@xylex-group/athena 2.12.0 → 2.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +1190 -1184
  3. package/bin/athena-js.js +104 -76
  4. package/dist/admin.cjs +45 -0
  5. package/dist/admin.cjs.map +1 -0
  6. package/dist/admin.d.cts +64 -0
  7. package/dist/admin.d.ts +64 -0
  8. package/dist/admin.js +41 -0
  9. package/dist/admin.js.map +1 -0
  10. package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
  11. package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
  12. package/dist/browser.cjs +33 -46
  13. package/dist/browser.cjs.map +1 -1
  14. package/dist/browser.d.cts +12 -10
  15. package/dist/browser.d.ts +12 -10
  16. package/dist/browser.js +33 -46
  17. package/dist/browser.js.map +1 -1
  18. package/dist/cli/index.cjs +150 -48
  19. package/dist/cli/index.cjs.map +1 -1
  20. package/dist/cli/index.d.cts +14 -5
  21. package/dist/cli/index.d.ts +14 -5
  22. package/dist/cli/index.js +150 -49
  23. package/dist/cli/index.js.map +1 -1
  24. package/dist/{client-QUbAs7E8.d.ts → client-BJjUwDSg.d.cts} +109 -1448
  25. package/dist/{client-C3x75Zgn.d.cts → client-DVOKSYDI.d.ts} +109 -1448
  26. package/dist/cookies.cjs +18 -0
  27. package/dist/cookies.cjs.map +1 -1
  28. package/dist/cookies.d.cts +2 -1
  29. package/dist/cookies.d.ts +2 -1
  30. package/dist/cookies.js +17 -1
  31. package/dist/cookies.js.map +1 -1
  32. package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
  33. package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
  34. package/dist/index.cjs +101 -46
  35. package/dist/index.cjs.map +1 -1
  36. package/dist/index.d.cts +13 -10
  37. package/dist/index.d.ts +13 -10
  38. package/dist/index.js +101 -47
  39. package/dist/index.js.map +1 -1
  40. package/dist/{model-form-CD1uhWSh.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
  41. package/dist/{model-form-Dm69I-oO.d.ts → model-form-yRg71q3H.d.ts} +2 -2
  42. package/dist/{module-CW3tWJ10.d.ts → module-DBteUIob.d.ts} +12 -9
  43. package/dist/{module-Cxcurfes.d.cts → module-yoX49uQC.d.cts} +12 -9
  44. package/dist/next/client.cjs +452 -46
  45. package/dist/next/client.cjs.map +1 -1
  46. package/dist/next/client.d.cts +7 -4
  47. package/dist/next/client.d.ts +7 -4
  48. package/dist/next/client.js +430 -47
  49. package/dist/next/client.js.map +1 -1
  50. package/dist/next/server.cjs +292 -46
  51. package/dist/next/server.cjs.map +1 -1
  52. package/dist/next/server.d.cts +81 -5
  53. package/dist/next/server.d.ts +81 -5
  54. package/dist/next/server.js +280 -47
  55. package/dist/next/server.js.map +1 -1
  56. package/dist/organization.cjs +72 -0
  57. package/dist/organization.cjs.map +1 -0
  58. package/dist/organization.d.cts +43 -0
  59. package/dist/organization.d.ts +43 -0
  60. package/dist/organization.js +70 -0
  61. package/dist/organization.js.map +1 -0
  62. package/dist/payload-BzVbUgY_.d.cts +219 -0
  63. package/dist/payload-DEOWN_oo.d.ts +219 -0
  64. package/dist/{pipeline-BAwb6Vzm.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
  65. package/dist/{pipeline-B14jVK7J.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
  66. package/dist/react.cjs +2 -10
  67. package/dist/react.cjs.map +1 -1
  68. package/dist/react.d.cts +26 -7
  69. package/dist/react.d.ts +26 -7
  70. package/dist/react.js +2 -10
  71. package/dist/react.js.map +1 -1
  72. package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
  73. package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
  74. package/dist/social-providers.cjs +4189 -0
  75. package/dist/social-providers.cjs.map +1 -0
  76. package/dist/social-providers.d.cts +4948 -0
  77. package/dist/social-providers.d.ts +4948 -0
  78. package/dist/social-providers.js +4117 -0
  79. package/dist/social-providers.js.map +1 -0
  80. package/dist/{types-Cq4-NoB4.d.ts → types-BRP7sfSF.d.ts} +50 -2
  81. package/dist/{types-Dr849HD6.d.cts → types-BU8uJH_b.d.cts} +50 -2
  82. package/dist/{types-CwJCPpLD.d.ts → types-CH78O90i.d.cts} +2 -2
  83. package/dist/{types-CwJCPpLD.d.cts → types-CH78O90i.d.ts} +2 -2
  84. package/dist/{types-DMOoYnPS.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
  85. package/dist/{types-BcVmPBP-.d.ts → types-DPgejxYC.d.ts} +3 -3
  86. package/dist/types-eAKAh71s.d.cts +1476 -0
  87. package/dist/types-eAKAh71s.d.ts +1476 -0
  88. package/dist/utils.cjs +438 -12
  89. package/dist/utils.cjs.map +1 -1
  90. package/dist/utils.d.cts +76 -11
  91. package/dist/utils.d.ts +76 -11
  92. package/dist/utils.js +390 -13
  93. package/dist/utils.js.map +1 -1
  94. package/package.json +49 -22
  95. package/dist/shared-0Kdc74lu.d.ts +0 -35
  96. package/dist/shared-C0wVICRv.d.cts +0 -35
@@ -0,0 +1,4948 @@
1
+ import * as url from 'url';
2
+ import * as z from 'zod';
3
+ export { aQ as AthenaAuthSocialProviderExtensions, aR as AuthOAuthProvider, aS as AuthSocialProvider, aT as AuthSocialProviderBuiltin } from './types-eAKAh71s.js';
4
+ import { importJWK, JWTPayload } from 'jose';
5
+ import * as crypto from 'crypto';
6
+
7
+ type Awaitable<T> = T | Promise<T>;
8
+ type AwaitableFunction<T> = T | (() => Awaitable<T>);
9
+
10
+ interface OAuth2Tokens {
11
+ tokenType?: string | undefined;
12
+ accessToken?: string | undefined;
13
+ refreshToken?: string | undefined;
14
+ accessTokenExpiresAt?: Date | undefined;
15
+ refreshTokenExpiresAt?: Date | undefined;
16
+ scopes?: string[] | undefined;
17
+ idToken?: string | undefined;
18
+ /**
19
+ * Raw token response from the provider.
20
+ * Preserves provider-specific fields that are not part of the standard OAuth2 token response.
21
+ */
22
+ raw?: Record<string, unknown> | undefined;
23
+ }
24
+ type ProviderOptions<Profile extends Record<string, any> = any> = {
25
+ /**
26
+ * The client ID of your application.
27
+ *
28
+ * This is usually a string but can be any type depending on the provider.
29
+ */
30
+ clientId?: unknown | undefined;
31
+ /**
32
+ * The client secret of your application
33
+ */
34
+ clientSecret?: string | undefined;
35
+ /**
36
+ * The scopes you want to request from the provider
37
+ */
38
+ scope?: string[] | undefined;
39
+ /**
40
+ * Remove default scopes of the provider
41
+ */
42
+ disableDefaultScope?: boolean | undefined;
43
+ /**
44
+ * The redirect URL for your application. This is where the provider will
45
+ * redirect the user after the sign in process. Make sure this URL is
46
+ * whitelisted in the provider's dashboard.
47
+ */
48
+ redirectURI?: string | undefined;
49
+ /**
50
+ * Custom authorization endpoint URL.
51
+ * Use this to override the default authorization endpoint of the provider.
52
+ * Useful for testing with local OAuth servers or using sandbox environments.
53
+ */
54
+ authorizationEndpoint?: string | undefined;
55
+ /**
56
+ * The client key of your application
57
+ * Tiktok Social Provider uses this field instead of clientId
58
+ */
59
+ clientKey?: string | undefined;
60
+ /**
61
+ * Disable provider from allowing users to sign in
62
+ * with this provider with an id token sent from the
63
+ * client.
64
+ */
65
+ disableIdTokenSignIn?: boolean | undefined;
66
+ /**
67
+ * verifyIdToken function to verify the id token
68
+ */
69
+ verifyIdToken?: ((token: string, nonce?: string) => Promise<boolean>) | undefined;
70
+ /**
71
+ * Custom function to get user info from the provider
72
+ */
73
+ getUserInfo?: ((token: OAuth2Tokens) => Promise<{
74
+ user: {
75
+ id: string;
76
+ name?: string;
77
+ email?: string | null;
78
+ image?: string;
79
+ emailVerified: boolean;
80
+ [key: string]: any;
81
+ };
82
+ data: any;
83
+ } | null>) | undefined;
84
+ /**
85
+ * Custom function to refresh a token
86
+ */
87
+ refreshAccessToken?: ((refreshToken: string) => Promise<OAuth2Tokens>) | undefined;
88
+ /**
89
+ * Custom function to map the provider profile to a
90
+ * user.
91
+ */
92
+ mapProfileToUser?: ((profile: Profile) => {
93
+ id?: string;
94
+ name?: string;
95
+ email?: string | null;
96
+ image?: string;
97
+ emailVerified?: boolean;
98
+ [key: string]: any;
99
+ } | Promise<{
100
+ id?: string;
101
+ name?: string;
102
+ email?: string | null;
103
+ image?: string;
104
+ emailVerified?: boolean;
105
+ [key: string]: any;
106
+ }>) | undefined;
107
+ /**
108
+ * Disable implicit sign up for new users. When set to true for the provider,
109
+ * sign-in need to be called with with requestSignUp as true to create new users.
110
+ */
111
+ disableImplicitSignUp?: boolean | undefined;
112
+ /**
113
+ * Disable sign up for new users.
114
+ */
115
+ disableSignUp?: boolean | undefined;
116
+ /**
117
+ * The prompt to use for the authorization code request
118
+ */
119
+ prompt?: ("select_account" | "consent" | "login" | "none" | "select_account consent") | undefined;
120
+ /**
121
+ * The response mode to use for the authorization code request
122
+ */
123
+ responseMode?: ("query" | "form_post") | undefined;
124
+ /**
125
+ * If enabled, the user info will be overridden with the provider user info
126
+ * This is useful if you want to use the provider user info to update the user info
127
+ *
128
+ * @default false
129
+ */
130
+ overrideUserInfoOnSignIn?: boolean | undefined;
131
+ };
132
+
133
+ /**
134
+ * WeChat user profile information
135
+ * @see https://developers.weixin.qq.com/doc/oplatform/en/Website_App/WeChat_Login/Wechat_Login.html
136
+ */
137
+ interface WeChatProfile extends Record<string, any> {
138
+ /**
139
+ * User's unique OpenID
140
+ */
141
+ openid: string;
142
+ /**
143
+ * User's nickname
144
+ */
145
+ nickname: string;
146
+ /**
147
+ * User's avatar image URL
148
+ */
149
+ headimgurl: string;
150
+ /**
151
+ * User's privileges
152
+ */
153
+ privilege: string[];
154
+ /**
155
+ * User's UnionID (unique across the developer's various applications)
156
+ */
157
+ unionid?: string;
158
+ /** @note Email is currently unsupported by WeChat */
159
+ email?: string;
160
+ }
161
+ interface WeChatOptions extends ProviderOptions<WeChatProfile> {
162
+ /**
163
+ * WeChat App ID
164
+ */
165
+ clientId: string;
166
+ /**
167
+ * WeChat App Secret
168
+ */
169
+ clientSecret: string;
170
+ /**
171
+ * Platform type for WeChat login
172
+ * - Currently only supports "WebsiteApp" for WeChat Website Application (网站应用)
173
+ * @default "WebsiteApp"
174
+ */
175
+ platformType?: "WebsiteApp";
176
+ /**
177
+ * UI language for the WeChat login page
178
+ * cn for Simplified Chinese, en for English
179
+ * @default "cn" if left undefined
180
+ */
181
+ lang?: "cn" | "en";
182
+ }
183
+ declare const wechat: (options: WeChatOptions) => {
184
+ id: "wechat";
185
+ name: string;
186
+ createAuthorizationURL({ state, scopes, redirectURI }: {
187
+ state: string;
188
+ codeVerifier: string;
189
+ scopes?: string[] | undefined;
190
+ redirectURI: string;
191
+ display?: string | undefined;
192
+ loginHint?: string | undefined;
193
+ }): url.URL;
194
+ validateAuthorizationCode: ({ code }: {
195
+ code: string;
196
+ redirectURI: string;
197
+ codeVerifier?: string | undefined;
198
+ deviceId?: string | undefined;
199
+ }) => Promise<{
200
+ tokenType: "Bearer";
201
+ accessToken: string;
202
+ refreshToken: string;
203
+ accessTokenExpiresAt: Date;
204
+ scopes: string[];
205
+ openid: string;
206
+ unionid: string | undefined;
207
+ }>;
208
+ refreshAccessToken: ((refreshToken: string) => Promise<OAuth2Tokens>) | ((refreshToken: string) => Promise<{
209
+ tokenType: "Bearer";
210
+ accessToken: string;
211
+ refreshToken: string;
212
+ accessTokenExpiresAt: Date;
213
+ scopes: string[];
214
+ }>);
215
+ getUserInfo(token: OAuth2Tokens & {
216
+ user?: {
217
+ name?: {
218
+ firstName?: string;
219
+ lastName?: string;
220
+ };
221
+ email?: string;
222
+ } | undefined;
223
+ }): Promise<{
224
+ user: {
225
+ id: string;
226
+ name?: string;
227
+ email?: string | null;
228
+ image?: string;
229
+ emailVerified: boolean;
230
+ [key: string]: any;
231
+ };
232
+ data: any;
233
+ } | null>;
234
+ options: WeChatOptions;
235
+ };
236
+
237
+ interface VercelProfile {
238
+ sub: string;
239
+ name?: string;
240
+ preferred_username?: string;
241
+ email?: string;
242
+ email_verified?: boolean;
243
+ picture?: string;
244
+ }
245
+ interface VercelOptions extends ProviderOptions<VercelProfile> {
246
+ clientId: string;
247
+ }
248
+ declare const vercel: (options: VercelOptions) => {
249
+ id: "vercel";
250
+ name: string;
251
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
252
+ state: string;
253
+ codeVerifier: string;
254
+ scopes?: string[] | undefined;
255
+ redirectURI: string;
256
+ display?: string | undefined;
257
+ loginHint?: string | undefined;
258
+ }): Promise<url.URL>;
259
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
260
+ code: string;
261
+ redirectURI: string;
262
+ codeVerifier?: string | undefined;
263
+ deviceId?: string | undefined;
264
+ }) => Promise<OAuth2Tokens>;
265
+ getUserInfo(token: OAuth2Tokens & {
266
+ user?: {
267
+ name?: {
268
+ firstName?: string;
269
+ lastName?: string;
270
+ };
271
+ email?: string;
272
+ } | undefined;
273
+ }): Promise<{
274
+ user: {
275
+ id: string;
276
+ name?: string;
277
+ email?: string | null;
278
+ image?: string;
279
+ emailVerified: boolean;
280
+ [key: string]: any;
281
+ };
282
+ data: any;
283
+ } | null>;
284
+ options: VercelOptions;
285
+ };
286
+
287
+ interface RailwayProfile {
288
+ /** The user's unique ID (OAuth `sub` claim). */
289
+ sub: string;
290
+ /** The user's email address. */
291
+ email: string;
292
+ /** The user's display name. */
293
+ name: string;
294
+ /** URL of the user's profile picture. */
295
+ picture: string;
296
+ }
297
+ interface RailwayOptions extends ProviderOptions<RailwayProfile> {
298
+ clientId: string;
299
+ }
300
+ declare const railway: (options: RailwayOptions) => {
301
+ id: "railway";
302
+ name: string;
303
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
304
+ state: string;
305
+ codeVerifier: string;
306
+ scopes?: string[] | undefined;
307
+ redirectURI: string;
308
+ display?: string | undefined;
309
+ loginHint?: string | undefined;
310
+ }): Promise<url.URL>;
311
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
312
+ code: string;
313
+ redirectURI: string;
314
+ codeVerifier?: string | undefined;
315
+ deviceId?: string | undefined;
316
+ }) => Promise<OAuth2Tokens>;
317
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
318
+ getUserInfo(token: OAuth2Tokens & {
319
+ user?: {
320
+ name?: {
321
+ firstName?: string;
322
+ lastName?: string;
323
+ };
324
+ email?: string;
325
+ } | undefined;
326
+ }): Promise<{
327
+ user: {
328
+ id: string;
329
+ name?: string;
330
+ email?: string | null;
331
+ image?: string;
332
+ emailVerified: boolean;
333
+ [key: string]: any;
334
+ };
335
+ data: any;
336
+ } | null>;
337
+ options: RailwayOptions;
338
+ };
339
+
340
+ interface PolarProfile {
341
+ id: string;
342
+ email: string;
343
+ username: string;
344
+ avatar_url: string;
345
+ github_username?: string | undefined;
346
+ account_id?: string | undefined;
347
+ public_name?: string | undefined;
348
+ email_verified?: boolean | undefined;
349
+ profile_settings?: {
350
+ profile_settings_enabled?: boolean;
351
+ profile_settings_public_name?: string;
352
+ profile_settings_public_avatar?: string;
353
+ profile_settings_public_bio?: string;
354
+ profile_settings_public_location?: string;
355
+ profile_settings_public_website?: string;
356
+ profile_settings_public_twitter?: string;
357
+ profile_settings_public_github?: string;
358
+ profile_settings_public_email?: string;
359
+ } | undefined;
360
+ }
361
+ interface PolarOptions extends ProviderOptions<PolarProfile> {
362
+ }
363
+ declare const polar: (options: PolarOptions) => {
364
+ id: "polar";
365
+ name: string;
366
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
367
+ state: string;
368
+ codeVerifier: string;
369
+ scopes?: string[] | undefined;
370
+ redirectURI: string;
371
+ display?: string | undefined;
372
+ loginHint?: string | undefined;
373
+ }): Promise<url.URL>;
374
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
375
+ code: string;
376
+ redirectURI: string;
377
+ codeVerifier?: string | undefined;
378
+ deviceId?: string | undefined;
379
+ }) => Promise<OAuth2Tokens>;
380
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
381
+ getUserInfo(token: OAuth2Tokens & {
382
+ user?: {
383
+ name?: {
384
+ firstName?: string;
385
+ lastName?: string;
386
+ };
387
+ email?: string;
388
+ } | undefined;
389
+ }): Promise<{
390
+ user: {
391
+ id: string;
392
+ name?: string;
393
+ email?: string | null;
394
+ image?: string;
395
+ emailVerified: boolean;
396
+ [key: string]: any;
397
+ };
398
+ data: any;
399
+ } | null>;
400
+ options: PolarOptions;
401
+ };
402
+
403
+ /**
404
+ * PayPal Login with PayPal userinfo profile (schema paypalv1.1).
