@usync/oauth2 0.1.1 → 0.1.3

package/LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2026 gera2ld
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.

package/dist/common.d.ts

@@ -0,0 +1,7 @@
+export declare const OAUTH2_NEED_REFRESH = 1;
+export declare const OAUTH2_AUTH_ERROR = 2;
+export declare const OAUTH2_UNAUTHORIZED = 3;
+export declare class OAuth2Error extends Error {
+    code: number;
+    constructor(code: number, message?: string);
+}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+import { OAuth2Authorizer } from "./providers";
+import type { IOAuth2Account, IOAuth2Options } from "./types";
+export * from "./common";
+export * from "./providers";
+export * from "./types";
+export declare function getAuthorizer(options: IOAuth2Options, auth: IOAuth2Account): import("./providers").DropboxAuthorizer | import("./providers").GoogleAuthorizer | import("./providers").MicrosoftAuthorizer;
+export declare function ensureAccessToken(authorizer: OAuth2Authorizer, handleOAuth2?: (url: string) => Promise<string>): Promise<string>;

package/dist/index.js

@@ -1,348 +1,341 @@
-import { nanoid as U } from "nanoid";
-const R = 1, a = 2, d = 3;
-class i extends Error {
-  constructor(e, s) {
-    super(s || `OAuth2Error: code=${e}`), this.code = e;
-  }
-}
-function O(r) {
-  let e = "";
-  for (const s of r)
-    e += String.fromCharCode(s);
-  return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-function _() {
-  return U(8);
+import { nanoid as e } from "nanoid";
+//#region src/common.ts
+var t = 1, n = 2, r = 3, i = class extends Error {
+	constructor(e, t) {
+		super(t || `OAuth2Error: code=${e}`), this.code = e;
+	}
+};
+//#endregion
+//#region src/util.ts
+function a(e) {
+	let t = "";
+	for (let n of e) t += String.fromCharCode(n);
+	return btoa(t).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-function k() {
-  return U(64);
+function o() {
+	return e(8);
 }
-async function u(r) {
-  const e = "S256", s = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(r));
-  return {
-    codeChallenge: O(new Uint8Array(s)),
-    codeChallengeMethod: e
-  };
+function s() {
+	return e(64);
 }
-class w {
-  constructor(e, s) {
-    this.options = e, this._accessToken = null, this._refreshToken = null, s && (this.setRefreshToken(s.refreshToken), this.setAccessToken(s.accessToken), this.session = s.session);
-  }
-  _getValidToken(e) {
-    return e && (!e.expiresAt || Date.now() < e.expiresAt) ? e.token : void 0;
-  }
-  _updateAccessToken(e) {
-    this.setAccessToken(e), this.options.onSetAccessToken?.(e);
-  }
-  _updateRefreshToken(e) {
-    this.setRefreshToken(e), this.options.onSetRefreshToken?.(e);
-  }
-  getAccessToken() {
-    if (!this._accessToken) throw new i(d);
-    const e = this._getValidToken(this._accessToken);
-    if (!e) throw new i(R);
-    return e;
-  }
-  getRefreshToken() {
-    const e = this._getValidToken(this._refreshToken);
-    if (!e) throw new i(d, "Invalid refresh token");
-    return e;
-  }
-  setAccessToken(e) {
-    this._accessToken = e ?? null;
-  }
-  setRefreshToken(e) {
-    this._refreshToken = e ?? null;
-  }
+async function c(e) {
+	let t = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(e));
+	return {
+		codeChallenge: a(new Uint8Array(t)),
+		codeChallengeMethod: "S256"
+	};
 }
-const b = "https://www.dropbox.com/oauth2/authorize", A = "https://api.dropbox.com/oauth2/token", T = class T extends w {
-  async buildAuthUrl() {
-    this.session = {
-      state: _(),
-      codeVerifier: k()
-    };
-    const { codeChallenge: e, codeChallengeMethod: s } = await u(
