@soapjs/soap-auth 0.4.0 → 1.0.0

package/build/recipes/http-context.helpers.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.redirect = exports.setCookie = exports.getCookie = exports.setBearerToken = exports.extractBearerToken = void 0;
+function extractBearerToken(context) {
+    const header = context?.req?.headers?.authorization ??
+        context?.request?.headers?.authorization ??
+        context?.headers?.authorization;
+    if (typeof header === "string" && header.toLowerCase().startsWith("bearer ")) {
+        return header.slice(7);
+    }
+    return undefined;
+}
+exports.extractBearerToken = extractBearerToken;
+function setBearerToken(context, token) {
+    const value = `Bearer ${token}`;
+    if (typeof context?.res?.setHeader === "function") {
+        context.res.setHeader("Authorization", value);
+    }
+    else if (typeof context?.response?.setHeader === "function") {
+        context.response.setHeader("Authorization", value);
+    }
+    else if (typeof context?.setHeader === "function") {
+        context.setHeader("Authorization", value);
+    }
+}
+exports.setBearerToken = setBearerToken;
+function getCookie(context, name) {
+    return (context?.req?.cookies?.[name] ??
+        context?.request?.cookies?.[name] ??
+        context?.cookies?.[name]);
+}
+exports.getCookie = getCookie;
+function setCookie(context, name, value, options = {}) {
+    if (typeof context?.res?.cookie === "function") {
+        context.res.cookie(name, value, options);
+    }
+    else if (typeof context?.response?.cookie === "function") {
+        context.response.cookie(name, value, options);
+    }
+    else if (typeof context?.cookie === "function") {
+        context.cookie(name, value, options);
+    }
+}
+exports.setCookie = setCookie;
+function redirect(context, url, status = 302) {
+    if (typeof context?.res?.redirect === "function") {
+        context.res.redirect(url);
+    }
+    else if (typeof context?.response?.redirect === "function") {
+        context.response.redirect(url);
+    }
+    else if (typeof context?.redirect === "function") {
+        context.redirect(url);
+    }
+    else if (typeof context?.res?.setHeader === "function") {
+        context.res.setHeader("Location", url);
+        context.res.status?.(status);
+    }
+    else if (typeof context?.setHeader === "function") {
+        context.setHeader("Location", url);
+        context.status?.(status);
+    }
+}
+exports.redirect = redirect;

package/build/recipes/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./auth-config.recipes";
+export * from "./http-context.helpers";
+export * from "./oauth2-presets";

package/build/recipes/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth-config.recipes"), exports);
+__exportStar(require("./http-context.helpers"), exports);
+__exportStar(require("./oauth2-presets"), exports);

package/build/recipes/oauth2-presets.d.ts

@@ -0,0 +1,20 @@
+import { OAuth2Endpoints } from "../strategies/oauth2/oauth2.types";
+export type OAuth2ProviderPreset = "auth0" | "keycloak" | "discord" | "google" | "github" | "facebook";
+export interface Auth0PresetOptions {
+    domain: string;
+}
+export interface KeycloakPresetOptions {
+    baseUrl: string;
+    realm: string;
+}
+export interface FacebookPresetOptions {
+    version?: string;
+}
+export declare const oauth2ProviderEndpoints: {
+    auth0(options: Auth0PresetOptions): OAuth2Endpoints;
+    keycloak(options: KeycloakPresetOptions): OAuth2Endpoints;
+    discord(): OAuth2Endpoints;
+    google(): OAuth2Endpoints;
+    github(): OAuth2Endpoints;
+    facebook(options?: FacebookPresetOptions): OAuth2Endpoints;
+};