405
+ * @see https://developer.paypal.com/docs/log-in-with-paypal/
406
+ */
407
+ interface PayPalProfile {
408
+ sub?: string | undefined;
409
+ user_id: string;
410
+ name: string;
411
+ given_name: string;
412
+ family_name: string;
413
+ middle_name?: string | undefined;
414
+ picture?: string | undefined;
415
+ email: string;
416
+ email_verified: boolean;
417
+ gender?: string | undefined;
418
+ birthdate?: string | undefined;
419
+ zoneinfo?: string | undefined;
420
+ locale?: string | undefined;
421
+ phone_number?: string | undefined;
422
+ address?: {
423
+ street_address?: string;
424
+ locality?: string;
425
+ region?: string;
426
+ postal_code?: string;
427
+ country?: string;
428
+ } | undefined;
429
+ verified_account?: boolean | undefined;
430
+ account_type?: string | undefined;
431
+ age_range?: string | undefined;
432
+ payer_id?: string | undefined;
433
+ }
434
+ interface PayPalTokenResponse {
435
+ scope?: string | undefined;
436
+ access_token: string;
437
+ refresh_token?: string | undefined;
438
+ token_type: "Bearer";
439
+ id_token?: string | undefined;
440
+ expires_in: number;
441
+ nonce?: string | undefined;
442
+ }
443
+ interface PayPalOptions extends ProviderOptions<PayPalProfile> {
444
+ clientId: string;
445
+ /**
446
+ * PayPal environment - 'sandbox' for testing, 'live' for production
447
+ * @default 'sandbox'
448
+ */
449
+ environment?: ("sandbox" | "live") | undefined;
450
+ /**
451
+ * Whether to request shipping address information
452
+ * @default false
453
+ */
454
+ requestShippingAddress?: boolean | undefined;
455
+ }
456
+
457
+ interface PaybinProfile {
458
+ sub: string;
459
+ email: string;
460
+ email_verified?: boolean | undefined;
461
+ name?: string | undefined;
462
+ preferred_username?: string | undefined;
463
+ picture?: string | undefined;
464
+ given_name?: string | undefined;
465
+ family_name?: string | undefined;
466
+ }
467
+ interface PaybinOptions extends ProviderOptions<PaybinProfile> {
468
+ clientId: string;
469
+ /**
470
+ * The issuer URL of your Paybin OAuth server
471
+ * @default "https://idp.paybin.io"
472
+ */
473
+ issuer?: string | undefined;
474
+ }
475
+ declare const paybin: (options: PaybinOptions) => {
476
+ id: "paybin";
477
+ name: string;
478
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, }: {
479
+ state: string;
480
+ codeVerifier: string;
481
+ scopes?: string[] | undefined;
482
+ redirectURI: string;
483
+ display?: string | undefined;
484
+ loginHint?: string | undefined;
485
+ }): Promise<url.URL>;
486
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
487
+ code: string;
488
+ redirectURI: string;
489
+ codeVerifier?: string | undefined;
490
+ deviceId?: string | undefined;
491
+ }) => Promise<OAuth2Tokens>;
492
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
493
+ getUserInfo(token: OAuth2Tokens & {
494
+ user?: {
495
+ name?: {
496
+ firstName?: string;
497
+ lastName?: string;
498
+ };
499
+ email?: string;
500
+ } | undefined;
501
+ }): Promise<{
502
+ user: {
503
+ id: string;
504
+ name?: string;
505
+ email?: string | null;
506
+ image?: string;
507
+ emailVerified: boolean;
508
+ [key: string]: any;
509
+ };
510
+ data: any;
511
+ } | null>;
512
+ options: PaybinOptions;
513
+ };
514
+
515
+ interface LineIdTokenPayload {
516
+ iss: string;
517
+ sub: string;
518
+ aud: string;
519
+ exp: number;
520
+ iat: number;
521
+ name?: string | undefined;
522
+ picture?: string | undefined;
523
+ email?: string | undefined;
524
+ amr?: string[] | undefined;
525
+ nonce?: string | undefined;
526
+ }
527
+ interface LineUserInfo {
528
+ sub: string;
529
+ name?: string | undefined;
530
+ picture?: string | undefined;
531
+ email?: string | undefined;
532
+ }
533
+ interface LineOptions extends ProviderOptions<LineUserInfo | LineIdTokenPayload> {
534
+ clientId: string;
535
+ }
536
+ /**
537
+ * LINE Login v2.1
538
+ * - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize
539
+ * - Token endpoint: https://api.line.me/oauth2/v2.1/token
540
+ * - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo
541
+ * - Verify ID token: https://api.line.me/oauth2/v2.1/verify
542
+ *
543
+ * Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token
544
+ */
545
+ declare const line: (options: LineOptions) => {
546
+ id: "line";
547
+ name: string;
548
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, }: {
549
+ state: string;
550
+ codeVerifier: string;
551
+ scopes?: string[] | undefined;
552
+ redirectURI: string;
553
+ display?: string | undefined;
554
+ loginHint?: string | undefined;
555
+ }): Promise<url.URL>;
556
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
557
+ code: string;
558
+ redirectURI: string;
559
+ codeVerifier?: string | undefined;
560
+ deviceId?: string | undefined;
561
+ }) => Promise<OAuth2Tokens>;
562
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
563
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
564
+ getUserInfo(token: OAuth2Tokens & {
565
+ user?: {
566
+ name?: {
567
+ firstName?: string;
568
+ lastName?: string;
569
+ };
570
+ email?: string;
571
+ } | undefined;
572
+ }): Promise<{
573
+ user: {
574
+ id: string;
575
+ name?: string;
576
+ email?: string | null;
577
+ image?: string;
578
+ emailVerified: boolean;
579
+ [key: string]: any;
580
+ };
581
+ data: any;
582
+ } | {
583
+ user: {
584
+ id: any;
585
+ name: any;
586
+ email: any;
587
+ image: any;
588
+ emailVerified: false;
589
+ } | {
590
+ id: any;
591
+ name: any;
592
+ email: any;
593
+ image: any;
594
+ emailVerified: boolean;
595
+ } | {
596
+ id: any;
597
+ name: any;
598
+ email: any;
599
+ image: any;
600
+ emailVerified: boolean;
601
+ };
602
+ data: any;
603
+ } | null>;
604
+ options: LineOptions;
605
+ };
606
+
607
+ interface NaverProfile {
608
+ /** API response result code */
609
+ resultcode: string;
610
+ /** API response message */
611
+ message: string;
612
+ response: {
613
+ /** Unique Naver user identifier */
614
+ id: string;
615
+ /** User nickname */
616
+ nickname: string;
617
+ /** User real name */
618
+ name: string;
619
+ /** User email address */
620
+ email: string;
621
+ /** Gender (F: female, M: male, U: unknown) */
622
+ gender: string;
623
+ /** Age range */
624
+ age: string;
625
+ /** Birthday (MM-DD format) */
626
+ birthday: string;
627
+ /** Birth year */
628
+ birthyear: string;
629
+ /** Profile image URL */
630
+ profile_image: string;
631
+ /** Mobile phone number */
632
+ mobile: string;
633
+ };
634
+ }
635
+ interface NaverOptions extends ProviderOptions<NaverProfile> {
636
+ clientId: string;
637
+ }
638
+ declare const naver: (options: NaverOptions) => {
639
+ id: "naver";
640
+ name: string;
641
+ createAuthorizationURL({ state, scopes, redirectURI }: {
642
+ state: string;
643
+ codeVerifier: string;
644
+ scopes?: string[] | undefined;
645
+ redirectURI: string;
646
+ display?: string | undefined;
647
+ loginHint?: string | undefined;
648
+ }): Promise<url.URL>;
649
+ validateAuthorizationCode: ({ code, redirectURI }: {
650
+ code: string;
651
+ redirectURI: string;
652
+ codeVerifier?: string | undefined;
653
+ deviceId?: string | undefined;
654
+ }) => Promise<OAuth2Tokens>;
655
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
656
+ getUserInfo(token: OAuth2Tokens & {
657
+ user?: {
658
+ name?: {
659
+ firstName?: string;
660
+ lastName?: string;
661
+ };
662
+ email?: string;
663
+ } | undefined;
664
+ }): Promise<{
665
+ user: {
666
+ id: string;
667
+ name?: string;
668
+ email?: string | null;
669
+ image?: string;
670
+ emailVerified: boolean;
671
+ [key: string]: any;
672
+ };
673
+ data: any;
674
+ } | {
675
+ user: {
676
+ id: string;
677
+ name: string;
678
+ email: string;
679
+ image: string;
680
+ emailVerified: boolean;
681
+ } | {
682
+ id: string;
683
+ name: string;
684
+ email: string | null;
685
+ image: string;
686
+ emailVerified: boolean;
687
+ } | {
688
+ id: string;
689
+ name: string;
690
+ email: string | null;
691
+ image: string;
692
+ emailVerified: boolean;
693
+ };
694
+ data: NaverProfile;
695
+ } | null>;
696
+ options: NaverOptions;
697
+ };
698
+
699
+ interface Partner {
700
+ /** Partner-specific ID (consent required: kakaotalk_message) */
701
+ uuid?: string | undefined;
702
+ }
703
+ interface Profile {
704
+ /** Nickname (consent required: profile/nickname) */
705
+ nickname?: string | undefined;
706
+ /** Thumbnail image URL (consent required: profile/profile image) */
707
+ thumbnail_image_url?: string | undefined;
708
+ /** Profile image URL (consent required: profile/profile image) */
709
+ profile_image_url?: string | undefined;
710
+ /** Whether the profile image is the default */
711
+ is_default_image?: boolean | undefined;
712
+ /** Whether the nickname is the default */
713
+ is_default_nickname?: boolean | undefined;
714
+ }
715
+ interface KakaoAccount {
716
+ /** Consent required: profile info (nickname/profile image) */
717
+ profile_needs_agreement?: boolean | undefined;
718
+ /** Consent required: nickname */
719
+ profile_nickname_needs_agreement?: boolean | undefined;
720
+ /** Consent required: profile image */
721
+ profile_image_needs_agreement?: boolean | undefined;
722
+ /** Profile info */
723
+ profile?: Profile | undefined;
724
+ /** Consent required: name */
725
+ name_needs_agreement?: boolean | undefined;
726
+ /** Name */
727
+ name?: string | undefined;
728
+ /** Consent required: email */
729
+ email_needs_agreement?: boolean | undefined;
730
+ /** Email valid */
731
+ is_email_valid?: boolean | undefined;
732
+ /** Email verified */
733
+ is_email_verified?: boolean | undefined;
734
+ /** Email */
735
+ email?: string | undefined;
736
+ /** Consent required: age range */
737
+ age_range_needs_agreement?: boolean | undefined;
738
+ /** Age range */
739
+ age_range?: string | undefined;
740
+ /** Consent required: birth year */
741
+ birthyear_needs_agreement?: boolean | undefined;
742
+ /** Birth year (YYYY) */
743
+ birthyear?: string | undefined;
744
+ /** Consent required: birthday */
745
+ birthday_needs_agreement?: boolean | undefined;
746
+ /** Birthday (MMDD) */
747
+ birthday?: string | undefined;
748
+ /** Birthday type (SOLAR/LUNAR) */
749
+ birthday_type?: string | undefined;
750
+ /** Whether birthday is in a leap month */
751
+ is_leap_month?: boolean | undefined;
752
+ /** Consent required: gender */
753
+ gender_needs_agreement?: boolean | undefined;
754
+ /** Gender (male/female) */
755
+ gender?: string | undefined;
756
+ /** Consent required: phone number */
757
+ phone_number_needs_agreement?: boolean | undefined;
758
+ /** Phone number */
759
+ phone_number?: string | undefined;
760
+ /** Consent required: CI */
761
+ ci_needs_agreement?: boolean | undefined;
762
+ /** CI (unique identifier) */
763
+ ci?: string | undefined;
764
+ /** CI authentication time (UTC) */
765
+ ci_authenticated_at?: string | undefined;
766
+ }
767
+ interface KakaoProfile {
768
+ /** Kakao user ID */
769
+ id: number;
770
+ /**
771
+ * Whether the user has signed up (only present if auto-connection is disabled)
772
+ * false: preregistered, true: registered
773
+ */
774
+ has_signed_up?: boolean | undefined;
775
+ /** UTC datetime when the user connected the service */
776
+ connected_at?: string | undefined;
777
+ /** UTC datetime when the user signed up via Kakao Sync */
778
+ synched_at?: string | undefined;
779
+ /** Custom user properties */
780
+ properties?: Record<string, any> | undefined;
781
+ /** Kakao account info */
782
+ kakao_account: KakaoAccount;
783
+ /** Partner info */
784
+ for_partner?: Partner | undefined;
785
+ }
786
+ interface KakaoOptions extends ProviderOptions<KakaoProfile> {
787
+ clientId: string;
788
+ }
789
+ declare const kakao: (options: KakaoOptions) => {
790
+ id: "kakao";
791
+ name: string;
792
+ createAuthorizationURL({ state, scopes, redirectURI }: {
793
+ state: string;
794
+ codeVerifier: string;
795
+ scopes?: string[] | undefined;
796
+ redirectURI: string;
797
+ display?: string | undefined;
798
+ loginHint?: string | undefined;
799
+ }): Promise<url.URL>;
800
+ validateAuthorizationCode: ({ code, redirectURI }: {
801
+ code: string;
802
+ redirectURI: string;
803
+ codeVerifier?: string | undefined;
804
+ deviceId?: string | undefined;
805
+ }) => Promise<OAuth2Tokens>;
806
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
807
+ getUserInfo(token: OAuth2Tokens & {
808
+ user?: {
809
+ name?: {
810
+ firstName?: string;
811
+ lastName?: string;
812
+ };
813
+ email?: string;
814
+ } | undefined;
815
+ }): Promise<{
816
+ user: {
817
+ id: string;
818
+ name?: string;
819
+ email?: string | null;
820
+ image?: string;
821
+ emailVerified: boolean;
822
+ [key: string]: any;
823
+ };
824
+ data: any;
825
+ } | {
826
+ user: {
827
+ id: string;
828
+ name: string;
829
+ email: string | undefined;
830
+ image: string | undefined;
831
+ emailVerified: boolean;
832
+ } | {
833
+ id: string;
834
+ name: string;
835
+ email: string | null;
836
+ image: string;
837
+ emailVerified: boolean;
838
+ } | {
839
+ id: string;
840
+ name: string;
841
+ email: string | null;
842
+ image: string;
843
+ emailVerified: boolean;
844
+ };
845
+ data: KakaoProfile;
846
+ } | null>;
847
+ options: KakaoOptions;
848
+ };
849
+
850
+ interface NotionProfile {
851
+ object: "user";
852
+ id: string;
853
+ type: "person" | "bot";
854
+ name?: string | undefined;
855
+ avatar_url?: string | undefined;
856
+ person?: {
857
+ email?: string;
858
+ } | undefined;
859
+ }
860
+ interface NotionOptions extends ProviderOptions<NotionProfile> {
861
+ clientId: string;
862
+ }
863
+ declare const notion: (options: NotionOptions) => {
864
+ id: "notion";
865
+ name: string;
866
+ createAuthorizationURL({ state, scopes, loginHint, redirectURI }: {
867
+ state: string;
868
+ codeVerifier: string;
869
+ scopes?: string[] | undefined;
870
+ redirectURI: string;
871
+ display?: string | undefined;
872
+ loginHint?: string | undefined;
873
+ }): Promise<url.URL>;
874
+ validateAuthorizationCode: ({ code, redirectURI }: {
875
+ code: string;
876
+ redirectURI: string;
877
+ codeVerifier?: string | undefined;
878
+ deviceId?: string | undefined;
879
+ }) => Promise<OAuth2Tokens>;
880
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
881
+ getUserInfo(token: OAuth2Tokens & {
882
+ user?: {
883
+ name?: {
884
+ firstName?: string;
885
+ lastName?: string;
886
+ };
887
+ email?: string;
888
+ } | undefined;
889
+ }): Promise<{
890
+ user: {
891
+ id: string;
892
+ name?: string;
893
+ email?: string | null;
894
+ image?: string;
895
+ emailVerified: boolean;
896
+ [key: string]: any;
897
+ };
898
+ data: any;
899
+ } | null>;
900
+ options: NotionOptions;
901
+ };
902
+
903
+ /**
904
+ * Lifecycle status for linked social / external accounts.