-      this.session.codeVerifier
-    ), o = new URL(b);
-    return Object.entries({
-      client_id: this.options.clientId,
-      code_challenge: e,
-      code_challenge_method: s,
-      redirect_uri: this.options.redirectUrl,
-      response_type: "code",
-      token_access_type: "offline",
-      scope: this.options.scope,
-      state: this.session.state
-    }).forEach(([n, t]) => {
-      t && o.searchParams.set(n, t);
-    }), o.href;
-  }
-  async finishAuth(e) {
-    if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new i(a, "state doesn't match");
-    const s = e.searchParams.get("code");
-    if (!s) throw new i(a, "Invalid code");
-    const o = new URLSearchParams();
-    Object.entries({
-      client_id: this.options.clientId,
-      client_secret: this.options.clientSecret,
-      code: s,
-      code_verifier: this.session.codeVerifier,
-      grant_type: "authorization_code",
-      redirect_uri: this.options.redirectUrl
-    }).forEach(([c, h]) => {
-      h != null && o.append(c, h);
-    });
-    const n = await fetch(A, {
-      method: "POST",
-      body: o
-    }), t = await n.json();
-    if (!n.ok) throw { status: n.status, data: t };
-    if (!t.refresh_token)
-      throw new i(a, "Failed to get refresh_token");
-    return this._updateRefreshToken({
-      token: t.refresh_token,
-      scope: t.scope
-    }), this._updateAccessToken({
-      token: t.access_token,
-      expiresAt: Date.now() + t.expires_in * 1e3
-    }), t.access_token;
-  }
-  async refreshToken() {
-    const e = new URLSearchParams(), s = this.getRefreshToken();
-    Object.entries({
-      client_id: this.options.clientId,
-      client_secret: this.options.clientSecret,
-      grant_type: "refresh_token",
-      refresh_token: s
-    }).forEach(([t, c]) => {
-      c != null && e.append(t, c);
-    });
-    const o = await fetch(A, {
-      method: "POST",
-      body: e
-    }), n = await o.json();
-    if (!o.ok) throw { status: o.status, data: n };
-    return this._updateAccessToken({
-      token: n.access_token,
-      expiresAt: Date.now() + n.expires_in * 1e3
-    }), n.access_token;
-  }
-};
-T.Scopes = {
-  account: "account_info.read"
-};
-let p = T;
-const S = "https://accounts.google.com/o/oauth2/v2/auth", y = "https://oauth2.googleapis.com/token", g = class g extends w {
-  async buildAuthUrl() {
-    this.session = {
-      state: _(),
-      codeVerifier: k()
-    };
-    const { codeChallenge: e, codeChallengeMethod: s } = await u(
-      this.session.codeVerifier
-    ), o = new URL(S);
-    return Object.entries({
-      access_type: "offline",
-      client_id: this.options.clientId,
-      code_challenge: e,
-      code_challenge_method: s,
-      include_granted_scopes: "true",
-      prompt: "consent",
-      redirect_uri: this.options.redirectUrl,
-      response_type: "code",
-      scope: this.options.scope,
-      state: this.session.state
-    }).forEach(([n, t]) => {
-      t && o.searchParams.set(n, t);
-    }), o.href;
-  }
-  async finishAuth(e) {
-    if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new i(a, "state doesn't match");
-    const s = e.searchParams.get("code");
-    if (!s) throw new i(a, "Invalid code");
-    const o = new URLSearchParams();
-    Object.entries({
-      client_id: this.options.clientId,
-      client_secret: this.options.clientSecret,
-      code: s,
-      code_verifier: this.session.codeVerifier,
-      grant_type: "authorization_code",
-      redirect_uri: this.options.redirectUrl
-    }).forEach(([c, h]) => {
-      h != null && o.append(c, h);
-    });
-    const n = await fetch(y, {