package/build/recipes/oauth2-presets.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauth2ProviderEndpoints = void 0;
+function trimTrailingSlash(value) {
+    return value.replace(/\/+$/, "");
+}
+function ensureHttpsUrl(value) {
+    if (/^https?:\/\//i.test(value)) {
+        return trimTrailingSlash(value);
+    }
+    return `https://${trimTrailingSlash(value)}`;
+}
+exports.oauth2ProviderEndpoints = {
+    auth0(options) {
+        if (!options?.domain) {
+            throw new Error("Auth0 OAuth2 preset requires domain.");
+        }
+        const baseUrl = ensureHttpsUrl(options.domain);
+        return {
+            authorizationUrl: `${baseUrl}/authorize`,
+            tokenUrl: `${baseUrl}/oauth/token`,
+            userInfoUrl: `${baseUrl}/userinfo`,
+            revocationUrl: `${baseUrl}/oauth/revoke`,
+            logoutUrl: `${baseUrl}/v2/logout`,
+        };
+    },
+    keycloak(options) {
+        if (!options?.baseUrl || !options?.realm) {
+            throw new Error("Keycloak OAuth2 preset requires baseUrl and realm.");
+        }
+        const baseUrl = ensureHttpsUrl(options.baseUrl);
+        const realmUrl = `${baseUrl}/realms/${encodeURIComponent(options.realm)}`;
+        return {
+            authorizationUrl: `${realmUrl}/protocol/openid-connect/auth`,
+            tokenUrl: `${realmUrl}/protocol/openid-connect/token`,
+            userInfoUrl: `${realmUrl}/protocol/openid-connect/userinfo`,
+            revocationUrl: `${realmUrl}/protocol/openid-connect/revoke`,
+            logoutUrl: `${realmUrl}/protocol/openid-connect/logout`,
+        };
+    },
+    discord() {
+        return {
+            authorizationUrl: "https://discord.com/oauth2/authorize",
+            tokenUrl: "https://discord.com/api/oauth2/token",
+            userInfoUrl: "https://discord.com/api/users/@me",
+            revocationUrl: "https://discord.com/api/oauth2/token/revoke",
+        };
+    },
+    google() {
+        return {
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            userInfoUrl: "https://openidconnect.googleapis.com/v1/userinfo",
+            revocationUrl: "https://oauth2.googleapis.com/revoke",
+        };
+    },
+    github() {
+        return {
+            authorizationUrl: "https://github.com/login/oauth/authorize",
+            tokenUrl: "https://github.com/login/oauth/access_token",
+            userInfoUrl: "https://api.github.com/user",
+            revocationUrl: "https://api.github.com/applications/{client_id}/token",
+        };
+    },
+    facebook(options = {}) {
+        const version = options.version ?? "v19.0";
+        return {
+            authorizationUrl: "https://www.facebook.com/dialog/oauth",
+            tokenUrl: `https://graph.facebook.com/${version}/oauth/access_token`,
+            userInfoUrl: `https://graph.facebook.com/${version}/me`,
+            revocationUrl: `https://graph.facebook.com/${version}/me/permissions`,
+        };
+    },
+};