905
+ *
906
+ * Used by Zoom profile fields and as a general-purpose account status enum
907
+ * for SSO / social linking flows in Athena Auth consumers.
908
+ *
909
+ * - `pending` — invited or awaiting activation
910
+ * - `active` — usable
911
+ * - `inactive` — disabled or suspended
912
+ */
913
+ type AccountStatus = 'pending' | 'active' | 'inactive';
914
+
915
+ /**
916
+ * Zoom OAuth / Users API profile and related option types.
917
+ * @see https://developers.zoom.us/docs/api/users/#tag/users/GET/users/{userId}
918
+ */
919
+ type LoginType = 0 /** Facebook OAuth */ | 1 /** Google OAuth */ | 24 /** Apple OAuth */ | 27 /** Microsoft OAuth */ | 97 /** Mobile device */ | 98 /** RingCentral OAuth */ | 99 /** API user */ | 100 /** Zoom Work email */ | 101; /** Single Sign-On (SSO) */
920
+ type PronounOption = 1 /** Ask the user every time */ | 2 /** Always display */ | 3; /** Do not display */
921
+ interface PhoneNumber {
922
+ /** The country code of the phone number (Example: "+1") */
923
+ code: string;
924
+ /** The country of the phone number (Example: "US") */
925
+ country: string;
926
+ /** The label for the phone number (Example: "Mobile") */
927
+ label: string;
928
+ /** The phone number itself (Example: "800000000") */
929
+ number: string;
930
+ /** Whether the phone number has been verified (Example: true) */
931
+ verified: boolean;
932
+ }
933
+ /**
934
+ * See the full documentation below:
935
+ * https://developers.zoom.us/docs/api/users/#tag/users/GET/users/{userId}
936
+ */
937
+ interface ZoomProfile extends Record<string, any> {
938
+ /** The user's account ID (Example: "q6gBJVO5TzexKYTb_I2rpg") */
939
+ account_id: string;
940
+ /** The user's account number (Example: 10009239) */
941
+ account_number: number;
942
+ /** The user's cluster (Example: "us04") */
943
+ cluster: string;
944
+ /** The user's CMS ID. Only enabled for Kaltura integration (Example: "KDcuGIm1QgePTO8WbOqwIQ") */
945
+ cms_user_id: string;
946
+ /** The user's cost center (Example: "cost center") */
947
+ cost_center: string;
948
+ /** User create time (Example: "2018-10-31T04:32:37Z") */
949
+ created_at: string;
950
+ /** Department (Example: "Developers") */
951
+ dept: string;
952
+ /** User's display name (Example: "Jill Chill") */
953
+ display_name: string;
954
+ /** User's email address (Example: "jchill@example.com") */
955
+ email: string;
956
+ /** User's first name (Example: "Jill") */
957
+ first_name: string;
958
+ /** IDs of the web groups that the user belongs to (Example: ["RSMaSp8sTEGK0_oamiA2_w"]) */
959
+ group_ids: string[];
960
+ /** User ID (Example: "zJKyaiAyTNC-MWjiWC18KQ") */
961
+ id: string;
962
+ /** IM IDs of the groups that the user belongs to (Example: ["t-_-d56CSWG-7BF15LLrOw"]) */
963
+ im_group_ids: string[];
964
+ /** The user's JID (Example: "jchill@example.com") */
965
+ jid: string;
966
+ /** The user's job title (Example: "API Developer") */
967
+ job_title: string;
968
+ /** Default language for the Zoom Web Portal (Example: "en-US") */
969
+ language: string;
970
+ /** User last login client version (Example: "5.9.6.4993(mac)") */
971
+ last_client_version: string;
972
+ /** User last login time (Example: "2021-05-05T20:40:30Z") */
973
+ last_login_time: string;
974
+ /** User's last name (Example: "Chill") */
975
+ last_name: string;
976
+ /** The time zone of the user (Example: "Asia/Shanghai") */
977
+ timezone: string;
978
+ /** User's location (Example: "Paris") */
979
+ location: string;
980
+ /** The user's login method (Example: 101) */
981
+ login_types: LoginType[];
982
+ /** User's personal meeting URL (Example: "example.com") */
983
+ personal_meeting_url: string;
984
+ /** The URL for user's profile picture (Example: "example.com") */
985
+ pic_url: string;
986
+ /** Personal Meeting ID (PMI) (Example: 3542471135) */
987
+ pmi: number;
988
+ /** Unique identifier of the user's assigned role (Example: "0") */
989
+ role_id: string;
990
+ /** User's role name (Example: "Admin") */
991
+ role_name: string;
992
+ /** Status of user's account (Example: "pending") */
993
+ status: AccountStatus;
994
+ /** Use the personal meeting ID (PMI) for instant meetings (Example: false) */
995
+ use_pmi: boolean;
996
+ /** The time and date when the user was created (Example: "2018-10-31T04:32:37Z") */
997
+ user_created_at: string;
998
+ /** Displays whether user is verified or not (Example: 1) */
999
+ verified: number;
1000
+ /** The user's Zoom Workplace plan option (Example: 64) */
1001
+ zoom_one_type: number;
1002
+ /** The user's company (Example: "Jill") */
1003
+ company?: string | undefined;
1004
+ /** Custom attributes that have been assigned to the user (Example: [{ "key": "cbf_cywdkexrtqc73f97gd4w6g", "name": "A1", "value": "1" }]) */
1005
+ custom_attributes?: {
1006
+ key: string;
1007
+ name: string;
1008
+ value: string;
1009
+ }[] | undefined;
1010
+ /** The employee's unique ID. This field only returns when SAML single sign-on (SSO) is enabled. The `login_type` value is `101` (SSO) (Example: "HqDyI037Qjili1kNsSIrIg") */
1011
+ employee_unique_id?: string | undefined;
1012
+ /** The manager for the user (Example: "thill@example.com") */
1013
+ manager?: string | undefined;
1014
+ /** The phone number's ISO country code (Example: "+1") */
1015
+ phone_numbers?: PhoneNumber[] | undefined;
1016
+ /** The user's plan type (Example: "1") */
1017
+ plan_united_type?: string | undefined;
1018
+ /** The user's pronouns (Example: "3123") */
1019
+ pronouns?: string | undefined;
1020
+ /** The user's display pronouns setting (Example: 1) */
1021
+ pronouns_option?: PronounOption | undefined;
1022
+ /** Personal meeting room URL, if the user has one (Example: "example.com") */
1023
+ vanity_url?: string | undefined;
1024
+ }
1025
+ interface ZoomOptions extends ProviderOptions<ZoomProfile> {
1026
+ clientId: string;
1027
+ pkce?: boolean | undefined;
1028
+ }
1029
+
1030
+ interface VkProfile {
1031
+ user: {
1032
+ user_id: string;
1033
+ first_name: string;
1034
+ last_name: string;
1035
+ email?: string | undefined;
1036
+ phone?: number | undefined;
1037
+ avatar?: string | undefined;
1038
+ sex?: number | undefined;
1039
+ verified?: boolean | undefined;
1040
+ birthday: string;
1041
+ };
1042
+ }
1043
+ interface VkOption extends ProviderOptions {
1044
+ clientId: string;
1045
+ scheme?: ("light" | "dark") | undefined;
1046
+ }
1047
+ declare const vk: (options: VkOption) => {
1048
+ id: "vk";
1049
+ name: string;
1050
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
1051
+ state: string;
1052
+ codeVerifier: string;
1053
+ scopes?: string[] | undefined;
1054
+ redirectURI: string;
1055
+ display?: string | undefined;
1056
+ loginHint?: string | undefined;
1057
+ }): Promise<url.URL>;
1058
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI, deviceId, }: {
1059
+ code: string;
1060
+ redirectURI: string;
1061
+ codeVerifier?: string | undefined;
1062
+ deviceId?: string | undefined;
1063
+ }) => Promise<OAuth2Tokens>;
1064
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1065
+ getUserInfo(data: OAuth2Tokens & {
1066
+ user?: {
1067
+ name?: {
1068
+ firstName?: string;
1069
+ lastName?: string;
1070
+ };
1071
+ email?: string;
1072
+ } | undefined;
1073
+ }): Promise<{
1074
+ user: {
1075
+ id: string;
1076
+ name?: string;
1077
+ email?: string | null;
1078
+ image?: string;
1079
+ emailVerified: boolean;
1080
+ [key: string]: any;
1081
+ };
1082
+ data: any;
1083
+ } | null>;
1084
+ options: VkOption;
1085
+ };
1086
+
1087
+ interface SalesforceProfile {
1088
+ sub: string;
1089
+ user_id: string;
1090
+ organization_id: string;
1091
+ preferred_username?: string | undefined;
1092
+ email: string;
1093
+ email_verified?: boolean | undefined;
1094
+ name: string;
1095
+ given_name?: string | undefined;
1096
+ family_name?: string | undefined;
1097
+ zoneinfo?: string | undefined;
1098
+ photos?: {
1099
+ picture?: string;
1100
+ thumbnail?: string;
1101
+ } | undefined;
1102
+ }
1103
+ interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {
1104
+ clientId: string;
1105
+ environment?: ("sandbox" | "production") | undefined;
1106
+ loginUrl?: string | undefined;
1107
+ /**
1108
+ * Override the redirect URI if auto-detection fails.
1109
+ * Should match the Callback URL configured in your Salesforce Connected App.