-      method: "POST",
-      body: o
-    }), t = await n.json();
-    if (!n.ok) throw { status: n.status, data: t };
-    if (!t.refresh_token)
-      throw new i(a, "Failed to get refresh_token");
-    return this._updateRefreshToken({
-      token: t.refresh_token,
-      scope: t.scope
-    }), this._updateAccessToken({
-      token: t.access_token,
-      expiresAt: Date.now() + t.expires_in * 1e3
-    }), t.access_token;
-  }
-  async refreshToken() {
-    const e = new URLSearchParams(), s = this.getRefreshToken();
-    Object.entries({
-      client_id: this.options.clientId,
-      client_secret: this.options.clientSecret,
-      grant_type: "refresh_token",
-      refresh_token: s,
-      scope: this.options.scope
-    }).forEach(([t, c]) => {
-      c != null && e.append(t, c);
-    });
-    const o = await fetch(y, {
-      method: "POST",
-      body: e
-    }), n = await o.json();
-    if (!o.ok) throw { status: o.status, data: n };
-    return this._updateAccessToken({
-      token: n.access_token,
-      expiresAt: Date.now() + n.expires_in * 1e3
-    }), n.access_token;
-  }
+//#endregion
+//#region src/providers/base.ts
+var l = class {
+	constructor(e, t) {
+		this.options = e, this._accessToken = null, this._refreshToken = null, t && (this.setRefreshToken(t.refreshToken), this.setAccessToken(t.accessToken), this.session = t.session);
+	}
+	_getValidToken(e) {
+		return e && (!e.expiresAt || Date.now() < e.expiresAt) ? e.token : void 0;
+	}
+	_updateAccessToken(e) {
+		this.setAccessToken(e), this.options.onSetAccessToken?.(e);
+	}
+	_updateRefreshToken(e) {
+		this.setRefreshToken(e), this.options.onSetRefreshToken?.(e);
+	}
+	getAccessToken() {
+		if (!this._accessToken) throw new i(3);
+		let e = this._getValidToken(this._accessToken);
+		if (!e) throw new i(1);
+		return e;
+	}
+	getRefreshToken() {
+		let e = this._getValidToken(this._refreshToken);
+		if (!e) throw new i(3, "Invalid refresh token");
+		return e;
+	}
+	setAccessToken(e) {
+		this._accessToken = e ?? null;
+	}
+	setRefreshToken(e) {
+		this._refreshToken = e ?? null;
+	}
+}, u = "https://www.dropbox.com/oauth2/authorize", d = "https://api.dropbox.com/oauth2/token", f = class extends l {
+	static {
+		this.Scopes = { account: "account_info.read" };
+	}
+	async buildAuthUrl() {
+		this.session = {
+			state: o(),
+			codeVerifier: s()
+		};
+		let { codeChallenge: e, codeChallengeMethod: t } = await c(this.session.codeVerifier), n = new URL(u);
+		return Object.entries({
+			client_id: this.options.clientId,
+			code_challenge: e,
+			code_challenge_method: t,
+			redirect_uri: this.options.redirectUrl,
+			response_type: "code",
+			token_access_type: "offline",
+			scope: this.options.scope,
+			state: this.session.state
+		}).forEach(([e, t]) => {
+			t && n.searchParams.set(e, t);
+		}), n.href;
+	}
+	async finishAuth(e) {
+		if (!this.session || this.session.state !== e.searchParams.get("state")) throw new i(2, "state doesn't match");
+		let t = e.searchParams.get("code");
+		if (!t) throw new i(2, "Invalid code");
+		let n = new URLSearchParams();
+		Object.entries({
+			client_id: this.options.clientId,
+			client_secret: this.options.clientSecret,
+			code: t,
+			code_verifier: this.session.codeVerifier,
+			grant_type: "authorization_code",
+			redirect_uri: this.options.redirectUrl
+		}).forEach(([e, t]) => {
+			t != null && n.append(e, t);
+		});
+		let r = await fetch(d, {
+			method: "POST",
+			body: n
+		}), a = await r.json();
+		if (!r.ok) throw {
+			status: r.status,
+			data: a
+		};
+		if (!a.refresh_token) throw new i(2, "Failed to get refresh_token");