package/build/soap-auth.js

@@ -7,6 +7,7 @@ const jwt_strategy_1 = require("./strategies/jwt/jwt.strategy");
 const local_strategy_1 = require("./strategies/local/local.strategy");
 const basic_strategy_1 = require("./strategies/basic/basic.strategy");
 const api_key_strategy_1 = require("./strategies/api-key/api-key.strategy");
+const providers_1 = require("./strategies/oauth2/providers");
 class SoapAuth {
     requiredStrategyMethods = ["authenticate"];
     strategies = new Map();
@@ -219,6 +220,67 @@ class SoapAuth {
             if (sharedJwt) {
                 auth.addStrategy(sharedJwt, "jwt", "http");
             }
+            if (config.http.oauth2) {
+                for (const [provider, providerConfig] of Object.entries(config.http.oauth2)) {
+                    switch (provider) {
+                        case "google":
+                            auth.addStrategy(new providers_1.GoogleStrategy(providerConfig, sessionHandler, sharedJwt, logger), "google", "http");
+                            break;
+                        case "github":
+                            auth.addStrategy(new providers_1.GitHubStrategy(providerConfig, sessionHandler, sharedJwt, logger), "github", "http");
+                            break;
+                        case "facebook":
+                            auth.addStrategy(new providers_1.FacebookStrategy(providerConfig, sessionHandler, sharedJwt, logger), "facebook", "http");
+                            break;
+                        default:
+                            if (providerConfig.endpoints?.authorizationUrl &&
+                                providerConfig.endpoints?.tokenUrl) {
+                                auth.addStrategy(new providers_1.ConfigurableOAuth2Strategy({
+                                    ...providerConfig,
+                                    name: provider,
+                                    grantType: providerConfig.grantType ?? "authorization_code",
+                                    routes: {
+                                        login: {
+                                            path: `/auth/${provider}`,
+                                            method: "GET",
+                                        },
+                                        callback: {
+                                            path: `/auth/${provider}/callback`,
+                                            method: "GET",
+                                        },
+                                        ...providerConfig.routes,
+                                    },
+                                }, sessionHandler, sharedJwt, logger), provider, "http");
+                                break;
+                            }
+                            throw new Error(`OAuth2 provider "${provider}" requires endpoints.authorizationUrl and endpoints.tokenUrl, or a custom strategy via http.custom.`);
+                    }
+                }
+            }
+            if (config.http.hybridOAuth2) {
+                for (const [provider, providerConfig] of Object.entries(config.http.hybridOAuth2)) {
+                    if (!providerConfig.endpoints?.authorizationUrl ||
+                        !providerConfig.endpoints?.tokenUrl) {
+                        throw new Error(`Hybrid OAuth2 provider "${provider}" requires endpoints.authorizationUrl and endpoints.tokenUrl, or a custom strategy via http.custom.`);
+                    }
+                    auth.addStrategy(new providers_1.ConfigurableHybridOAuth2Strategy({
+                        ...providerConfig,
+                        name: provider,
+                        grantType: providerConfig.grantType ?? "authorization_code",
+                        routes: {
+                            login: {
+                                path: `/auth/${provider}`,
+                                method: "GET",
+                            },
+                            callback: {
+                                path: `/auth/${provider}/callback`,
+                                method: "GET",
+                            },
+                            ...providerConfig.routes,
+                        },
+                    }, sessionHandler, sharedJwt, logger), provider, "http");
+                }
+            }
             if (config.http.custom) {
                 for (const [name, strategy] of Object.entries(config.http.custom)) {
                     auth.addStrategy(strategy, name, "http");

package/build/strategies/jwt/jwt.strategy.js

@@ -105,12 +105,12 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         return Promise.resolve(jwt_tools_1.JwtTools.generateRefreshToken(payload, this.refreshTokenConfig));
     }
     async storeAccessToken(token) {
-        if (this.accessTokenConfig.persistence.store) {
+        if (this.accessTokenConfig.persistence?.store) {
             await this.accessTokenConfig.persistence.store(token, null, this.accessTokenConfig.issuer.options.expiresIn);
         }
     }
     async storeRefreshToken(token) {
-        if (this.refreshTokenConfig.persistence.store) {
+        if (this.refreshTokenConfig?.persistence?.store) {
             await this.refreshTokenConfig.persistence.store(token, null, this.refreshTokenConfig.issuer.options.expiresIn);
         }
     }
@@ -141,6 +141,9 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         }
     }
     extractRefreshToken(context) {
+        if (!this.refreshTokenConfig) {
+            return undefined;
+        }
         if (this.refreshTokenConfig.extract) {
             return this.refreshTokenConfig.extract(context);
         }
@@ -161,7 +164,7 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
     async invalidateRefreshToken(token, context) {
         const refreshToken = token || (await this.extractRefreshToken(context));
         if (refreshToken) {
-            await this.refreshTokenConfig.persistence?.remove?.(refreshToken);
+            await this.refreshTokenConfig?.persistence?.remove?.(refreshToken);
             if (context) {
                 jwt_tools_1.JwtTools.clearDefaultJwtCookie(context);
                 jwt_tools_1.JwtTools.clearDefaultJwtHeader(context);