1110
+ * @example "http://localhost:3000/api/auth/callback/salesforce"
1111
+ */
1112
+ redirectURI?: string | undefined;
1113
+ }
1114
+ declare const salesforce: (options: SalesforceOptions) => {
1115
+ id: "salesforce";
1116
+ name: string;
1117
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
1118
+ state: string;
1119
+ codeVerifier: string;
1120
+ scopes?: string[] | undefined;
1121
+ redirectURI: string;
1122
+ display?: string | undefined;
1123
+ loginHint?: string | undefined;
1124
+ }): Promise<url.URL>;
1125
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
1126
+ code: string;
1127
+ redirectURI: string;
1128
+ codeVerifier?: string | undefined;
1129
+ deviceId?: string | undefined;
1130
+ }) => Promise<OAuth2Tokens>;
1131
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1132
+ getUserInfo(token: OAuth2Tokens & {
1133
+ user?: {
1134
+ name?: {
1135
+ firstName?: string;
1136
+ lastName?: string;
1137
+ };
1138
+ email?: string;
1139
+ } | undefined;
1140
+ }): Promise<{
1141
+ user: {
1142
+ id: string;
1143
+ name?: string;
1144
+ email?: string | null;
1145
+ image?: string;
1146
+ emailVerified: boolean;
1147
+ [key: string]: any;
1148
+ };
1149
+ data: any;
1150
+ } | null>;
1151
+ options: SalesforceOptions;
1152
+ };
1153
+
1154
+ interface RobloxProfile extends Record<string, any> {
1155
+ /** the user's id */
1156
+ sub: string;
1157
+ /** the user's username */
1158
+ preferred_username: string;
1159
+ /** the user's display name, will return the same value as the preferred_username if not set */
1160
+ nickname: string;
1161
+ /** the user's display name, again, will return the same value as the preferred_username if not set */
1162
+ name: string;
1163
+ /** the account creation date as a unix timestamp in seconds */
1164
+ created_at: number;
1165
+ /** the user's profile URL */
1166
+ profile: string;
1167
+ /** the user's avatar URL */
1168
+ picture: string;
1169
+ }
1170
+ interface RobloxOptions extends ProviderOptions<RobloxProfile> {
1171
+ clientId: string;
1172
+ prompt?: ("none" | "consent" | "login" | "select_account" | "select_account consent") | undefined;
1173
+ }
1174
+ declare const roblox: (options: RobloxOptions) => {
1175
+ id: "roblox";
1176
+ name: string;
1177
+ createAuthorizationURL({ state, scopes, redirectURI }: {
1178
+ state: string;
1179
+ codeVerifier: string;
1180
+ scopes?: string[] | undefined;
1181
+ redirectURI: string;
1182
+ display?: string | undefined;
1183
+ loginHint?: string | undefined;
1184
+ }): url.URL;
1185
+ validateAuthorizationCode: ({ code, redirectURI }: {
1186
+ code: string;
1187
+ redirectURI: string;
1188
+ codeVerifier?: string | undefined;
1189
+ deviceId?: string | undefined;
1190
+ }) => Promise<OAuth2Tokens>;
1191
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1192
+ getUserInfo(token: OAuth2Tokens & {
1193
+ user?: {
1194
+ name?: {
1195
+ firstName?: string;
1196
+ lastName?: string;
1197
+ };
1198
+ email?: string;
1199
+ } | undefined;
1200
+ }): Promise<{
1201
+ user: {
1202
+ id: string;
1203
+ name?: string;
1204
+ email?: string | null;
1205
+ image?: string;
1206
+ emailVerified: boolean;
1207
+ [key: string]: any;
1208
+ };
1209
+ data: any;
1210
+ } | null>;
1211
+ options: RobloxOptions;
1212
+ };
1213
+
1214
+ interface RedditProfile {
1215
+ id: string;
1216
+ name: string;
1217
+ icon_img: string | null;
1218
+ has_verified_email: boolean;
1219
+ oauth_client_id: string;
1220
+ verified: boolean;
1221
+ }
1222
+ interface RedditOptions extends ProviderOptions<RedditProfile> {
1223
+ clientId: string;
1224
+ duration?: string | undefined;
1225
+ }
1226
+ declare const reddit: (options: RedditOptions) => {
1227
+ id: "reddit";
1228
+ name: string;
1229
+ createAuthorizationURL({ state, scopes, redirectURI }: {
1230
+ state: string;
1231
+ codeVerifier: string;
1232
+ scopes?: string[] | undefined;
1233
+ redirectURI: string;
1234
+ display?: string | undefined;
1235
+ loginHint?: string | undefined;
1236
+ }): Promise<url.URL>;
1237
+ validateAuthorizationCode: ({ code, redirectURI }: {
1238
+ code: string;
1239
+ redirectURI: string;
1240
+ codeVerifier?: string | undefined;
1241
+ deviceId?: string | undefined;
1242
+ }) => Promise<OAuth2Tokens>;
1243
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1244
+ getUserInfo(token: OAuth2Tokens & {
1245
+ user?: {
1246
+ name?: {
1247
+ firstName?: string;
1248
+ lastName?: string;
1249
+ };
1250
+ email?: string;
1251
+ } | undefined;
1252
+ }): Promise<{
1253
+ user: {
1254
+ id: string;
1255
+ name?: string;
1256
+ email?: string | null;
1257
+ image?: string;
1258
+ emailVerified: boolean;
1259
+ [key: string]: any;
1260
+ };
1261
+ data: any;
1262
+ } | null>;
1263
+ options: RedditOptions;
1264
+ };
1265
+
1266
+ /**
1267
+ * [More info](https://developers.tiktok.com/doc/tiktok-api-v2-get-user-info/)
1268
+ */
1269
+ interface TiktokProfile extends Record<string, any> {
1270
+ data: {
1271
+ user: {
1272
+ /**
1273
+ * The unique identification of the user in the current application.Open id
1274
+ * for the client.
1275
+ *
1276
+ * To return this field, add `fields=open_id` in the user profile request's query parameter.
1277
+ */
1278
+ open_id: string;
1279
+ /**
1280
+ * The unique identification of the user across different apps for the same developer.
1281
+ * For example, if a partner has X number of clients,
1282
+ * it will get X number of open_id for the same TikTok user,
1283
+ * but one persistent union_id for the particular user.
1284
+ *
1285
+ * To return this field, add `fields=union_id` in the user profile request's query parameter.
1286
+ */
1287
+ union_id?: string | undefined;
1288
+ /**
1289
+ * User's profile image.
1290
+ *
1291
+ * To return this field, add `fields=avatar_url` in the user profile request's query parameter.
1292
+ */
1293
+ avatar_url?: string | undefined;
1294
+ /**
1295
+ * User`s profile image in 100x100 size.
1296
+ *
1297
+ * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.
1298
+ */
1299
+ avatar_url_100?: string | undefined;
1300
+ /**
1301
+ * User's profile image with higher resolution
1302
+ *
1303
+ * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.
1304
+ */
1305
+ avatar_large_url: string;
1306
+ /**
1307
+ * User's profile name
1308
+ *
1309
+ * To return this field, add `fields=display_name` in the user profile request's query parameter.
1310
+ */
1311
+ display_name: string;
1312
+ /**
1313
+ * User's username.
1314
+ *
1315
+ * To return this field, add `fields=username` in the user profile request's query parameter.
1316
+ */
1317
+ username: string;
1318
+ /** @note Email is currently unsupported by TikTok */
1319
+ email?: string | undefined;
1320
+ /**
1321
+ * User's bio description if there is a valid one.
1322
+ *
1323
+ * To return this field, add `fields=bio_description` in the user profile request's query parameter.
1324
+ */
1325
+ bio_description?: string | undefined;
1326
+ /**
1327
+ * The link to user's TikTok profile page.
1328
+ *
1329
+ * To return this field, add `fields=profile_deep_link` in the user profile request's query parameter.
1330
+ */
1331
+ profile_deep_link?: string | undefined;
1332
+ /**
1333
+ * Whether TikTok has provided a verified badge to the account after confirming
1334
+ * that it belongs to the user it represents.
1335
+ *
1336
+ * To return this field, add `fields=is_verified` in the user profile request's query parameter.
1337
+ */
1338
+ is_verified?: boolean | undefined;
1339
+ /**
1340
+ * User's followers count.
1341
+ *
1342
+ * To return this field, add `fields=follower_count` in the user profile request's query parameter.
1343
+ */
1344
+ follower_count?: number | undefined;
1345
+ /**
1346
+ * The number of accounts that the user is following.
1347
+ *
1348
+ * To return this field, add `fields=following_count` in the user profile request's query parameter.
1349
+ */
1350
+ following_count?: number | undefined;
1351
+ /**
1352
+ * The total number of likes received by the user across all of their videos.
1353
+ *
1354
+ * To return this field, add `fields=likes_count` in the user profile request's query parameter.
1355
+ */
1356
+ likes_count?: number | undefined;
1357
+ /**
1358
+ * The total number of publicly posted videos by the user.
1359
+ *
1360
+ * To return this field, add `fields=video_count` in the user profile request's query parameter.
1361
+ */
1362
+ video_count?: number | undefined;
1363
+ };
1364
+ };
1365
+ error?: {
1366
+ /**
1367
+ * The error category in string.
1368
+ */
1369
+ code?: string;
1370
+ /**
1371
+ * The error message in string.
1372
+ */
1373
+ message?: string;
1374
+ /**
1375
+ * The error message in string.
1376
+ */
1377
+ log_id?: string;
1378
+ } | undefined;
1379
+ }
1380
+ interface TiktokOptions extends ProviderOptions {
1381
+ clientId?: never | undefined;
1382
+ clientSecret: string;
1383
+ clientKey: string;
1384
+ }
1385
+ declare const tiktok: (options: TiktokOptions) => {
1386
+ id: "tiktok";
1387
+ name: string;
1388
+ createAuthorizationURL({ state, scopes, redirectURI }: {
1389
+ state: string;
1390
+ codeVerifier: string;
1391
+ scopes?: string[] | undefined;
1392
+ redirectURI: string;
1393
+ display?: string | undefined;
1394
+ loginHint?: string | undefined;
1395
+ }): url.URL;
1396
+ validateAuthorizationCode: ({ code, redirectURI }: {
1397
+ code: string;
1398
+ redirectURI: string;
1399
+ codeVerifier?: string | undefined;
1400
+ deviceId?: string | undefined;
1401
+ }) => Promise<OAuth2Tokens>;
1402
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1403
+ getUserInfo(token: OAuth2Tokens & {
1404
+ user?: {
1405
+ name?: {
1406
+ firstName?: string;
1407
+ lastName?: string;
1408
+ };
1409
+ email?: string;
1410
+ } | undefined;
1411
+ }): Promise<{
1412
+ user: {
1413
+ id: string;
1414
+ name?: string;
1415
+ email?: string | null;
1416
+ image?: string;
1417
+ emailVerified: boolean;
1418
+ [key: string]: any;
1419
+ };
1420
+ data: any;
1421
+ } | null>;
1422
+ options: TiktokOptions;
1423
+ };
1424
+
1425
+ interface GitlabProfile extends Record<string, any> {
1426
+ id: number;
1427
+ username: string;
1428
+ email: string;
1429
+ name: string;
1430
+ state: string;
1431
+ avatar_url: string;
1432
+ web_url: string;
1433
+ created_at: string;
1434
+ bio: string;
1435
+ location?: string | undefined;
1436
+ public_email: string;
1437
+ skype: string;
1438
+ linkedin: string;
1439
+ twitter: string;
1440
+ website_url: string;
1441
+ organization: string;
1442
+ job_title: string;
1443
+ pronouns: string;
1444
+ bot: boolean;
1445
+ work_information?: string | undefined;
1446
+ followers: number;
1447
+ following: number;
1448
+ local_time: string;
1449
+ last_sign_in_at: string;
1450
+ confirmed_at: string;
1451
+ theme_id: number;
1452
+ last_activity_on: string;
1453
+ color_scheme_id: number;
1454
+ projects_limit: number;
1455
+ current_sign_in_at: string;
1456
+ identities: Array<{
1457
+ provider: string;
1458
+ extern_uid: string;
1459
+ }>;
1460
+ can_create_group: boolean;
1461
+ can_create_project: boolean;
1462
+ two_factor_enabled: boolean;
1463
+ external: boolean;
1464
+ private_profile: boolean;
1465
+ commit_email: string;
1466
+ shared_runners_minutes_limit: number;
1467
+ extra_shared_runners_minutes_limit: number;
1468
+ email_verified?: boolean | undefined;
1469
+ }
1470
+ interface GitlabOptions extends ProviderOptions<GitlabProfile> {
1471
+ clientId: string;
1472
+ issuer?: string | undefined;
1473
+ }
1474
+ declare const gitlab: (options: GitlabOptions) => {
1475
+ id: "gitlab";
1476
+ name: string;
1477
+ createAuthorizationURL: ({ state, scopes, codeVerifier, loginHint, redirectURI, }: {
1478
+ state: string;
1479
+ codeVerifier: string;
1480
+ scopes?: string[] | undefined;
1481
+ redirectURI: string;
1482
+ display?: string | undefined;
1483
+ loginHint?: string | undefined;
1484
+ }) => Promise<url.URL>;
1485
+ validateAuthorizationCode: ({ code, redirectURI, codeVerifier }: {
1486
+ code: string;
1487
+ redirectURI: string;
1488
+ codeVerifier?: string | undefined;
1489
+ deviceId?: string | undefined;
1490
+ }) => Promise<OAuth2Tokens>;
1491
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1492
+ getUserInfo(token: OAuth2Tokens & {
1493
+ user?: {
1494
+ name?: {
1495
+ firstName?: string;
1496
+ lastName?: string;
1497
+ };
1498
+ email?: string;
1499
+ } | undefined;
1500
+ }): Promise<{
1501
+ user: {
1502
+ id: string;
1503
+ name?: string;
1504
+ email?: string | null;
1505
+ image?: string;
1506
+ emailVerified: boolean;
1507
+ [key: string]: any;
1508
+ };
1509
+ data: any;
1510
+ } | {
1511
+ user: {
1512
+ id: number;
1513
+ name: string;
1514
+ email: string;
1515
+ image: string;
1516
+ emailVerified: boolean;
1517
+ } | {
1518
+ id: string | number;
1519
+ name: string;
1520
+ email: string | null;
1521
+ image: string;
1522
+ emailVerified: boolean;
1523
+ } | {
1524
+ id: string | number;
1525
+ name: string;
1526
+ email: string | null;
1527
+ image: string;
1528
+ emailVerified: boolean;
1529
+ };
1530
+ data: GitlabProfile;
1531
+ } | null>;
1532
+ options: GitlabOptions;
1533
+ };
1534
+
1535
+ interface LinkedInProfile {
1536
+ sub: string;
1537
+ name: string;
1538
+ given_name: string;
1539
+ family_name: string;
1540
+ picture: string;
1541
+ locale: {
1542
+ country: string;
1543
+ language: string;
1544
+ };
1545
+ email?: string;
1546
+ email_verified?: boolean;
1547
+ }
1548
+ interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {
1549
+ clientId: string;
1550
+ }
1551
+ declare const linkedin: (options: LinkedInOptions) => {
1552
+ id: "linkedin";
1553
+ name: string;
1554
+ createAuthorizationURL: ({ state, scopes, redirectURI, loginHint, }: {
1555
+ state: string;
1556
+ codeVerifier: string;
1557
+ scopes?: string[] | undefined;
1558
+ redirectURI: string;
1559
+ display?: string | undefined;
1560
+ loginHint?: string | undefined;
1561
+ }) => Promise<url.URL>;
1562
+ validateAuthorizationCode: ({ code, redirectURI }: {
1563
+ code: string;
1564
+ redirectURI: string;
1565
+ codeVerifier?: string | undefined;
1566
+ deviceId?: string | undefined;
1567
+ }) => Promise<OAuth2Tokens>;
1568
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1569
+ getUserInfo(token: OAuth2Tokens & {
1570
+ user?: {
1571
+ name?: {
1572
+ firstName?: string;
1573
+ lastName?: string;
1574
+ };
1575
+ email?: string;
1576
+ } | undefined;
1577
+ }): Promise<{
1578
+ user: {
1579
+ id: string;
1580
+ name?: string;
1581
+ email?: string | null;
1582
+ image?: string;
1583
+ emailVerified: boolean;
1584
+ [key: string]: any;
1585
+ };
1586
+ data: any;
1587
+ } | null>;
1588
+ options: LinkedInOptions;
1589
+ };
1590
+
1591
+ interface LinearUser {
1592
+ id: string;
1593
+ name: string;
1594
+ email: string;
1595
+ avatarUrl?: string | undefined;
1596
+ active: boolean;
1597
+ createdAt: string;
1598
+ updatedAt: string;
1599
+ }
1600
+ interface LinearProfile {
1601
+ data: {
1602
+ viewer: LinearUser;
1603
+ };
1604
+ }
1605
+ interface LinearOptions extends ProviderOptions<LinearUser> {
1606
+ clientId: string;
1607
+ }
1608
+ declare const linear: (options: LinearOptions) => {
1609
+ id: "linear";
1610
+ name: string;
1611
+ createAuthorizationURL({ state, scopes, loginHint, redirectURI }: {
1612
+ state: string;
1613
+ codeVerifier: string;
1614
+ scopes?: string[] | undefined;
1615
+ redirectURI: string;
1616
+ display?: string | undefined;
1617
+ loginHint?: string | undefined;
1618
+ }): Promise<url.URL>;
1619
+ validateAuthorizationCode: ({ code, redirectURI }: {
1620
+ code: string;
1621
+ redirectURI: string;
1622
+ codeVerifier?: string | undefined;
1623
+ deviceId?: string | undefined;
1624
+ }) => Promise<OAuth2Tokens>;
1625
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1626
+ getUserInfo(token: OAuth2Tokens & {
1627
+ user?: {
1628
+ name?: {
1629
+ firstName?: string;
1630
+ lastName?: string;
1631
+ };
1632
+ email?: string;
1633
+ } | undefined;
1634
+ }): Promise<{
1635
+ user: {
1636
+ id: string;
1637
+ name?: string;
1638
+ email?: string | null;
1639
+ image?: string;
1640
+ emailVerified: boolean;
1641
+ [key: string]: any;
1642
+ };
1643
+ data: any;
1644
+ } | null>;
1645
+ options: LinearOptions;
1646
+ };
1647
+
1648
+ interface KickProfile {
1649
+ /**
1650
+ * The user id of the user
1651
+ */
1652
+ user_id: string;
1653
+ /**
1654
+ * The name of the user
1655
+ */
1656
+ name: string;
1657
+ /**
1658
+ * The email of the user
1659
+ */
1660
+ email: string;
1661
+ /**
1662
+ * The picture of the user
1663
+ */
1664
+ profile_picture: string;
1665
+ }
1666
+ interface KickOptions extends ProviderOptions<KickProfile> {
1667
+ clientId: string;
1668
+ }
1669
+ declare const kick: (options: KickOptions) => {
1670
+ id: "kick";
1671
+ name: string;
1672
+ createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }: {
1673
+ state: string;
1674
+ codeVerifier: string;
1675
+ scopes?: string[] | undefined;
1676
+ redirectURI: string;
1677
+ display?: string | undefined;
1678
+ loginHint?: string | undefined;
1679
+ }): Promise<url.URL>;
1680
+ validateAuthorizationCode({ code, redirectURI, codeVerifier }: {
1681
+ code: string;
1682
+ redirectURI: string;
1683
+ codeVerifier?: string | undefined;
1684
+ deviceId?: string | undefined;
1685
+ }): Promise<OAuth2Tokens>;
1686
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1687
+ getUserInfo(token: OAuth2Tokens & {
1688
+ user?: {
1689
+ name?: {
1690
+ firstName?: string;
1691
+ lastName?: string;
1692
+ };
1693
+ email?: string;
1694
+ } | undefined;
1695
+ }): Promise<{
1696
+ user: {
1697
+ id: string;
1698
+ name?: string;
1699
+ email?: string | null;
1700
+ image?: string;
1701
+ emailVerified: boolean;
1702
+ [key: string]: any;
1703
+ };
1704
+ data: any;
1705
+ } | null>;
1706
+ options: KickOptions;
1707
+ };
1708
+
1709
+ interface DropboxProfile {
1710
+ account_id: string;
1711
+ name: {
1712
+ given_name: string;
1713
+ surname: string;
1714
+ familiar_name: string;
1715
+ display_name: string;
1716
+ abbreviated_name: string;
1717
+ };
1718
+ email: string;
1719
+ email_verified: boolean;
1720
+ profile_photo_url: string;
1721
+ }
1722
+ interface DropboxOptions extends ProviderOptions<DropboxProfile> {
1723
+ clientId: string;
1724
+ accessType?: ("offline" | "online" | "legacy") | undefined;
1725
+ }
1726
+ declare const dropbox: (options: DropboxOptions) => {
1727
+ id: "dropbox";
1728
+ name: string;
1729
+ createAuthorizationURL: ({ state, scopes, codeVerifier, redirectURI, }: {
1730
+ state: string;
1731
+ codeVerifier: string;
1732
+ scopes?: string[] | undefined;
1733
+ redirectURI: string;
1734
+ display?: string | undefined;
1735
+ loginHint?: string | undefined;
1736
+ }) => Promise<url.URL>;
1737
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
1738
+ code: string;
1739
+ redirectURI: string;
1740
+ codeVerifier?: string | undefined;
1741
+ deviceId?: string | undefined;
1742
+ }) => Promise<OAuth2Tokens>;
1743
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1744
+ getUserInfo(token: OAuth2Tokens & {
1745
+ user?: {
1746
+ name?: {
1747
+ firstName?: string;
1748
+ lastName?: string;
1749
+ };
1750
+ email?: string;
1751
+ } | undefined;
1752
+ }): Promise<{
1753
+ user: {
1754
+ id: string;
1755
+ name?: string;
1756
+ email?: string | null;
1757
+ image?: string;
1758
+ emailVerified: boolean;
1759
+ [key: string]: any;
1760
+ };
1761
+ data: any;
1762
+ } | null>;
1763
+ options: DropboxOptions;
1764
+ };
1765
+
1766
+ interface TwitterProfile {
1767
+ data: {
1768
+ /**
1769
+ * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools
1770
+ * that cannot handle large integers.