+		return this._updateRefreshToken({
+			token: a.refresh_token,
+			scope: a.scope
+		}), this._updateAccessToken({
+			token: a.access_token,
+			expiresAt: Date.now() + a.expires_in * 1e3
+		}), a.access_token;
+	}
+	async refreshToken() {
+		let e = new URLSearchParams(), t = this.getRefreshToken();
+		Object.entries({
+			client_id: this.options.clientId,
+			client_secret: this.options.clientSecret,
+			grant_type: "refresh_token",
+			refresh_token: t
+		}).forEach(([t, n]) => {
+			n != null && e.append(t, n);
+		});
+		let n = await fetch(d, {
+			method: "POST",
+			body: e
+		}), r = await n.json();
+		if (!n.ok) throw {
+			status: n.status,
+			data: r
+		};
+		return this._updateAccessToken({
+			token: r.access_token,
+			expiresAt: Date.now() + r.expires_in * 1e3
+		}), r.access_token;
+	}
+}, p = "https://accounts.google.com/o/oauth2/v2/auth", m = "https://oauth2.googleapis.com/token", h = class extends l {
+	static {
+		this.Scopes = {
+			account: "https://www.googleapis.com/auth/userinfo.profile",
+			"drive.appdata": "https://www.googleapis.com/auth/drive.appdata",
+			imap: "https://mail.google.com/"
+		};
+	}
+	async buildAuthUrl() {
+		this.session = {
+			state: o(),
+			codeVerifier: s()
+		};
+		let { codeChallenge: e, codeChallengeMethod: t } = await c(this.session.codeVerifier), n = new URL(p);
+		return Object.entries({
+			access_type: "offline",
+			client_id: this.options.clientId,
+			code_challenge: e,
+			code_challenge_method: t,
+			include_granted_scopes: "true",
+			prompt: "consent",
+			redirect_uri: this.options.redirectUrl,
+			response_type: "code",
+			scope: this.options.scope,
+			state: this.session.state
+		}).forEach(([e, t]) => {
+			t && n.searchParams.set(e, t);
+		}), n.href;
+	}
+	async finishAuth(e) {
+		if (!this.session || this.session.state !== e.searchParams.get("state")) throw new i(2, "state doesn't match");
+		let t = e.searchParams.get("code");
+		if (!t) throw new i(2, "Invalid code");
+		let n = new URLSearchParams();
+		Object.entries({
+			client_id: this.options.clientId,
+			client_secret: this.options.clientSecret,
+			code: t,
+			code_verifier: this.session.codeVerifier,
+			grant_type: "authorization_code",
+			redirect_uri: this.options.redirectUrl
+		}).forEach(([e, t]) => {
+			t != null && n.append(e, t);
+		});
+		let r = await fetch(m, {
+			method: "POST",
+			body: n
+		}), a = await r.json();
+		if (!r.ok) throw {
+			status: r.status,
+			data: a
+		};
+		if (!a.refresh_token) throw new i(2, "Failed to get refresh_token");
+		return this._updateRefreshToken({
+			token: a.refresh_token,
+			scope: a.scope
+		}), this._updateAccessToken({
+			token: a.access_token,
+			expiresAt: Date.now() + a.expires_in * 1e3
+		}), a.access_token;
+	}
+	async refreshToken() {
+		let e = new URLSearchParams(), t = this.getRefreshToken();
+		Object.entries({
+			client_id: this.options.clientId,
+			client_secret: this.options.clientSecret,
+			grant_type: "refresh_token",
+			refresh_token: t,
+			scope: this.options.scope
+		}).forEach(([t, n]) => {
+			n != null && e.append(t, n);
+		});
+		let n = await fetch(m, {
+			method: "POST",
+			body: e
+		}), r = await n.json();
+		if (!n.ok) throw {
+			status: n.status,
+			data: r
+		};
+		return this._updateAccessToken({
+			token: r.access_token,
+			expiresAt: Date.now() + r.expires_in * 1e3
+		}), r.access_token;
+	}
+}, g = class extends l {
+	static {
+		this.Scopes = {
+			imap: "offline_access https://outlook.office.com/IMAP.AccessAsUser.All",
+			onedrive: "openid profile Files.ReadWrite.AppFolder offline_access"