package/build/strategies/jwt/jwt.tools.js

@@ -88,6 +88,7 @@ class JwtTools {
         return context.req.cookies?.refreshToken;
     }
     static prepareAccessTokenConfig = (config) => {
+        const verifierOptions = config.verifier?.options ?? {};
         return Soap.removeUndefinedProperties({
             ...config,
             issuer: {
@@ -101,14 +102,15 @@ class JwtTools {
             verifier: {
                 ...config.verifier,
                 options: {
-                    ...config.verifier.options,
-                    algorithms: config.verifier.options.algorithms || ["HS256"],
-                    expiresIn: config.verifier.options.expiresIn || "1h",
+                    ...verifierOptions,
+                    algorithms: verifierOptions.algorithms || ["HS256"],
+                    expiresIn: verifierOptions.expiresIn || "1h",
                 },
             },
         });
     };
     static prepareRefreshTokenConfig = (config) => {
+        const verifierOptions = config.verifier?.options ?? {};
         return Soap.removeUndefinedProperties({
             ...config,
             issuer: {
@@ -122,9 +124,9 @@ class JwtTools {
             verifier: {
                 ...config.verifier,
                 options: {
-                    ...config.verifier.options,
-                    algorithms: config.verifier.options.algorithms || ["HS256"],
-                    expiresIn: config.verifier.options.expiresIn || "7d",
+                    ...verifierOptions,
+                    algorithms: verifierOptions.algorithms || ["HS256"],
+                    expiresIn: verifierOptions.expiresIn || "7d",
                 },
             },
         });

package/build/strategies/local/local.strategy.d.ts

@@ -15,9 +15,9 @@ export declare class LocalStrategy<TContext = Soap.HttpContext, TUser extends So
         password: string;
     }>;
     protected verifyCredentials(identifier: string, password: string): Promise<boolean>;
-    protected fetchUser(credentials: {
+    protected fetchUser(identifierOrCredentials: string | {
         identifier: string;
-        password: string;
+        password?: string;
     }): Promise<TUser | null>;
     changePassword(context: TContext): Promise<void>;
 }

package/build/strategies/local/local.strategy.js

@@ -61,13 +61,13 @@ class LocalStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
         validation_1.ValidationUtils.nonEmptyString(password, "password");
         return this.config.credentials.verifyCredentials(identifier, password);
     }
-    async fetchUser(credentials) {
-        validation_1.ValidationUtils.required(credentials, "credentials");
-        if (credentials && typeof credentials === "object" && !Array.isArray(credentials)) {
-            validation_1.ValidationUtils.nonEmptyString(credentials.identifier, "credentials.identifier");
-            validation_1.ValidationUtils.nonEmptyString(credentials.password, "credentials.password");
-        }
-        return this.config.user.fetchUser(credentials.identifier);
+    async fetchUser(identifierOrCredentials) {
+        validation_1.ValidationUtils.required(identifierOrCredentials, "identifier");
+        const identifier = typeof identifierOrCredentials === "string"
+            ? identifierOrCredentials
+            : identifierOrCredentials?.identifier;
+        validation_1.ValidationUtils.nonEmptyString(identifier, "identifier");
+        return this.config.user.fetchUser(identifier);
     }
     async changePassword(context) {
         try {

package/build/strategies/oauth2/hybrid.oauth2.strategy.js

@@ -49,7 +49,7 @@ class HybridOAuth2Strategy extends oauth2_strategy_1.OAuth2Strategy {
             if (!accessToken) {
                 const code = this.extractAuthorizationCode(context);
                 if (!code) {
-                    this.login(context);
+                    await this.login(context);
                     throw new errors_1.MissingAuthorizationCodeError();
                 }
                 await this.validateState(context);