1771
+ */
1772
+ id: string;
1773
+ /** The friendly name of this user, as shown on their profile. */
1774
+ name: string;
1775
+ /** The email address of this user. */
1776
+ email?: string | undefined;
1777
+ /** The Twitter handle (screen name) of this user. */
1778
+ username: string;
1779
+ /**
1780
+ * The location specified in the user's profile, if the user provided one.
1781
+ * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.
1782
+ *
1783
+ * To return this field, add `user.fields=location` in the authorization request's query parameter.
1784
+ */
1785
+ location?: string | undefined;
1786
+ /**
1787
+ * This object and its children fields contain details about text that has a special meaning in the user's description.
1788
+ *
1789
+ *To return this field, add `user.fields=entities` in the authorization request's query parameter.
1790
+ */
1791
+ entities?: {
1792
+ /** Contains details about the user's profile website. */
1793
+ url: {
1794
+ /** Contains details about the user's profile website. */
1795
+ urls: Array<{
1796
+ /** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */
1797
+ start: number;
1798
+ /** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */
1799
+ end: number;
1800
+ /** The URL in the format entered by the user. */
1801
+ url: string;
1802
+ /** The fully resolved URL. */
1803
+ expanded_url: string;
1804
+ /** The URL as displayed in the user's profile. */
1805
+ display_url: string;
1806
+ }>;
1807
+ };
1808
+ /** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */
1809
+ description: {
1810
+ hashtags: Array<{
1811
+ start: number;
1812
+ end: number;
1813
+ tag: string;
1814
+ }>;
1815
+ };
1816
+ } | undefined;
1817
+ /**
1818
+ * Indicate if this user is a verified Twitter user.
1819
+ *
1820
+ * To return this field, add `user.fields=verified` in the authorization request's query parameter.
1821
+ */
1822
+ verified?: boolean | undefined;
1823
+ /**
1824
+ * The text of this user's profile description (also known as bio), if the user provided one.
1825
+ *
1826
+ * To return this field, add `user.fields=description` in the authorization request's query parameter.
1827
+ */
1828
+ description?: string | undefined;
1829
+ /**
1830
+ * The URL specified in the user's profile, if present.
1831
+ *
1832
+ * To return this field, add `user.fields=url` in the authorization request's query parameter.
1833
+ */
1834
+ url?: string | undefined;
1835
+ /** The URL to the profile image for this user, as shown on the user's profile. */
1836
+ profile_image_url?: string | undefined;
1837
+ protected?: boolean | undefined;
1838
+ /**
1839
+ * Unique identifier of this user's pinned Tweet.
1840
+ *
1841
+ * You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.
1842
+ */
1843
+ pinned_tweet_id?: string | undefined;
1844
+ created_at?: string | undefined;
1845
+ };
1846
+ includes?: {
1847
+ tweets?: Array<{
1848
+ id: string;
1849
+ text: string;
1850
+ }>;
1851
+ } | undefined;
1852
+ [claims: string]: unknown;
1853
+ }
1854
+ interface TwitterOption extends ProviderOptions<TwitterProfile> {
1855
+ clientId: string;
1856
+ }
1857
+ declare const twitter: (options: TwitterOption) => {
1858
+ id: "twitter";
1859
+ name: string;
1860
+ createAuthorizationURL(data: {
1861
+ state: string;
1862
+ codeVerifier: string;
1863
+ scopes?: string[] | undefined;
1864
+ redirectURI: string;
1865
+ display?: string | undefined;
1866
+ loginHint?: string | undefined;
1867
+ }): Promise<url.URL>;
1868
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
1869
+ code: string;
1870
+ redirectURI: string;
1871
+ codeVerifier?: string | undefined;
1872
+ deviceId?: string | undefined;
1873
+ }) => Promise<OAuth2Tokens>;
1874
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1875
+ getUserInfo(token: OAuth2Tokens & {
1876
+ user?: {
1877
+ name?: {
1878
+ firstName?: string;
1879
+ lastName?: string;
1880
+ };
1881
+ email?: string;
1882
+ } | undefined;
1883
+ }): Promise<{
1884
+ user: {
1885
+ id: string;
1886
+ name?: string;
1887
+ email?: string | null;
1888
+ image?: string;
1889
+ emailVerified: boolean;
1890
+ [key: string]: any;
1891
+ };
1892
+ data: any;
1893
+ } | null>;
1894
+ options: TwitterOption;
1895
+ };
1896
+
1897
+ /**
1898
+ * @see https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#requesting-claims
1899
+ */
1900
+ interface TwitchProfile {
1901
+ /**
1902
+ * The sub of the user
1903
+ */
1904
+ sub: string;
1905
+ /**
1906
+ * The preferred username of the user
1907
+ */
1908
+ preferred_username: string;
1909
+ /**
1910
+ * The email of the user
1911
+ */
1912
+ email: string;
1913
+ /**
1914
+ * Indicate if this user has a verified email.
1915
+ */
1916
+ email_verified: boolean;
1917
+ /**
1918
+ * The picture of the user
1919
+ */
1920
+ picture: string;
1921
+ }
1922
+ interface TwitchOptions extends ProviderOptions<TwitchProfile> {
1923
+ clientId: string;
1924
+ claims?: string[] | undefined;
1925
+ }
1926
+ declare const twitch: (options: TwitchOptions) => {
1927
+ id: "twitch";
1928
+ name: string;
1929
+ createAuthorizationURL({ state, scopes, redirectURI }: {
1930
+ state: string;
1931
+ codeVerifier: string;
1932
+ scopes?: string[] | undefined;
1933
+ redirectURI: string;
1934
+ display?: string | undefined;
1935
+ loginHint?: string | undefined;
1936
+ }): Promise<url.URL>;
1937
+ validateAuthorizationCode: ({ code, redirectURI }: {
1938
+ code: string;
1939
+ redirectURI: string;
1940
+ codeVerifier?: string | undefined;
1941
+ deviceId?: string | undefined;
1942
+ }) => Promise<OAuth2Tokens>;
1943
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1944
+ getUserInfo(token: OAuth2Tokens & {
1945
+ user?: {
1946
+ name?: {
1947
+ firstName?: string;
1948
+ lastName?: string;
1949
+ };
1950
+ email?: string;
1951
+ } | undefined;
1952
+ }): Promise<{
1953
+ user: {
1954
+ id: string;
1955
+ name?: string;
1956
+ email?: string | null;
1957
+ image?: string;
1958
+ emailVerified: boolean;
1959
+ [key: string]: any;
1960
+ };
1961
+ data: any;
1962
+ } | null>;
1963
+ options: TwitchOptions;
1964
+ };
1965
+
1966
+ interface SpotifyProfile {
1967
+ id: string;
1968
+ display_name: string;
1969
+ email: string;
1970
+ images: {
1971
+ url: string;
1972
+ }[];
1973
+ }
1974
+ interface SpotifyOptions extends ProviderOptions<SpotifyProfile> {
1975
+ clientId: string;
1976
+ }
1977
+ declare const spotify: (options: SpotifyOptions) => {
1978
+ id: "spotify";
1979
+ name: string;
1980
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
1981
+ state: string;
1982
+ codeVerifier: string;
1983
+ scopes?: string[] | undefined;
1984
+ redirectURI: string;
1985
+ display?: string | undefined;
1986
+ loginHint?: string | undefined;
1987
+ }): Promise<url.URL>;
1988
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
1989
+ code: string;
1990
+ redirectURI: string;
1991
+ codeVerifier?: string | undefined;
1992
+ deviceId?: string | undefined;
1993
+ }) => Promise<OAuth2Tokens>;
1994
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
1995
+ getUserInfo(token: OAuth2Tokens & {
1996
+ user?: {
1997
+ name?: {
1998
+ firstName?: string;
1999
+ lastName?: string;
2000
+ };
2001
+ email?: string;
2002
+ } | undefined;
2003
+ }): Promise<{
2004
+ user: {
2005
+ id: string;
2006
+ name?: string;
2007
+ email?: string | null;
2008
+ image?: string;
2009
+ emailVerified: boolean;
2010
+ [key: string]: any;
2011
+ };
2012
+ data: any;
2013
+ } | null>;
2014
+ options: SpotifyOptions;
2015
+ };
2016
+
2017
+ interface SlackProfile extends Record<string, any> {
2018
+ ok: boolean;
2019
+ sub: string;
2020
+ "https://slack.com/user_id": string;
2021
+ "https://slack.com/team_id": string;
2022
+ email: string;
2023
+ email_verified: boolean;
2024
+ date_email_verified: number;
2025
+ name: string;
2026
+ picture: string;
2027
+ given_name: string;
2028
+ family_name: string;
2029
+ locale: string;
2030
+ "https://slack.com/team_name": string;
2031
+ "https://slack.com/team_domain": string;
2032
+ "https://slack.com/user_image_24": string;
2033
+ "https://slack.com/user_image_32": string;
2034
+ "https://slack.com/user_image_48": string;
2035
+ "https://slack.com/user_image_72": string;
2036
+ "https://slack.com/user_image_192": string;
2037
+ "https://slack.com/user_image_512": string;
2038
+ "https://slack.com/team_image_34": string;
2039
+ "https://slack.com/team_image_44": string;
2040
+ "https://slack.com/team_image_68": string;
2041
+ "https://slack.com/team_image_88": string;
2042
+ "https://slack.com/team_image_102": string;
2043
+ "https://slack.com/team_image_132": string;
2044
+ "https://slack.com/team_image_230": string;
2045
+ "https://slack.com/team_image_default": boolean;
2046
+ }
2047
+ interface SlackOptions extends ProviderOptions<SlackProfile> {
2048
+ clientId: string;
2049
+ }
2050
+ declare const slack: (options: SlackOptions) => {
2051
+ id: "slack";
2052
+ name: string;
2053
+ createAuthorizationURL({ state, scopes, redirectURI }: {
2054
+ state: string;
2055
+ codeVerifier: string;
2056
+ scopes?: string[] | undefined;
2057
+ redirectURI: string;
2058
+ display?: string | undefined;
2059
+ loginHint?: string | undefined;
2060
+ }): url.URL;
2061
+ validateAuthorizationCode: ({ code, redirectURI }: {
2062
+ code: string;
2063
+ redirectURI: string;
2064
+ codeVerifier?: string | undefined;
2065
+ deviceId?: string | undefined;
2066
+ }) => Promise<OAuth2Tokens>;
2067
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2068
+ getUserInfo(token: OAuth2Tokens & {
2069
+ user?: {
2070
+ name?: {
2071
+ firstName?: string;
2072
+ lastName?: string;
2073
+ };
2074
+ email?: string;
2075
+ } | undefined;
2076
+ }): Promise<{
2077
+ user: {
2078
+ id: string;
2079
+ name?: string;
2080
+ email?: string | null;
2081
+ image?: string;
2082
+ emailVerified: boolean;
2083
+ [key: string]: any;
2084
+ };
2085
+ data: any;
2086
+ } | null>;
2087
+ options: SlackOptions;
2088
+ };
2089
+
2090
+ interface HuggingFaceProfile {
2091
+ sub: string;
2092
+ name: string;
2093
+ preferred_username: string;
2094
+ profile: string;
2095
+ picture: string;
2096
+ website?: string | undefined;
2097
+ email?: string | undefined;
2098
+ email_verified?: boolean | undefined;
2099
+ isPro: boolean;
2100
+ canPay?: boolean | undefined;
2101
+ orgs?: {
2102
+ sub: string;
2103
+ name: string;
2104
+ picture: string;
2105
+ preferred_username: string;
2106
+ isEnterprise: boolean | "plus";
2107
+ canPay?: boolean;
2108
+ roleInOrg?: "admin" | "write" | "contributor" | "read";
2109
+ pendingSSO?: boolean;
2110
+ missingMFA?: boolean;
2111
+ resourceGroups?: {
2112
+ sub: string;
2113
+ name: string;
2114
+ role: "admin" | "write" | "contributor" | "read";
2115
+ }[];
2116
+ } | undefined;
2117
+ }
2118
+ interface HuggingFaceOptions extends ProviderOptions<HuggingFaceProfile> {
2119
+ clientId: string;
2120
+ }
2121
+ declare const huggingface: (options: HuggingFaceOptions) => {
2122
+ id: "huggingface";
2123
+ name: string;
2124
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
2125
+ state: string;
2126
+ codeVerifier: string;
2127
+ scopes?: string[] | undefined;
2128
+ redirectURI: string;
2129
+ display?: string | undefined;
2130
+ loginHint?: string | undefined;
2131
+ }): Promise<url.URL>;
2132
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
2133
+ code: string;
2134
+ redirectURI: string;
2135
+ codeVerifier?: string | undefined;
2136
+ deviceId?: string | undefined;
2137
+ }) => Promise<OAuth2Tokens>;
2138
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2139
+ getUserInfo(token: OAuth2Tokens & {
2140
+ user?: {
2141
+ name?: {
2142
+ firstName?: string;
2143
+ lastName?: string;
2144
+ };
2145
+ email?: string;
2146
+ } | undefined;
2147
+ }): Promise<{
2148
+ user: {
2149
+ id: string;
2150
+ name?: string;
2151
+ email?: string | null;
2152
+ image?: string;
2153
+ emailVerified: boolean;
2154
+ [key: string]: any;
2155
+ };
2156
+ data: any;
2157
+ } | null>;
2158
+ options: HuggingFaceOptions;
2159
+ };
2160
+
2161
+ /**
2162
+ * Google OpenID Connect ID-token claims used by the Google social provider.