+		};
+	}
+	oauth2Url(e) {
+		return `https://login.microsoftonline.com/${this.options.provider?.microsoft?.accountType ?? "common"}/oauth2/v2.0/${e}`;
+	}
+	async buildAuthUrl() {
+		this.session = {
+			state: o(),
+			codeVerifier: s()
+		};
+		let { codeChallenge: e, codeChallengeMethod: t } = await c(this.session.codeVerifier), n = new URL(this.oauth2Url("authorize"));
+		return Object.entries({
+			client_id: this.options.clientId,
+			code_challenge: e,
+			code_challenge_method: t,
+			redirect_uri: this.options.redirectUrl,
+			response_mode: "query",
+			response_type: "code",
+			scope: this.options.scope,
+			state: this.session.state
+		}).forEach(([e, t]) => {
+			t && n.searchParams.set(e, t);
+		}), n.href;
+	}
+	async finishAuth(e) {
+		if (!this.session || this.session.state !== e.searchParams.get("state")) throw new i(2, "state doesn't match");
+		let t = e.searchParams.get("code");
+		if (!t) throw new i(2, "Invalid code");
+		let n = new URLSearchParams();
+		Object.entries({
+			client_id: this.options.clientId,
+			client_secret: this.options.clientSecret,
+			code: t,
+			code_verifier: this.session.codeVerifier,
+			grant_type: "authorization_code",
+			redirect_uri: this.options.redirectUrl,
+			scope: this.options.scope
+		}).forEach(([e, t]) => {
+			t != null && n.append(e, t);
+		});
+		let r = await fetch(this.oauth2Url("token"), {
+			method: "POST",
+			body: n
+		}), a = await r.json();
+		if (!r.ok) throw {
+			status: r.status,
+			data: a
+		};
+		if (!a.refresh_token) throw new i(2, "Failed to get refresh_token");
+		return this._updateRefreshToken({
+			token: a.refresh_token,
+			scope: a.scope
+		}), this._updateAccessToken({
+			token: a.access_token,
+			expiresAt: Date.now() + a.expires_in * 1e3
+		}), a.access_token;
+	}
+	async refreshToken() {
+		let e = new URLSearchParams(), t = this.getRefreshToken();
+		Object.entries({
+			client_id: this.options.clientId,
+			client_secret: this.options.clientSecret,
+			grant_type: "refresh_token",
+			refresh_token: t,
+			scope: this.options.scope
+		}).forEach(([t, n]) => {
+			n != null && e.append(t, n);
+		});
+		let n = await fetch(this.oauth2Url("token"), {
+			method: "POST",
+			body: e
+		}), r = await n.json();
+		if (!n.ok) throw {
+			status: n.status,
+			data: r
+		};
+		return this._updateAccessToken({
+			token: r.access_token,
+			expiresAt: Date.now() + r.expires_in * 1e3
+		}), r.access_token;
+	}
+}, _ = {
+	dropbox: f,
+	google: h,
+	microsoft: g
 };
-g.Scopes = {
-  account: "https://www.googleapis.com/auth/userinfo.profile",
-  "drive.appdata": "https://www.googleapis.com/auth/drive.appdata",
-  imap: "https://mail.google.com/"
-};
-let l = g;
-const m = class m extends w {
-  oauth2Url(e) {
-    return `https://login.microsoftonline.com/${this.options.provider?.microsoft?.accountType ?? "common"}/oauth2/v2.0/${e}`;
-  }
-  async buildAuthUrl() {
-    this.session = {
-      state: _(),
-      codeVerifier: k()
-    };
-    const { codeChallenge: e, codeChallengeMethod: s } = await u(
-      this.session.codeVerifier
-    ), o = new URL(this.oauth2Url("authorize"));
-    return Object.entries({
-      client_id: this.options.clientId,
-      code_challenge: e,
-      code_challenge_method: s,
-      redirect_uri: this.options.redirectUrl,
-      response_mode: "query",
-      response_type: "code",
-      scope: this.options.scope,
-      state: this.session.state
-    }).forEach(([n, t]) => {
-      t && o.searchParams.set(n, t);
-    }), o.href;
-  }
-  async finishAuth(e) {
-    if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new i(a, "state doesn't match");