package/build/strategies/oauth2/oauth2.strategy.js

@@ -202,7 +202,7 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
         let authorizationUrl = `${this.config.endpoints.authorizationUrl}?${params.toString()}`;
         if (this.pkce) {
             const codeVerifier = await this.pkce.generateCodeVerifier(context);
-            const codeChallenge = this.pkce.generateCodeChallenge(codeVerifier, context);
+            const codeChallenge = await this.pkce.generateCodeChallenge(codeVerifier, context);
             authorizationUrl += `&code_challenge=${codeChallenge}&code_challenge_method=S256`;
         }
         return authorizationUrl;
@@ -212,7 +212,7 @@ class OAuth2Strategy extends base_auth_strategy_1.BaseAuthStrategy {
             grant_type: "authorization_code",
             client_id: this.config.clientId,
             code,
-            redirectUri: this.config.redirectUri,
+            redirect_uri: this.config.redirectUri,
         };
         if (this.pkce) {
             const codeVerifier = this.pkce.extractCodeVerifier(context);

package/build/strategies/oauth2/oauth2.types.d.ts

@@ -50,3 +50,8 @@ export interface OAuth2StrategyConfig<TContext = unknown, TUser = unknown> exten
     nonce?: OAuth2NonceConfig;
     jwks?: JwksConfig;
 }
+export interface OAuth2ProviderConfig<TContext = unknown, TUser = unknown> extends Omit<OAuth2StrategyConfig<TContext, TUser>, "endpoints" | "grantType" | "routes"> {
+    grantType?: "authorization_code";
+    endpoints?: Partial<OAuth2Endpoints>;
+    routes?: OAuth2StrategyConfig<TContext, TUser>["routes"];
+}

package/build/strategies/oauth2/providers/configurable-hybrid-oauth2.strategy.d.ts

@@ -0,0 +1,19 @@
+import * as Soap from "@soapjs/soap";
+import { SessionHandler } from "../../../session/session-handler";
+import { JwtStrategy } from "../../jwt/jwt.strategy";
+import { HybridOAuth2Strategy } from "../hybrid.oauth2.strategy";
+import { ConfigurableOAuth2StrategyConfig } from "./provider.types";
+export declare class ConfigurableHybridOAuth2Strategy<TUser extends Soap.AuthUser = Soap.AuthUser> extends HybridOAuth2Strategy<Soap.HttpContext, TUser> {
+    protected config: ConfigurableOAuth2StrategyConfig<TUser>;
+    readonly name: string;
+    constructor(config: ConfigurableOAuth2StrategyConfig<TUser>, session?: SessionHandler, jwt?: JwtStrategy<Soap.HttpContext, TUser>, logger?: Soap.Logger);
+    protected extractAccessToken(ctx: Soap.HttpContext): Promise<string | undefined>;
+    protected extractRefreshToken(ctx: Soap.HttpContext): Promise<string | undefined>;
+    protected storeAccessToken(_token: string, _ctx: Soap.HttpContext): Promise<void>;
+    protected storeRefreshToken(_token: string, _ctx: Soap.HttpContext): Promise<void>;
+    protected embedAccessToken(token: string, ctx: Soap.HttpContext): void;
+    protected embedRefreshToken(token: string, ctx: Soap.HttpContext): void;
+    protected extractAuthorizationCode(ctx: Soap.HttpContext): string | null;
+    protected redirectUser(ctx: Soap.HttpContext, authUrl: string): void;
+    protected fetchUser(accessToken: string): Promise<TUser | null>;
+}