2163
+ * @see https://developers.google.com/identity/openid-connect/openid-connect#an-id-tokens-payload
2164
+ */
2165
+ interface GoogleProfile {
2166
+ aud: string;
2167
+ azp: string;
2168
+ email: string;
2169
+ email_verified: boolean;
2170
+ exp: number;
2171
+ /**
2172
+ * The family name of the user, or last name in most
2173
+ * Western languages.
2174
+ */
2175
+ family_name: string;
2176
+ /**
2177
+ * The given name of the user, or first name in most
2178
+ * Western languages.
2179
+ */
2180
+ given_name: string;
2181
+ hd?: string | undefined;
2182
+ iat: number;
2183
+ iss: string;
2184
+ jti?: string | undefined;
2185
+ locale?: string | undefined;
2186
+ name: string;
2187
+ nbf?: number | undefined;
2188
+ picture: string;
2189
+ sub: string;
2190
+ }
2191
+ /**
2192
+ * Configuration for the Google OAuth / OpenID Connect provider.
2193
+ */
2194
+ interface GoogleOptions extends ProviderOptions<GoogleProfile> {
2195
+ clientId: string | string[];
2196
+ /**
2197
+ * The access type to use for the authorization code request.
2198
+ * Use `offline` to receive a refresh token.
2199
+ */
2200
+ accessType?: ('offline' | 'online') | undefined;
2201
+ /**
2202
+ * The display mode to use for the authorization code request.
2203
+ */
2204
+ display?: ('page' | 'popup' | 'touch' | 'wap') | undefined;
2205
+ /**
2206
+ * Hosted domain (Google Workspace) the user must belong to.
2207
+ *
2208
+ * Sent as the `hd` authorization hint and enforced against the ID token
2209
+ * `hd` claim. Use `"*"` to require any Workspace domain.
2210
+ */
2211
+ hd?: string | undefined;
2212
+ }
2213
+ /** Inputs for {@link verifyGoogleIdToken}. */
2214
+ interface VerifyGoogleIdTokenOptions {
2215
+ token: string;
2216
+ audience: string | string[];
2217
+ nonce?: string | undefined;
2218
+ }
2219
+
2220
+ /**
2221
+ * Microsoft personal (consumer) account tenant id.
2222
+ * @see https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference
2223
+ */
2224
+ declare const MICROSOFT_CONSUMER_TENANT_ID = "9188040d-6c67-4c5b-b112-36a304b66dad";
2225
+ interface MicrosoftEntraIDProfile extends Record<string, any> {
2226
+ /** Identifies the intended recipient of the token */
2227
+ aud: string;
2228
+ /** Identifies the issuer, or "authorization server" that constructs and returns the token */
2229
+ iss: string;
2230
+ /** Indicates when the authentication for the token occurred */
2231
+ iat: Date;
2232
+ /** Records the identity provider that authenticated the subject of the token */
2233
+ idp: string;
2234
+ /** Identifies the time before which the JWT can't be accepted for processing */
2235
+ nbf: Date;
2236
+ /** Identifies the expiration time on or after which the JWT can't be accepted for processing */
2237
+ exp: Date;
2238
+ /** Code hash included in ID tokens when issued with an OAuth 2.0 authorization code */
2239
+ c_hash: string;
2240
+ /** Access token hash included in ID tokens when issued with an OAuth 2.0 access token */
2241
+ at_hash: string;
2242
+ /** Internal claim used to record data for token reuse */
2243
+ aio: string;
2244
+ /** The primary username that represents the user */
2245
+ preferred_username: string;
2246
+ /** User's email address */
2247
+ email?: string;
2248
+ /** Human-readable value that identifies the subject of the token */
2249
+ name: string;
2250
+ /** Matches the parameter included in the original authorize request */
2251
+ nonce: string;
2252
+ /** User's profile picture */
2253
+ picture: string;
2254
+ /** Immutable identifier for the user account */
2255
+ oid: string;
2256
+ /** Set of roles assigned to the user */
2257
+ roles: string[];
2258
+ /** Internal claim used to revalidate tokens */
2259
+ rh: string;
2260
+ /** Subject identifier - unique to application ID */
2261
+ sub: string;
2262
+ /** Tenant ID the user is signing in to */
2263
+ tid: string;
2264
+ /** Unique identifier for a session */
2265
+ sid: string;
2266
+ /** Token identifier claim */
2267
+ uti: string;
2268
+ /** Indicates if user is in at least one group */
2269
+ hasgroups: boolean;
2270
+ /** User account status in tenant (0 = member, 1 = guest) */
2271
+ acct: 0 | 1;
2272
+ /** Auth Context IDs */
2273
+ acrs: string;
2274
+ /** Time when the user last authenticated */
2275
+ auth_time: Date;
2276
+ /** User's country/region */
2277
+ ctry: string;
2278
+ /** IP address of requesting client when inside VNET */
2279
+ fwd: string;
2280
+ /** Group claims */
2281
+ groups: string;
2282
+ /** Login hint for SSO */
2283
+ login_hint: string;
2284
+ /** Resource tenant's country/region */
2285
+ tenant_ctry: string;
2286
+ /** Region of the resource tenant */
2287
+ tenant_region_scope: string;
2288
+ /** UserPrincipalName */
2289
+ upn: string;
2290
+ /** User's verified primary email addresses */
2291
+ verified_primary_email: string[];
2292
+ /** User's verified secondary email addresses */
2293
+ verified_secondary_email: string[];
2294
+ /** Whether the user's email is verified (optional claim, must be configured in app registration) */
2295
+ email_verified?: boolean | undefined;
2296
+ /** VNET specifier information */
2297
+ vnet: string;
2298
+ /** Client Capabilities */
2299
+ xms_cc: string;
2300
+ /** Whether user's email domain is verified */
2301
+ xms_edov: boolean;
2302
+ /** Preferred data location for Multi-Geo tenants */
2303
+ xms_pdl: string;
2304
+ /** User preferred language */
2305
+ xms_pl: string;
2306
+ /** Tenant preferred language */
2307
+ xms_tpl: string;
2308
+ /** Zero-touch Deployment ID */
2309
+ ztdid: string;
2310
+ /** IP Address */
2311
+ ipaddr: string;
2312
+ /** On-premises Security Identifier */
2313
+ onprem_sid: string;
2314
+ /** Password Expiration Time */
2315
+ pwd_exp: number;
2316
+ /** Change Password URL */
2317
+ pwd_url: string;
2318
+ /** Inside Corporate Network flag */
2319
+ in_corp: string;
2320
+ /** User's family name/surname */
2321
+ family_name: string;
2322
+ /** User's given/first name */
2323
+ given_name: string;
2324
+ }
2325
+ interface MicrosoftOptions extends ProviderOptions<MicrosoftEntraIDProfile> {
2326
+ clientId: string | string[];
2327
+ /**
2328
+ * The tenant ID of the Microsoft account
2329
+ * @default "common"
2330
+ */
2331
+ tenantId?: string | undefined;
2332
+ /**
2333
+ * The authentication authority URL. Use the default "https://login.microsoftonline.com" for standard Entra ID or "https://<tenant-id>.ciamlogin.com" for CIAM scenarios.
2334
+ * @default "https://login.microsoftonline.com"
2335
+ */
2336
+ authority?: string | undefined;
2337
+ /**
2338
+ * The size of the profile photo
2339
+ * @default 48
2340
+ */
2341
+ profilePhotoSize?: (48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648) | undefined;
2342
+ /**
2343
+ * Disable profile photo
2344
+ */
2345
+ disableProfilePhoto?: boolean | undefined;
2346
+ }
2347
+
2348
+ interface GithubProfile {
2349
+ login: string;
2350
+ id: string;
2351
+ node_id: string;
2352
+ avatar_url: string;
2353
+ gravatar_id: string;
2354
+ url: string;
2355
+ html_url: string;
2356
+ followers_url: string;
2357
+ following_url: string;
2358
+ gists_url: string;
2359
+ starred_url: string;
2360
+ subscriptions_url: string;
2361
+ organizations_url: string;
2362
+ repos_url: string;
2363
+ events_url: string;
2364
+ received_events_url: string;
2365
+ type: string;
2366
+ site_admin: boolean;
2367
+ name: string;
2368
+ company: string;
2369
+ blog: string;
2370
+ location: string;
2371
+ email: string | null;
2372
+ hireable: boolean;
2373
+ bio: string;
2374
+ twitter_username: string;
2375
+ public_repos: string;
2376
+ public_gists: string;
2377
+ followers: string;
2378
+ following: string;
2379
+ created_at: string;
2380
+ updated_at: string;
2381
+ private_gists: string;
2382
+ total_private_repos: string;
2383
+ owned_private_repos: string;
2384
+ disk_usage: string;
2385
+ collaborators: string;
2386
+ two_factor_authentication: boolean;
2387
+ plan: {
2388
+ name: string;
2389
+ space: string;
2390
+ private_repos: string;
2391
+ collaborators: string;
2392
+ };
2393
+ }
2394
+ interface GithubOptions extends ProviderOptions<GithubProfile> {
2395
+ clientId: string;
2396
+ }
2397
+ declare const github: (options: GithubOptions) => {
2398
+ id: "github";
2399
+ name: string;
2400
+ createAuthorizationURL({ state, scopes, loginHint, codeVerifier, redirectURI, }: {
2401
+ state: string;
2402
+ codeVerifier: string;
2403
+ scopes?: string[] | undefined;
2404
+ redirectURI: string;
2405
+ display?: string | undefined;
2406
+ loginHint?: string | undefined;
2407
+ }): Promise<url.URL>;
2408
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
2409
+ code: string;
2410
+ redirectURI: string;
2411
+ codeVerifier?: string | undefined;
2412
+ deviceId?: string | undefined;
2413
+ }) => Promise<OAuth2Tokens | null>;
2414
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2415
+ getUserInfo(token: OAuth2Tokens & {
2416
+ user?: {
2417
+ name?: {
2418
+ firstName?: string;
2419
+ lastName?: string;
2420
+ };
2421
+ email?: string;
2422
+ } | undefined;
2423
+ }): Promise<{
2424
+ user: {
2425
+ id: string;
2426
+ name?: string;
2427
+ email?: string | null;
2428
+ image?: string;
2429
+ emailVerified: boolean;
2430
+ [key: string]: any;
2431
+ };
2432
+ data: any;
2433
+ } | null>;
2434
+ options: GithubOptions;
2435
+ };
2436
+
2437
+ interface FigmaProfile {
2438
+ id: string;
2439
+ email: string;
2440
+ handle: string;
2441
+ img_url: string;
2442
+ }
2443
+ interface FigmaOptions extends ProviderOptions<FigmaProfile> {
2444
+ clientId: string;
2445
+ }
2446
+ declare const figma: (options: FigmaOptions) => {
2447
+ id: "figma";
2448
+ name: string;
2449
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
2450
+ state: string;
2451
+ codeVerifier: string;
2452
+ scopes?: string[] | undefined;
2453
+ redirectURI: string;
2454
+ display?: string | undefined;
2455
+ loginHint?: string | undefined;
2456
+ }): Promise<url.URL>;
2457
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
2458
+ code: string;
2459
+ redirectURI: string;
2460
+ codeVerifier?: string | undefined;
2461
+ deviceId?: string | undefined;
2462
+ }) => Promise<OAuth2Tokens>;
2463
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2464
+ getUserInfo(token: OAuth2Tokens & {
2465
+ user?: {
2466
+ name?: {
2467
+ firstName?: string;
2468
+ lastName?: string;
2469
+ };
2470
+ email?: string;
2471
+ } | undefined;
2472
+ }): Promise<{
2473
+ user: {
2474
+ id: string;
2475
+ name?: string;
2476
+ email?: string | null;
2477
+ image?: string;
2478
+ emailVerified: boolean;
2479
+ [key: string]: any;
2480
+ };
2481
+ data: any;
2482
+ } | null>;
2483
+ options: FigmaOptions;
2484
+ };
2485
+
2486
+ /**
2487
+ * Facebook Graph API user profile fields used by the OAuth provider.
2488
+ * @see https://developers.facebook.com/docs/graph-api/reference/user
2489
+ */
2490
+ interface FacebookProfile {
2491
+ id: string;
2492
+ name: string;
2493
+ email?: string;
2494
+ email_verified?: boolean;
2495
+ picture: {
2496
+ data: {
2497
+ height: number;
2498
+ is_silhouette: boolean;
2499
+ url: string;
2500
+ width: number;
2501
+ };
2502
+ };
2503
+ }
2504
+ /**
2505
+ * Configuration for the Facebook social provider.
2506
+ */
2507
+ interface FacebookOptions extends ProviderOptions<FacebookProfile> {
2508
+ clientId: string | string[];
2509
+ /**
2510
+ * Extend list of fields to retrieve from the Facebook user profile.
2511
+ *
2512
+ * @default ["id", "name", "email", "picture"]
2513
+ */
2514
+ fields?: string[] | undefined;
2515
+ /**
2516
+ * The config id to use when undergoing oauth
2517
+ */
2518
+ configId?: string | undefined;
2519
+ }
2520
+
2521
+ interface DiscordProfile extends Record<string, any> {
2522
+ /** the user's id (i.e. the numerical snowflake) */
2523
+ id: string;
2524
+ /** the user's username, not unique across the platform */
2525
+ username: string;
2526
+ /** the user's Discord-tag */
2527
+ discriminator: string;
2528
+ /** the user's display name, if it is set */
2529
+ global_name: string | null;
2530
+ /**
2531
+ * the user's avatar hash:
2532
+ * https://discord.com/developers/docs/reference#image-formatting
2533
+ */
2534
+ avatar: string | null;
2535
+ /** whether the user belongs to an OAuth2 application */
2536
+ bot?: boolean | undefined;
2537
+ /**
2538
+ * whether the user is an Official Discord System user (part of the urgent
2539
+ * message system)
2540
+ */
2541
+ system?: boolean | undefined;
2542
+ /** whether the user has two factor enabled on their account */
2543
+ mfa_enabled: boolean;
2544
+ /**
2545
+ * the user's banner hash:
2546
+ * https://discord.com/developers/docs/reference#image-formatting
2547
+ */
2548
+ banner: string | null;
2549
+ /** the user's banner color encoded as an integer representation of hexadecimal color code */
2550
+ accent_color: number | null;
2551
+ /**
2552
+ * the user's chosen language option:
2553
+ * https://discord.com/developers/docs/reference#locales
2554
+ */
2555
+ locale: string;
2556
+ /** whether the email on this account has been verified */
2557
+ verified: boolean;
2558
+ /** the user's email */
2559
+ email?: string | null;
2560
+ /**
2561
+ * the flags on a user's account:
2562
+ * https://discord.com/developers/docs/resources/user#user-object-user-flags
2563
+ */
2564
+ flags: number;
2565
+ /**
2566
+ * the type of Nitro subscription on a user's account:
2567
+ * https://discord.com/developers/docs/resources/user#user-object-premium-types
2568
+ */
2569
+ premium_type: number;
2570
+ /**
2571
+ * the public flags on a user's account:
2572
+ * https://discord.com/developers/docs/resources/user#user-object-user-flags
2573
+ */
2574
+ public_flags: number;
2575
+ /** undocumented field; corresponds to the user's custom nickname */
2576
+ display_name: string | null;
2577
+ /**
2578
+ * undocumented field; corresponds to the Discord feature where you can e.g.