-    const s = e.searchParams.get("code");
-    if (!s) throw new i(a, "Invalid code");
-    const o = new URLSearchParams();
-    Object.entries({
-      client_id: this.options.clientId,
-      client_secret: this.options.clientSecret,
-      code: s,
-      code_verifier: this.session.codeVerifier,
-      grant_type: "authorization_code",
-      redirect_uri: this.options.redirectUrl,
-      scope: this.options.scope
-    }).forEach(([c, h]) => {
-      h != null && o.append(c, h);
-    });
-    const n = await fetch(this.oauth2Url("token"), {
-      method: "POST",
-      body: o
-    }), t = await n.json();
-    if (!n.ok) throw { status: n.status, data: t };
-    if (!t.refresh_token)
-      throw new i(a, "Failed to get refresh_token");
-    return this._updateRefreshToken({
-      token: t.refresh_token,
-      scope: t.scope
-    }), this._updateAccessToken({
-      token: t.access_token,
-      expiresAt: Date.now() + t.expires_in * 1e3
-    }), t.access_token;
-  }
-  async refreshToken() {
-    const e = new URLSearchParams(), s = this.getRefreshToken();
-    Object.entries({
-      client_id: this.options.clientId,
-      client_secret: this.options.clientSecret,
-      grant_type: "refresh_token",
-      refresh_token: s,
-      scope: this.options.scope
-    }).forEach(([t, c]) => {
-      c != null && e.append(t, c);
-    });
-    const o = await fetch(this.oauth2Url("token"), {
-      method: "POST",
-      body: e
-    }), n = await o.json();
-    if (!o.ok) throw { status: o.status, data: n };
-    return this._updateAccessToken({
-      token: n.access_token,
-      expiresAt: Date.now() + n.expires_in * 1e3
-    }), n.access_token;
-  }
-};
-m.Scopes = {
-  /** Ref: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth */
-  imap: "offline_access https://outlook.office.com/IMAP.AccessAsUser.All",
-  onedrive: "openid profile Files.ReadWrite.AppFolder offline_access"
-};
-let f = m;
-const E = {
-  dropbox: p,
-  google: l,
-  microsoft: f
-};
-function x(r, e) {
-  return new E[e.provider](r);
+//#endregion
+//#region src/index.ts
+function v(e, t) {
+	return new _[t.provider](e);
 }
-async function I(r, e) {
-  let s;
-  try {
-    s = r.getAccessToken();
-  } catch (o) {
-    if (!(o instanceof i))
-      throw o;
-    switch (o.code) {
-      case d: {
-        if (!e) throw o;
-        const n = await r.buildAuthUrl(), t = await e(n);
-        s = await r.finishAuth(new URL(t));
-        break;
-      }
-      case R: {
-        s = await r.refreshToken();
-        break;
-      }
-      default:
-        throw o;
-    }
-  }
-  return s;
+async function y(e, t) {
+	let n;
+	try {
+		n = e.getAccessToken();
+	} catch (r) {
+		if (!(r instanceof i)) throw r;
+		switch (r.code) {
+			case 3: {
+				if (!t) throw r;
+				let i = await t(await e.buildAuthUrl());
+				n = await e.finishAuth(new URL(i));
+				break;
+			}
+			case 1:
+				n = await e.refreshToken();
+				break;
+			default: throw r;
+		}
+	}
+	return n;
 }
-export {
-  p as DropboxAuthorizer,
-  l as GoogleAuthorizer,
-  f as MicrosoftAuthorizer,
-  a as OAUTH2_AUTH_ERROR,
-  R as OAUTH2_NEED_REFRESH,
-  d as OAUTH2_UNAUTHORIZED,
-  w as OAuth2Authorizer,
-  E as OAuth2Authorizers,
-  i as OAuth2Error,
-  I as ensureAccessToken,
-  x as getAuthorizer
-};
+//#endregion
+export { f as DropboxAuthorizer, h as GoogleAuthorizer, g as MicrosoftAuthorizer, n as OAUTH2_AUTH_ERROR, t as OAUTH2_NEED_REFRESH, r as OAUTH2_UNAUTHORIZED, l as OAuth2Authorizer, _ as OAuth2Authorizers, i as OAuth2Error, y as ensureAccessToken, v as getAuthorizer };