package/build/strategies/oauth2/providers/configurable-hybrid-oauth2.strategy.js

@@ -0,0 +1,85 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfigurableHybridOAuth2Strategy = void 0;
+const errors_1 = require("../../../errors");
+const hybrid_oauth2_strategy_1 = require("../hybrid.oauth2.strategy");
+class ConfigurableHybridOAuth2Strategy extends hybrid_oauth2_strategy_1.HybridOAuth2Strategy {
+    config;
+    name;
+    constructor(config, session, jwt, logger) {
+        super(config, session, jwt, logger);
+        this.config = config;
+        this.name = config.name;
+    }
+    extractAccessToken(ctx) {
+        const auth = ctx.req.headers?.authorization;
+        if (typeof auth === "string" && auth.startsWith("Bearer ")) {
+            return Promise.resolve(auth.slice(7));
+        }
+        return Promise.resolve(ctx.req.cookies?.access_token);
+    }
+    extractRefreshToken(ctx) {
+        return Promise.resolve(ctx.req.cookies?.refresh_token);
+    }
+    storeAccessToken(_token, _ctx) {
+        return Promise.resolve();
+    }
+    storeRefreshToken(_token, _ctx) {
+        return Promise.resolve();
+    }
+    embedAccessToken(token, ctx) {
+        ctx.res.setHeader("Authorization", `Bearer ${token}`);
+    }
+    embedRefreshToken(token, ctx) {
+        ctx.res.cookie("refresh_token", token, {
+            httpOnly: true,
+            secure: true,
+            sameSite: "lax",
+            maxAge: 30 * 24 * 60 * 60 * 1000,
+        });
+    }
+    extractAuthorizationCode(ctx) {
+        return ctx.req.query?.code ?? null;
+    }
+    redirectUser(ctx, authUrl) {
+        if (typeof ctx.res.redirect === "function") {
+            ctx.res.redirect(authUrl);
+        }
+        else {
+            ctx.res.setHeader("Location", authUrl);
+            ctx.res.status(302).json({ message: "Redirecting", location: authUrl });
+        }
+    }
+    async fetchUser(accessToken) {
+        try {
+            if (!this.config.endpoints.userInfoUrl) {
+                if (this.config.user?.fetchUser) {
+                    return this.config.user.fetchUser(accessToken);
+                }
+                throw new errors_1.MissingConfigError("userInfoUrl");
+            }
+            const response = await fetch(this.config.endpoints.userInfoUrl, {
+                headers: { Authorization: `Bearer ${accessToken}` },
+            });
+            if (!response.ok) {
+                return null;
+            }
+            const profile = await response.json();
+            if (this.config.user?.validateUser) {
+                return this.config.user.validateUser(profile);
+            }
+            return {
+                id: profile.sub ?? profile.id,
+                email: profile.email,
+                username: profile.preferred_username ?? profile.username ?? profile.name,
+                name: profile.name,
+                picture: profile.picture ?? profile.avatar_url,
+            };
+        }
+        catch (error) {
+            this.logger?.error("ConfigurableHybridOAuth2Strategy.fetchUser failed:", error);
+            return null;
+        }
+    }
+}
+exports.ConfigurableHybridOAuth2Strategy = ConfigurableHybridOAuth2Strategy;

package/build/strategies/oauth2/providers/configurable-oauth2.strategy.d.ts

@@ -0,0 +1,11 @@
+import * as Soap from "@soapjs/soap";
+import { SessionHandler } from "../../../session/session-handler";
+import { JwtStrategy } from "../../jwt/jwt.strategy";
+import { HttpOAuth2Strategy } from "./http-oauth2.strategy";
+import { ConfigurableOAuth2StrategyConfig } from "./provider.types";
+export declare class ConfigurableOAuth2Strategy<TUser extends Soap.AuthUser = Soap.AuthUser> extends HttpOAuth2Strategy<TUser> {
+    protected config: ConfigurableOAuth2StrategyConfig<TUser>;
+    readonly name: string;
+    constructor(config: ConfigurableOAuth2StrategyConfig<TUser>, session?: SessionHandler, jwt?: JwtStrategy<Soap.HttpContext, TUser>, logger?: Soap.Logger);
+    protected fetchUser(accessToken: string): Promise<TUser | null>;
+}