2579
+ * put your avatar inside of an ice cube
2580
+ */
2581
+ avatar_decoration: string | null;
2582
+ /**
2583
+ * undocumented field; corresponds to the premium feature where you can
2584
+ * select a custom banner color
2585
+ */
2586
+ banner_color: string | null;
2587
+ /** undocumented field; the CDN URL of their profile picture */
2588
+ image_url: string;
2589
+ }
2590
+ interface DiscordOptions extends ProviderOptions<DiscordProfile> {
2591
+ clientId: string;
2592
+ prompt?: ("none" | "consent") | undefined;
2593
+ permissions?: number | undefined;
2594
+ }
2595
+ declare const discord: (options: DiscordOptions) => {
2596
+ id: "discord";
2597
+ name: string;
2598
+ createAuthorizationURL({ state, scopes, redirectURI }: {
2599
+ state: string;
2600
+ codeVerifier: string;
2601
+ scopes?: string[] | undefined;
2602
+ redirectURI: string;
2603
+ display?: string | undefined;
2604
+ loginHint?: string | undefined;
2605
+ }): url.URL;
2606
+ validateAuthorizationCode: ({ code, redirectURI }: {
2607
+ code: string;
2608
+ redirectURI: string;
2609
+ codeVerifier?: string | undefined;
2610
+ deviceId?: string | undefined;
2611
+ }) => Promise<OAuth2Tokens>;
2612
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2613
+ getUserInfo(token: OAuth2Tokens & {
2614
+ user?: {
2615
+ name?: {
2616
+ firstName?: string;
2617
+ lastName?: string;
2618
+ };
2619
+ email?: string;
2620
+ } | undefined;
2621
+ }): Promise<{
2622
+ user: {
2623
+ id: string;
2624
+ name?: string;
2625
+ email?: string | null;
2626
+ image?: string;
2627
+ emailVerified: boolean;
2628
+ [key: string]: any;
2629
+ };
2630
+ data: any;
2631
+ } | null>;
2632
+ options: DiscordOptions;
2633
+ };
2634
+
2635
+ /**
2636
+ * Amazon Cognito User Pool ID-token / userinfo claims.
2637
+ * Custom attributes may appear as additional string keys.
2638
+ */
2639
+ interface CognitoProfile {
2640
+ sub: string;
2641
+ email: string;
2642
+ email_verified: boolean;
2643
+ name: string;
2644
+ given_name?: string | undefined;
2645
+ family_name?: string | undefined;
2646
+ picture?: string | undefined;
2647
+ username?: string | undefined;
2648
+ locale?: string | undefined;
2649
+ phone_number?: string | undefined;
2650
+ phone_number_verified?: boolean | undefined;
2651
+ aud: string;
2652
+ iss: string;
2653
+ exp: number;
2654
+ iat: number;
2655
+ [key: string]: any;
2656
+ }
2657
+ interface CognitoOptions extends ProviderOptions<CognitoProfile> {
2658
+ clientId: string | string[];
2659
+ /**
2660
+ * The Cognito domain (e.g., "your-app.auth.us-east-1.amazoncognito.com")
2661
+ */
2662
+ domain: string;
2663
+ /**
2664
+ * AWS region where User Pool is hosted (e.g., "us-east-1")
2665
+ */
2666
+ region: string;
2667
+ userPoolId: string;
2668
+ requireClientSecret?: boolean | undefined;
2669
+ }
2670
+
2671
+ /**
2672
+ * Standard OIDC-style profile claims returned by an Athena identity provider.
2673
+ *
2674
+ * Field names follow common OIDC claim names so Athena Auth can stay compatible
2675
+ * with generic OIDC clients while remaining first-class in this SDK.
2676
+ */
2677
+ interface AthenaProfile {
2678
+ sub: string;
2679
+ email?: string | undefined;
2680
+ email_verified?: boolean | undefined;
2681
+ name?: string | undefined;
2682
+ given_name?: string | undefined;
2683
+ family_name?: string | undefined;
2684
+ preferred_username?: string | undefined;
2685
+ picture?: string | undefined;
2686
+ locale?: string | undefined;
2687
+ updated_at?: number | undefined;
2688
+ iss?: string | undefined;
2689
+ aud?: string | string[] | undefined;
2690
+ exp?: number | undefined;
2691
+ iat?: number | undefined;
2692
+ [key: string]: unknown;
2693
+ }
2694
+ interface AthenaOptions extends ProviderOptions<AthenaProfile> {
2695
+ clientId: string;
2696
+ /**
2697
+ * Base issuer URL for the Athena identity provider
2698
+ * (e.g. `https://auth.example.com` or a tenant-specific auth root).
2699
+ *
2700
+ * Defaults for authorization, token, userinfo, and JWKS endpoints are
2701
+ * derived from this issuer when the explicit endpoint overrides are omitted.
2702
+ */
2703
+ issuer?: string | undefined;
2704
+ /**
2705
+ * Override the authorization endpoint. Defaults to `{issuer}/oauth2/authorize`.
2706
+ */
2707
+ authorizationEndpoint?: string | undefined;
2708
+ /**
2709
+ * Override the token endpoint. Defaults to `{issuer}/oauth2/token`.
2710
+ */
2711
+ tokenEndpoint?: string | undefined;
2712
+ /**
2713
+ * Override the userinfo endpoint. Defaults to `{issuer}/oauth2/userinfo`.
2714
+ */
2715
+ userInfoEndpoint?: string | undefined;
2716
+ }
2717
+ /**
2718
+ * Athena first-party OAuth / OIDC social provider factory.
2719
+ *
2720
+ * Athena Auth will expose an Athena identity provider; this client module is
2721
+ * ready so apps can configure `socialProviders.athena` the same way as Google,
2722
+ * GitHub, etc. Defaults endpoints to `{issuer}/oauth2/authorize|token|userinfo`.
2723
+ *
2724
+ * @param options - Client credentials and issuer (or full endpoint overrides)
2725
+ */
2726
+ declare const athena: (options: AthenaOptions) => {
2727
+ id: "athena";
2728
+ name: string;
2729
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, display, }: {
2730
+ state: string;
2731
+ codeVerifier: string;
2732
+ scopes?: string[] | undefined;
2733
+ redirectURI: string;
2734
+ display?: string | undefined;
2735
+ loginHint?: string | undefined;
2736
+ }): Promise<url.URL>;
2737
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI, }: {
2738
+ code: string;
2739
+ redirectURI: string;
2740
+ codeVerifier?: string | undefined;
2741
+ deviceId?: string | undefined;
2742
+ }) => Promise<OAuth2Tokens>;
2743
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2744
+ getUserInfo(token: OAuth2Tokens & {
2745
+ user?: {
2746
+ name?: {
2747
+ firstName?: string;
2748
+ lastName?: string;
2749
+ };
2750
+ email?: string;
2751
+ } | undefined;
2752
+ }): Promise<{
2753
+ user: {
2754
+ id: string;
2755
+ name?: string;
2756
+ email?: string | null;
2757
+ image?: string;
2758
+ emailVerified: boolean;
2759
+ [key: string]: any;
2760
+ };
2761
+ data: any;
2762
+ } | null>;
2763
+ options: AthenaOptions;
2764
+ };
2765
+
2766
+ interface AtlassianProfile {
2767
+ account_type?: string | undefined;
2768
+ account_id: string;
2769
+ email?: string | undefined;
2770
+ name: string;
2771
+ picture?: string | undefined;
2772
+ nickname?: string | undefined;
2773
+ locale?: string | undefined;
2774
+ extended_profile?: {
2775
+ job_title?: string;
2776
+ organization?: string;
2777
+ department?: string;
2778
+ location?: string;
2779
+ } | undefined;
2780
+ }
2781
+ interface AtlassianOptions extends ProviderOptions<AtlassianProfile> {
2782
+ clientId: string;
2783
+ }
2784
+ declare const atlassian: (options: AtlassianOptions) => {
2785
+ id: "atlassian";
2786
+ name: string;
2787
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
2788
+ state: string;
2789
+ codeVerifier: string;
2790
+ scopes?: string[] | undefined;
2791
+ redirectURI: string;
2792
+ display?: string | undefined;
2793
+ loginHint?: string | undefined;
2794
+ }): Promise<url.URL>;
2795
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
2796
+ code: string;
2797
+ redirectURI: string;
2798
+ codeVerifier?: string | undefined;
2799
+ deviceId?: string | undefined;
2800
+ }) => Promise<OAuth2Tokens>;
2801
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2802
+ getUserInfo(token: OAuth2Tokens & {
2803
+ user?: {
2804
+ name?: {
2805
+ firstName?: string;
2806
+ lastName?: string;
2807
+ };
2808
+ email?: string;
2809
+ } | undefined;
2810
+ }): Promise<{
2811
+ user: {
2812
+ id: string;
2813
+ name?: string;
2814
+ email?: string | null;
2815
+ image?: string;
2816
+ emailVerified: boolean;
2817
+ [key: string]: any;
2818
+ };
2819
+ data: any;
2820
+ } | null>;
2821
+ options: AtlassianOptions;
2822
+ };
2823
+
2824
+ /**
2825
+ * Claims from a Sign in with Apple identity token (`id_token`).
2826
+ * @see https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple
2827
+ */
2828
+ interface AppleProfile {
2829
+ /**
2830
+ * The subject registered claim identifies the principal that’s the subject
2831
+ * of the identity token. Because this token is for your app, the value is
2832
+ * the unique identifier for the user.
2833
+ */
2834
+ sub: string;
2835
+ /**
2836
+ * A String value representing the user's email address.
2837
+ * The email address is either the user's real email address or the proxy
2838
+ * address, depending on their status private email relay service.
2839
+ */
2840
+ email?: string;
2841
+ /**
2842
+ * A string or Boolean value that indicates whether the service verifies
2843
+ * the email. The value can either be a string ("true" or "false") or a
2844
+ * Boolean (true or false). The system may not verify email addresses for
2845
+ * Sign in with Apple at Work & School users, and this claim is "false" or
2846
+ * false for those users.
2847
+ */
2848
+ email_verified: true | "true";
2849
+ /**
2850
+ * A string or Boolean value that indicates whether the email that the user
2851
+ * shares is the proxy address. The value can either be a string ("true" or
2852
+ * "false") or a Boolean (true or false).
2853
+ */
2854
+ is_private_email: boolean;
2855
+ /**
2856
+ * An Integer value that indicates whether the user appears to be a real
2857
+ * person. Use the value of this claim to mitigate fraud. The possible
2858
+ * values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal). For
2859
+ * more information, see ASUserDetectionStatus. This claim is present only
2860
+ * in iOS 14 and later, macOS 11 and later, watchOS 7 and later, tvOS 14
2861
+ * and later. The claim isn’t present or supported for web-based apps.
2862
+ */
2863
+ real_user_status: number;
2864
+ /**
2865
+ * The user’s full name in the format provided during the authorization
2866
+ * process.
2867
+ */
2868
+ name: string;
2869
+ /**
2870
+ * The URL to the user's profile picture.
2871
+ */
2872
+ picture: string;
2873
+ user?: AppleNonConformUser | undefined;
2874
+ }
2875
+ /**
2876
+ * Shape of the `user` field Apple returns **only on first consent**.
2877
+ *
2878
+ * After authorize (`GET https://appleid.apple.com/auth/authorize`), Apple may
2879
+ * include a JSON `user` parameter with name/email when those scopes were
2880
+ * requested. Subsequent authorizations omit this payload — persist it server-side.
2881
+ *
2882
+ * Name is **not** included in the identity token; validate/sanitize before storage.
2883
+ *
2884
+ * @see https://developer.apple.com/documentation/signinwithapplerestapi/request-an-authorization-to-the-sign-in-with-apple-server
2885
+ */
2886
+ interface AppleNonConformUser {
2887
+ /** Given / family name shared on first consent when the `name` scope was used. */
2888
+ name: {
2889
+ firstName: string;
2890
+ lastName: string;
2891
+ };
2892
+ /** Email shared on first consent when the `email` scope was used. */
2893
+ email: string;
2894
+ }
2895
+ /**
2896
+ * Configuration for the Sign in with Apple social provider.
2897
+ */
2898
+ interface AppleOptions extends ProviderOptions<AppleProfile> {
2899
+ clientId: string | string[];
2900
+ /**
2901
+ * Native app bundle identifier used as JWT audience when verifying
2902
+ * tokens issued to the mobile app (instead of the Services ID).
2903
+ */
2904
+ appBundleIdentifier?: string | undefined;
2905
+ /**
2906
+ * Explicit JWT audience override. Defaults to `appBundleIdentifier` or `clientId`.
2907
+ */
2908
+ audience?: (string | string[]) | undefined;
2909
+ }
2910
+
2911
+ /**
2912
+ * Built-in social / OAuth provider factories (Better Auth–compatible shape).
2913
+ * Includes first-party `athena` for the upcoming Athena Auth identity provider.
