreshedTokens = {
-                accessToken: response.data.access_token,
-                refreshToken: response.data.refresh_token,
-                idToken: response.data.id_token,
+                accessToken: responseData.access_token,
+                refreshToken: responseData.refresh_token,
+                idToken: responseData.id_token,
             };
             await this.storeAccessToken(refreshedTokens.accessToken, context);
             await this.embedAccessToken(refreshedTokens.accessToken, context);
@@ -322,11 +383,18 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
             throw new errors_1.MissingConfigError("revocationUrl");
         }
         try {
-            await axios_1.default.post(this.config.endpoints.revocationUrl, {
-                token,
-                client_id: this.config.clientId,
-                client_secret: this.config.clientSecret,
+            const response = await fetch(this.config.endpoints.revocationUrl, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: new URLSearchParams({
+                    token,
+                    client_id: this.config.clientId,
+                    client_secret: this.config.clientSecret,
+                }).toString(),
             });
+            if (!response.ok) {
+                throw new Error(`Token revocation failed: ${response.status}`);
+            }
             this.logger?.info("Token revoked successfully.");
         }
         catch (error) {

package/build/strategies/oauth2/oauth2.tools.js

@@ -104,14 +104,14 @@ const prepareOAuth2Config = (config) => {
             : undefined,
         state: config.state
             ? {
-                generateState: () => Math.random().toString(36).substring(2, 15),
+                generateState: () => (0, tools_1.generateRandomString)(),
                 validateState: (storedState, returnedState) => storedState === returnedState,
                 ...config.state,
             }
             : undefined,
         nonce: config.nonce
             ? {
-                generateNonce: () => Math.random().toString(36).substring(2, 15),
+                generateNonce: () => (0, tools_1.generateRandomString)(),
                 validateNonce: (storedNonce, returnedNonce) => storedNonce === returnedNonce,
                 ...config.nonce,
             }

package/build/strategies/oauth2/oauth2.types.d.ts

@@ -1,5 +1,5 @@
 import { Algorithm } from "jsonwebtoken";
-import { CredentailsConfig, PKCEConfig, AuthRouteConfig, TokenAuthStrategyConfig, PersistenceConfig, ContextOperationConfig } from "../../types";
+import { CredentialsConfig, PKCEConfig, AuthRouteConfig, TokenAuthStrategyConfig, PersistenceConfig, ContextOperationConfig } from "../../types";
 export interface OAuth2Endpoints {
     authorizationUrl: string;
     tokenUrl: string;
@@ -36,7 +36,7 @@ export interface OAuth2StrategyConfig<TContext = unknown, TUser = unknown> exten
     responseType?: "code" | "token" | "id_token" | string;
     grantType: "authorization_code" | "client_credentials" | "password" | "refresh_token" | string;
     endpoints: OAuth2Endpoints;
-    credentials?: CredentailsConfig<TContext>;
+    credentials?: CredentialsConfig<TContext>;
     pkce?: PKCEConfig<TContext>;
     routes: {
         login: AuthRouteConfig;

package/build/strategies/oauth2/providers/facebook.strategy.d.ts

@@ -0,0 +1,11 @@
+import * as Soap from "@soapjs/soap";
+import { SessionHandler } from "../../../session/session-handler";
+import { JwtStrategy } from "../../jwt/jwt.strategy";
+import { HttpOAuth2Strategy } from "./http-oauth2.strategy";
+import { SocialProviderConfig } from "./provider.types";
+export type FacebookStrategyConfig<TUser extends Soap.AuthUser = Soap.AuthUser> = SocialProviderConfig<TUser>;
+export declare class FacebookStrategy<TUser extends Soap.AuthUser = Soap.AuthUser> extends HttpOAuth2Strategy<TUser> {
+    readonly name = "facebook";
+    constructor(config: FacebookStrategyConfig<TUser>, session?: SessionHandler, jwt?: JwtStrategy<Soap.HttpContext, TUser>, logger?: Soap.Logger);
+    protected fetchUser(accessToken: string): Promise<TUser | null>;
+}