package/build/strategies/oauth2/providers/configurable-oauth2.strategy.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfigurableOAuth2Strategy = void 0;
+const http_oauth2_strategy_1 = require("./http-oauth2.strategy");
+const errors_1 = require("../../../errors");
+class ConfigurableOAuth2Strategy extends http_oauth2_strategy_1.HttpOAuth2Strategy {
+    config;
+    name;
+    constructor(config, session, jwt, logger) {
+        super(config, session, jwt, logger);
+        this.config = config;
+        this.name = config.name;
+    }
+    async fetchUser(accessToken) {
+        try {
+            if (!this.config.endpoints.userInfoUrl) {
+                if (this.config.user?.fetchUser) {
+                    return this.config.user.fetchUser(accessToken);
+                }
+                throw new errors_1.MissingConfigError("userInfoUrl");
+            }
+            const response = await fetch(this.config.endpoints.userInfoUrl, {
+                headers: { Authorization: `Bearer ${accessToken}` },
+            });
+            if (!response.ok) {
+                return null;
+            }
+            const profile = await response.json();
+            if (this.config.user?.validateUser) {
+                return this.config.user.validateUser(profile);
+            }
+            return {
+                id: profile.sub ?? profile.id,
+                email: profile.email,
+                username: profile.preferred_username ?? profile.username ?? profile.name,
+                name: profile.name,
+                picture: profile.picture ?? profile.avatar_url,
+            };
+        }
+        catch (error) {
+            this.logger?.error("ConfigurableOAuth2Strategy.fetchUser failed:", error);
+            return null;
+        }
+    }
+}
+exports.ConfigurableOAuth2Strategy = ConfigurableOAuth2Strategy;

package/build/strategies/oauth2/providers/index.d.ts

@@ -1,4 +1,6 @@
 export * from "./http-oauth2.strategy";
+export * from "./configurable-oauth2.strategy";
+export * from "./configurable-hybrid-oauth2.strategy";
 export * from "./google.strategy";
 export * from "./github.strategy";
 export * from "./facebook.strategy";

package/build/strategies/oauth2/providers/index.js

@@ -15,6 +15,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./http-oauth2.strategy"), exports);
+__exportStar(require("./configurable-oauth2.strategy"), exports);
+__exportStar(require("./configurable-hybrid-oauth2.strategy"), exports);
 __exportStar(require("./google.strategy"), exports);
 __exportStar(require("./github.strategy"), exports);
 __exportStar(require("./facebook.strategy"), exports);

package/build/strategies/oauth2/providers/provider.types.d.ts

@@ -5,3 +5,6 @@ export interface SocialProviderConfig<TUser extends Soap.AuthUser = Soap.AuthUse
     endpoints?: Partial<OAuth2Endpoints>;
     routes?: OAuth2StrategyConfig<Soap.HttpContext, TUser>["routes"];
 }
+export interface ConfigurableOAuth2StrategyConfig<TUser extends Soap.AuthUser = Soap.AuthUser> extends OAuth2StrategyConfig<Soap.HttpContext, TUser> {
+    name: string;
+}

package/build/types.d.ts

@@ -2,7 +2,7 @@ import * as Soap from "@soapjs/soap";
 export type AuthResult<TUser extends Soap.AuthUser = Soap.AuthUser> = Soap.AuthResult<TUser>;
 export type AuthStrategy<TUser extends Soap.AuthUser = Soap.AuthUser> = Soap.AuthStrategy<TUser>;
 import { LocalStrategyConfig } from "./strategies/local/local.types";
-import { OAuth2StrategyConfig } from "./strategies/oauth2/oauth2.types";
+import { OAuth2ProviderConfig } from "./strategies/oauth2/oauth2.types";
 import { ApiKeyStrategyConfig } from "./strategies/api-key/api-key.types";
 import { BasicStrategyConfig } from "./strategies/basic/basic.types";
 import { JwtConfig } from "./strategies/jwt/jwt.types";
@@ -175,7 +175,10 @@ export interface SoapHttpAuthConfig<TContext = unknown, TUser extends Soap.AuthU
     local?: LocalStrategyConfig<TContext, TUser>;
     jwt?: JwtConfig<TContext, TUser>;
     oauth2?: {
-        [provider: string]: OAuth2StrategyConfig<TContext, TUser>;
+        [provider: string]: OAuth2ProviderConfig<TContext, TUser>;
+    };
+    hybridOAuth2?: {
+        [provider: string]: OAuth2ProviderConfig<TContext, TUser>;
     };
     apiKey?: ApiKeyStrategyConfig<TContext, TUser>;
     basic?: BasicStrategyConfig<TContext, TUser>;