package/dist/providers/base.d.ts

@@ -0,0 +1,28 @@
+import type { IOAuth2Options, TokenData } from "../types";
+export declare abstract class OAuth2Authorizer {
+    protected options: IOAuth2Options;
+    abstract buildAuthUrl(): Promise<string>;
+    abstract finishAuth(url: URL): Promise<string>;
+    abstract refreshToken(): Promise<string>;
+    protected _accessToken: TokenData | null;
+    protected _refreshToken: TokenData | null;
+    session: {
+        state: string;
+        codeVerifier: string;
+    } | undefined;
+    constructor(options: IOAuth2Options, initialData?: {
+        accessToken?: TokenData;
+        refreshToken?: TokenData;
+        session?: {
+            state: string;
+            codeVerifier: string;
+        };
+    });
+    protected _getValidToken(value?: TokenData | null): string | undefined;
+    protected _updateAccessToken(value: TokenData | null): void;
+    protected _updateRefreshToken(value: TokenData | null): void;
+    getAccessToken(): string;
+    getRefreshToken(): string;
+    setAccessToken(value?: TokenData | null): void;
+    setRefreshToken(value?: TokenData | null): void;
+}

package/dist/providers/dropbox.d.ts

@@ -0,0 +1,12 @@
+import { OAuth2Authorizer } from "./base.ts";
+export declare class DropboxAuthorizer extends OAuth2Authorizer {
+    /**
+     * Ref: https://www.dropbox.com/developers/documentation/http/documentation
+     */
+    static Scopes: {
+        account: string;
+    };
+    buildAuthUrl(): Promise<string>;
+    finishAuth(url: URL): Promise<string>;
+    refreshToken(): Promise<string>;
+}

package/dist/providers/google.d.ts

@@ -0,0 +1,17 @@
+import { OAuth2Authorizer } from "./base.ts";
+/**
+ * Ref: https://developers.google.com/identity/protocols/oauth2/web-server
+ */
+export declare class GoogleAuthorizer extends OAuth2Authorizer {
+    /**
+     * Ref: https://developers.google.com/identity/protocols/oauth2/scopes
+     */
+    static Scopes: {
+        account: string;
+        "drive.appdata": string;
+        imap: string;
+    };
+    buildAuthUrl(): Promise<string>;
+    finishAuth(url: URL): Promise<string>;
+    refreshToken(): Promise<string>;
+}

package/dist/providers/index.d.ts

@@ -0,0 +1,10 @@
+import { DropboxAuthorizer } from "./dropbox";
+import { GoogleAuthorizer } from "./google";
+import { MicrosoftAuthorizer } from "./microsoft";
+export * from "./base";
+export { DropboxAuthorizer, GoogleAuthorizer, MicrosoftAuthorizer };
+export declare const OAuth2Authorizers: {
+    dropbox: typeof DropboxAuthorizer;
+    google: typeof GoogleAuthorizer;
+    microsoft: typeof MicrosoftAuthorizer;
+};

package/dist/providers/microsoft.d.ts

@@ -0,0 +1,15 @@
+import { OAuth2Authorizer } from "./base.ts";
+/**
+ * Ref: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
+ */
+export declare class MicrosoftAuthorizer extends OAuth2Authorizer {
+    static Scopes: {
+        /** Ref: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth */
+        imap: string;
+        onedrive: string;
+    };
+    private oauth2Url;
+    buildAuthUrl(): Promise<string>;
+    finishAuth(url: URL): Promise<string>;
+    refreshToken(): Promise<string>;
+}

package/dist/types.d.ts

@@ -0,0 +1,30 @@
+import { OAuth2Authorizers } from "./providers";
+export interface TokenData {
+    token: string;
+    expiresAt?: number;
+    scope?: string;
+}
+export interface IOAuth2Options {
+    clientId: string;
+    /** clientSecret may be absent for client-side apps. */
+    clientSecret?: string;
+    redirectUrl: string;
+    scope?: string;
+    provider?: {
+        microsoft?: {
+            /**
+             * Must match the account type of the application registered in https://portal.azure.com/.
+             * `common` for all accounts, `consumers` for personal accounts only.
+             *
+             * Default as `common`.
+             */
+            accountType?: "common" | "consumers";
+        };
+    };
+    onSetAccessToken?: (value: TokenData | null) => void;
+    onSetRefreshToken?: (value: TokenData | null) => void;
+}
+export interface IOAuth2Account {
+    provider: keyof typeof OAuth2Authorizers;
+    user: string;
+}

package/dist/util.d.ts

@@ -0,0 +1,13 @@
+export declare function getState(): string;
+/**
+ * Ref: https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
+ * high-entropy cryptographic random STRING using the
+ * unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
+ * from Section 2.3 of [RFC3986], with a minimum length of 43 characters
+ * and a maximum length of 128 characters.
+ */
+export declare function getCodeVerifier(): string;
+export declare function getCodeChallenge(codeVerifier: string): Promise<{
+    codeChallenge: string;
+    codeChallengeMethod: string;
+}>;

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@usync/oauth2",
-  "version": "0.1.1",
+  "version": "0.1.3",
+  "license": "ISC",
   "files": [
     "dist"
   ],
@@ -23,6 +24,6 @@
     "clean": "del-cli dist tsconfig.tsbuildinfo",
     "build:types": "tsc",
     "build:js": "vite build",
-    "build": "pnpm clean && pnpm /^build:/"
+    "build": "pnpm clean && pnpm build:js && pnpm build:types"
   }
 }