package/build/strategies/oauth2/providers/facebook.strategy.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FacebookStrategy = void 0;
+const http_oauth2_strategy_1 = require("./http-oauth2.strategy");
+const FACEBOOK_API_VERSION = "v19.0";
+const FACEBOOK_ENDPOINTS = {
+    authorizationUrl: "https://www.facebook.com/dialog/oauth",
+    tokenUrl: `https://graph.facebook.com/${FACEBOOK_API_VERSION}/oauth/access_token`,
+    userInfoUrl: `https://graph.facebook.com/${FACEBOOK_API_VERSION}/me`,
+    revocationUrl: `https://graph.facebook.com/${FACEBOOK_API_VERSION}/me/permissions`,
+};
+const FACEBOOK_FIELDS = "id,name,email,picture";
+class FacebookStrategy extends http_oauth2_strategy_1.HttpOAuth2Strategy {
+    name = "facebook";
+    constructor(config, session, jwt, logger) {
+        super({
+            grantType: "authorization_code",
+            scope: config.scope ?? ["email", "public_profile"],
+            routes: {
+                login: { path: "/auth/facebook", method: "GET" },
+                callback: { path: "/auth/facebook/callback", method: "GET" },
+                logout: { path: "/auth/facebook/logout", method: "POST" },
+                ...config.routes,
+            },
+            ...config,
+            endpoints: { ...FACEBOOK_ENDPOINTS, ...config.endpoints },
+        }, session, jwt, logger);
+    }
+    async fetchUser(accessToken) {
+        try {
+            const url = new URL(FACEBOOK_ENDPOINTS.userInfoUrl);
+            url.searchParams.set("fields", FACEBOOK_FIELDS);
+            url.searchParams.set("access_token", accessToken);
+            const response = await fetch(url.toString());
+            if (!response.ok)
+                return null;
+            const profile = await response.json();
+            if (profile.error) {
+                this.logger?.error("Facebook API error:", profile.error);
+                return null;
+            }
+            if (this.config.user?.validateUser) {
+                return this.config.user.validateUser(profile);
+            }
+            return {
+                id: profile.id,
+                email: profile.email,
+                username: profile.name,
+                picture: profile.picture?.data?.url,
+            };
+        }
+        catch (error) {
+            this.logger?.error("FacebookStrategy.fetchUser failed:", error);
+            return null;
+        }
+    }
+}
+exports.FacebookStrategy = FacebookStrategy;

package/build/strategies/oauth2/providers/github.strategy.d.ts

@@ -0,0 +1,11 @@
+import * as Soap from "@soapjs/soap";
+import { SessionHandler } from "../../../session/session-handler";
+import { JwtStrategy } from "../../jwt/jwt.strategy";
+import { HttpOAuth2Strategy } from "./http-oauth2.strategy";
+import { SocialProviderConfig } from "./provider.types";
+export type GitHubStrategyConfig<TUser extends Soap.AuthUser = Soap.AuthUser> = SocialProviderConfig<TUser>;
+export declare class GitHubStrategy<TUser extends Soap.AuthUser = Soap.AuthUser> extends HttpOAuth2Strategy<TUser> {
+    readonly name = "github";
+    constructor(config: GitHubStrategyConfig<TUser>, session?: SessionHandler, jwt?: JwtStrategy<Soap.HttpContext, TUser>, logger?: Soap.Logger);
+    protected fetchUser(accessToken: string): Promise<TUser | null>;
+}

package/build/strategies/oauth2/providers/github.strategy.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GitHubStrategy = void 0;
+const http_oauth2_strategy_1 = require("./http-oauth2.strategy");
+const GITHUB_ENDPOINTS = {
+    authorizationUrl: "https://github.com/login/oauth/authorize",
+    tokenUrl: "https://github.com/login/oauth/access_token",
+    userInfoUrl: "https://api.github.com/user",
+    revocationUrl: "https://api.github.com/applications/{client_id}/token",
+};
+class GitHubStrategy extends http_oauth2_strategy_1.HttpOAuth2Strategy {
+    name = "github";
+    constructor(config, session, jwt, logger) {
+        super({
+            grantType: "authorization_code",
+            scope: config.scope ?? ["read:user", "user:email"],
+            routes: {
+                login: { path: "/auth/github", method: "GET" },
+                callback: { path: "/auth/github/callback", method: "GET" },
+                logout: { path: "/auth/github/logout", method: "POST" },
+                ...config.routes,
+            },
+            ...config,
+            endpoints: { ...GITHUB_ENDPOINTS, ...config.endpoints },
+        }, session, jwt, logger);
+    }
+    async fetchUser(accessToken) {
+        try {
+            const response = await fetch(GITHUB_ENDPOINTS.userInfoUrl, {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    Accept: "application/vnd.github+json",
+                    "X-GitHub-Api-Version": "2022-11-28",
+                },
+            });
+            if (!response.ok)
+                return null;
+            const profile = await response.json();
+            if (this.config.user?.validateUser) {
+                return this.config.user.validateUser(profile);
+            }
+            return {
+                id: profile.id,
+                email: profile.email,
+                username: profile.login,
+                name: profile.name,
+                avatarUrl: profile.avatar_url,
+            };
+        }
+        catch (error) {
+            this.logger?.error("GitHubStrategy.fetchUser failed:", error);
+            return null;
+        }
+    }
+}
+exports.GitHubStrategy = GitHubStrategy;

package/build/strategies/oauth2/providers/google.strategy.d.ts

@@ -0,0 +1,11 @@
+import * as Soap from "@soapjs/soap";
+import { SessionHandler } from "../../../session/session-handler";
+import { JwtStrategy } from "../../jwt/jwt.strategy";
+import { HttpOAuth2Strategy } from "./http-oauth2.strategy";
+import { SocialProviderConfig } from "./provider.types";
+export type GoogleStrategyConfig<TUser extends Soap.AuthUser = Soap.AuthUser> = SocialProviderConfig<TUser>;
+export declare class GoogleStrategy<TUser extends Soap.AuthUser = Soap.AuthUser> extends HttpOAuth2Strategy<TUser> {
+    readonly name = "google";
+    constructor(config: GoogleStrategyConfig<TUser>, session?: SessionHandler, jwt?: JwtStrategy<Soap.HttpContext, TUser>, logger?: Soap.Logger);
+    protected fetchUser(accessToken: string): Promise<TUser | null>;
+}