2914
+ */
2915
+ declare const socialProviders: {
2916
+ apple: (options: AppleOptions) => {
2917
+ id: "apple";
2918
+ name: string;
2919
+ createAuthorizationURL({ state, scopes, redirectURI }: {
2920
+ state: string;
2921
+ codeVerifier: string;
2922
+ scopes?: string[] | undefined;
2923
+ redirectURI: string;
2924
+ display?: string | undefined;
2925
+ loginHint?: string | undefined;
2926
+ }): Promise<url.URL>;
2927
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
2928
+ code: string;
2929
+ redirectURI: string;
2930
+ codeVerifier?: string | undefined;
2931
+ deviceId?: string | undefined;
2932
+ }) => Promise<OAuth2Tokens>;
2933
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
2934
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2935
+ getUserInfo(token: OAuth2Tokens & {
2936
+ user?: {
2937
+ name?: {
2938
+ firstName?: string;
2939
+ lastName?: string;
2940
+ };
2941
+ email?: string;
2942
+ } | undefined;
2943
+ }): Promise<{
2944
+ user: {
2945
+ id: string;
2946
+ name?: string;
2947
+ email?: string | null;
2948
+ image?: string;
2949
+ emailVerified: boolean;
2950
+ [key: string]: any;
2951
+ };
2952
+ data: any;
2953
+ } | null>;
2954
+ options: AppleOptions;
2955
+ };
2956
+ atlassian: (options: AtlassianOptions) => {
2957
+ id: "atlassian";
2958
+ name: string;
2959
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
2960
+ state: string;
2961
+ codeVerifier: string;
2962
+ scopes?: string[] | undefined;
2963
+ redirectURI: string;
2964
+ display?: string | undefined;
2965
+ loginHint?: string | undefined;
2966
+ }): Promise<url.URL>;
2967
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
2968
+ code: string;
2969
+ redirectURI: string;
2970
+ codeVerifier?: string | undefined;
2971
+ deviceId?: string | undefined;
2972
+ }) => Promise<OAuth2Tokens>;
2973
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
2974
+ getUserInfo(token: OAuth2Tokens & {
2975
+ user?: {
2976
+ name?: {
2977
+ firstName?: string;
2978
+ lastName?: string;
2979
+ };
2980
+ email?: string;
2981
+ } | undefined;
2982
+ }): Promise<{
2983
+ user: {
2984
+ id: string;
2985
+ name?: string;
2986
+ email?: string | null;
2987
+ image?: string;
2988
+ emailVerified: boolean;
2989
+ [key: string]: any;
2990
+ };
2991
+ data: any;
2992
+ } | null>;
2993
+ options: AtlassianOptions;
2994
+ };
2995
+ athena: (options: AthenaOptions) => {
2996
+ id: "athena";
2997
+ name: string;
2998
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, display, }: {
2999
+ state: string;
3000
+ codeVerifier: string;
3001
+ scopes?: string[] | undefined;
3002
+ redirectURI: string;
3003
+ display?: string | undefined;
3004
+ loginHint?: string | undefined;
3005
+ }): Promise<url.URL>;
3006
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI, }: {
3007
+ code: string;
3008
+ redirectURI: string;
3009
+ codeVerifier?: string | undefined;
3010
+ deviceId?: string | undefined;
3011
+ }) => Promise<OAuth2Tokens>;
3012
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3013
+ getUserInfo(token: OAuth2Tokens & {
3014
+ user?: {
3015
+ name?: {
3016
+ firstName?: string;
3017
+ lastName?: string;
3018
+ };
3019
+ email?: string;
3020
+ } | undefined;
3021
+ }): Promise<{
3022
+ user: {
3023
+ id: string;
3024
+ name?: string;
3025
+ email?: string | null;
3026
+ image?: string;
3027
+ emailVerified: boolean;
3028
+ [key: string]: any;
3029
+ };
3030
+ data: any;
3031
+ } | null>;
3032
+ options: AthenaOptions;
3033
+ };
3034
+ cognito: (options: CognitoOptions) => {
3035
+ id: "cognito";
3036
+ name: string;
3037
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
3038
+ state: string;
3039
+ codeVerifier: string;
3040
+ scopes?: string[] | undefined;
3041
+ redirectURI: string;
3042
+ display?: string | undefined;
3043
+ loginHint?: string | undefined;
3044
+ }): Promise<url.URL>;
3045
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3046
+ code: string;
3047
+ redirectURI: string;
3048
+ codeVerifier?: string | undefined;
3049
+ deviceId?: string | undefined;
3050
+ }) => Promise<OAuth2Tokens>;
3051
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3052
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
3053
+ getUserInfo(token: OAuth2Tokens & {
3054
+ user?: {
3055
+ name?: {
3056
+ firstName?: string;
3057
+ lastName?: string;
3058
+ };
3059
+ email?: string;
3060
+ } | undefined;
3061
+ }): Promise<{
3062
+ user: {
3063
+ id: string;
3064
+ name?: string;
3065
+ email?: string | null;
3066
+ image?: string;
3067
+ emailVerified: boolean;
3068
+ [key: string]: any;
3069
+ };
3070
+ data: any;
3071
+ } | null>;
3072
+ options: CognitoOptions;
3073
+ };
3074
+ discord: (options: DiscordOptions) => {
3075
+ id: "discord";
3076
+ name: string;
3077
+ createAuthorizationURL({ state, scopes, redirectURI }: {
3078
+ state: string;
3079
+ codeVerifier: string;
3080
+ scopes?: string[] | undefined;
3081
+ redirectURI: string;
3082
+ display?: string | undefined;
3083
+ loginHint?: string | undefined;
3084
+ }): url.URL;
3085
+ validateAuthorizationCode: ({ code, redirectURI }: {
3086
+ code: string;
3087
+ redirectURI: string;
3088
+ codeVerifier?: string | undefined;
3089
+ deviceId?: string | undefined;
3090
+ }) => Promise<OAuth2Tokens>;
3091
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3092
+ getUserInfo(token: OAuth2Tokens & {
3093
+ user?: {
3094
+ name?: {
3095
+ firstName?: string;
3096
+ lastName?: string;
3097
+ };
3098
+ email?: string;
3099
+ } | undefined;
3100
+ }): Promise<{
3101
+ user: {
3102
+ id: string;
3103
+ name?: string;
3104
+ email?: string | null;
3105
+ image?: string;
3106
+ emailVerified: boolean;
3107
+ [key: string]: any;
3108
+ };
3109
+ data: any;
3110
+ } | null>;
3111
+ options: DiscordOptions;
3112
+ };
3113
+ facebook: (options: FacebookOptions) => {
3114
+ id: "facebook";
3115
+ name: string;
3116
+ createAuthorizationURL({ state, scopes, redirectURI, loginHint }: {
3117
+ state: string;
3118
+ codeVerifier: string;
3119
+ scopes?: string[] | undefined;
3120
+ redirectURI: string;
3121
+ display?: string | undefined;
3122
+ loginHint?: string | undefined;
3123
+ }): Promise<url.URL>;
3124
+ validateAuthorizationCode: ({ code, redirectURI }: {
3125
+ code: string;
3126
+ redirectURI: string;
3127
+ codeVerifier?: string | undefined;
3128
+ deviceId?: string | undefined;
3129
+ }) => Promise<OAuth2Tokens>;
3130
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
3131
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3132
+ getUserInfo(token: OAuth2Tokens & {
3133
+ user?: {
3134
+ name?: {
3135
+ firstName?: string;
3136
+ lastName?: string;
3137
+ };
3138
+ email?: string;
3139
+ } | undefined;
3140
+ }): Promise<{
3141
+ user: {
3142
+ id: string;
3143
+ name?: string;
3144
+ email?: string | null;
3145
+ image?: string;
3146
+ emailVerified: boolean;
3147
+ [key: string]: any;
3148
+ };
3149
+ data: any;
3150
+ } | null>;
3151
+ options: FacebookOptions;
3152
+ };
3153
+ figma: (options: FigmaOptions) => {
3154
+ id: "figma";
3155
+ name: string;
3156
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
3157
+ state: string;
3158
+ codeVerifier: string;
3159
+ scopes?: string[] | undefined;
3160
+ redirectURI: string;
3161
+ display?: string | undefined;
3162
+ loginHint?: string | undefined;
3163
+ }): Promise<url.URL>;
3164
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3165
+ code: string;
3166
+ redirectURI: string;
3167
+ codeVerifier?: string | undefined;
3168
+ deviceId?: string | undefined;
3169
+ }) => Promise<OAuth2Tokens>;
3170
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3171
+ getUserInfo(token: OAuth2Tokens & {
3172
+ user?: {
3173
+ name?: {
3174
+ firstName?: string;
3175
+ lastName?: string;
3176
+ };
3177
+ email?: string;
3178
+ } | undefined;
3179
+ }): Promise<{
3180
+ user: {
3181
+ id: string;
3182
+ name?: string;
3183
+ email?: string | null;
3184
+ image?: string;
3185
+ emailVerified: boolean;
3186
+ [key: string]: any;
3187
+ };
3188
+ data: any;
3189
+ } | null>;
3190
+ options: FigmaOptions;
3191
+ };
3192
+ github: (options: GithubOptions) => {
3193
+ id: "github";
3194
+ name: string;
3195
+ createAuthorizationURL({ state, scopes, loginHint, codeVerifier, redirectURI, }: {
3196
+ state: string;
3197
+ codeVerifier: string;
3198
+ scopes?: string[] | undefined;
3199
+ redirectURI: string;
3200
+ display?: string | undefined;
3201
+ loginHint?: string | undefined;
3202
+ }): Promise<url.URL>;
3203
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3204
+ code: string;
3205
+ redirectURI: string;
3206
+ codeVerifier?: string | undefined;
3207
+ deviceId?: string | undefined;
3208
+ }) => Promise<OAuth2Tokens | null>;
3209
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3210
+ getUserInfo(token: OAuth2Tokens & {
3211
+ user?: {
3212
+ name?: {
3213
+ firstName?: string;
3214
+ lastName?: string;
3215
+ };
3216
+ email?: string;
3217
+ } | undefined;
3218
+ }): Promise<{
3219
+ user: {
3220
+ id: string;
3221
+ name?: string;
3222
+ email?: string | null;
3223
+ image?: string;
3224
+ emailVerified: boolean;
3225
+ [key: string]: any;
3226
+ };
3227
+ data: any;
3228
+ } | null>;
3229
+ options: GithubOptions;
3230
+ };
3231
+ microsoft: (options: MicrosoftOptions) => {
3232
+ id: "microsoft";
3233
+ name: string;
3234
+ createAuthorizationURL(data: {
3235
+ state: string;
3236
+ codeVerifier: string;
3237
+ scopes?: string[] | undefined;
3238
+ redirectURI: string;
3239
+ display?: string | undefined;
3240
+ loginHint?: string | undefined;
3241
+ }): Promise<url.URL>;
3242
+ validateAuthorizationCode({ code, codeVerifier, redirectURI }: {
3243
+ code: string;
3244
+ redirectURI: string;
3245
+ codeVerifier?: string | undefined;
3246
+ deviceId?: string | undefined;
3247
+ }): Promise<OAuth2Tokens>;
3248
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
3249
+ getUserInfo(token: OAuth2Tokens & {
3250
+ user?: {
3251
+ name?: {
3252
+ firstName?: string;
3253
+ lastName?: string;
3254
+ };
3255
+ email?: string;
3256
+ } | undefined;
3257
+ }): Promise<{
3258
+ user: {
3259
+ id: string;
3260
+ name?: string;
3261
+ email?: string | null;
3262
+ image?: string;
3263
+ emailVerified: boolean;
3264
+ [key: string]: any;
3265
+ };
3266
+ data: any;
3267
+ } | null>;
3268
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3269
+ options: MicrosoftOptions;
3270
+ };
3271
+ google: (options: GoogleOptions) => {
3272
+ id: "google";
3273
+ name: string;
3274
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, display, }: {
3275
+ state: string;
3276
+ codeVerifier: string;
3277
+ scopes?: string[] | undefined;
3278
+ redirectURI: string;
3279
+ display?: string | undefined;
3280
+ loginHint?: string | undefined;
3281
+ }): Promise<url.URL>;
3282
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3283
+ code: string;
3284
+ redirectURI: string;
3285
+ codeVerifier?: string | undefined;
3286
+ deviceId?: string | undefined;
3287
+ }) => Promise<OAuth2Tokens>;
3288
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3289
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
3290
+ getUserInfo(token: OAuth2Tokens & {
3291
+ user?: {
3292
+ name?: {
3293
+ firstName?: string;
3294
+ lastName?: string;
3295
+ };
3296
+ email?: string;
3297
+ } | undefined;
3298
+ }): Promise<{
3299
+ user: {
3300
+ id: string;
3301
+ name?: string;
3302
+ email?: string | null;
3303
+ image?: string;
3304
+ emailVerified: boolean;
3305
+ [key: string]: any;
3306
+ };
3307
+ data: any;
3308
+ } | null>;
3309
+ options: GoogleOptions;
3310
+ };
3311
+ huggingface: (options: HuggingFaceOptions) => {
3312
+ id: "huggingface";
3313
+ name: string;
3314
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
3315
+ state: string;
3316
+ codeVerifier: string;
3317
+ scopes?: string[] | undefined;
3318
+ redirectURI: string;
3319
+ display?: string | undefined;
3320
+ loginHint?: string | undefined;
3321
+ }): Promise<url.URL>;
3322
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3323
+ code: string;
3324
+ redirectURI: string;
3325
+ codeVerifier?: string | undefined;
3326
+ deviceId?: string | undefined;
3327
+ }) => Promise<OAuth2Tokens>;
3328
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3329
+ getUserInfo(token: OAuth2Tokens & {
3330
+ user?: {
3331
+ name?: {
3332
+ firstName?: string;
3333
+ lastName?: string;
3334
+ };
3335
+ email?: string;
3336
+ } | undefined;
3337
+ }): Promise<{
3338
+ user: {
3339
+ id: string;
3340
+ name?: string;
3341
+ email?: string | null;
3342
+ image?: string;
3343
+ emailVerified: boolean;
3344
+ [key: string]: any;
3345
+ };
3346
+ data: any;
3347
+ } | null>;
3348
+ options: HuggingFaceOptions;
3349
+ };
3350
+ slack: (options: SlackOptions) => {
3351
+ id: "slack";
3352
+ name: string;
3353
+ createAuthorizationURL({ state, scopes, redirectURI }: {
3354
+ state: string;
3355
+ codeVerifier: string;
3356
+ scopes?: string[] | undefined;
3357
+ redirectURI: string;
3358
+ display?: string | undefined;
3359
+ loginHint?: string | undefined;
3360
+ }): url.URL;
3361
+ validateAuthorizationCode: ({ code, redirectURI }: {
3362
+ code: string;
3363
+ redirectURI: string;
3364
+ codeVerifier?: string | undefined;
3365
+ deviceId?: string | undefined;
3366
+ }) => Promise<OAuth2Tokens>;
3367
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3368
+ getUserInfo(token: OAuth2Tokens & {
3369
+ user?: {
3370
+ name?: {
3371
+ firstName?: string;
3372
+ lastName?: string;
3373
+ };
3374
+ email?: string;
3375
+ } | undefined;
3376
+ }): Promise<{
3377
+ user: {
3378
+ id: string;
3379
+ name?: string;
3380
+ email?: string | null;
3381
+ image?: string;
3382
+ emailVerified: boolean;
3383
+ [key: string]: any;
3384
+ };
3385
+ data: any;
3386
+ } | null>;
3387
+ options: SlackOptions;
3388
+ };
3389
+ spotify: (options: SpotifyOptions) => {
3390
+ id: "spotify";
3391
+ name: string;
3392
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
3393
+ state: string;
3394
+ codeVerifier: string;
3395
+ scopes?: string[] | undefined;
3396
+ redirectURI: string;
3397
+ display?: string | undefined;
3398
+ loginHint?: string | undefined;
3399
+ }): Promise<url.URL>;
3400
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3401
+ code: string;
3402
+ redirectURI: string;
3403
+ codeVerifier?: string | undefined;
3404
+ deviceId?: string | undefined;
3405
+ }) => Promise<OAuth2Tokens>;
3406
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3407
+ getUserInfo(token: OAuth2Tokens & {
3408
+ user?: {
3409
+ name?: {
3410
+ firstName?: string;
3411
+ lastName?: string;
3412
+ };
3413
+ email?: string;
3414
+ } | undefined;
3415
+ }): Promise<{
3416
+ user: {
3417
+ id: string;
3418
+ name?: string;
3419
+ email?: string | null;
3420
+ image?: string;
3421
+ emailVerified: boolean;
3422
+ [key: string]: any;
3423
+ };
3424
+ data: any;
3425
+ } | null>;
3426
+ options: SpotifyOptions;
3427
+ };
3428
+ twitch: (options: TwitchOptions) => {
3429
+ id: "twitch";
3430
+ name: string;
3431
+ createAuthorizationURL({ state, scopes, redirectURI }: {
3432
+ state: string;
3433
+ codeVerifier: string;
3434
+ scopes?: string[] | undefined;
3435
+ redirectURI: string;
3436
+ display?: string | undefined;
3437
+ loginHint?: string | undefined;
3438
+ }): Promise<url.URL>;
3439
+ validateAuthorizationCode: ({ code, redirectURI }: {
3440
+ code: string;
3441
+ redirectURI: string;
3442
+ codeVerifier?: string | undefined;
3443
+ deviceId?: string | undefined;
3444
+ }) => Promise<OAuth2Tokens>;
3445
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3446
+ getUserInfo(token: OAuth2Tokens & {
3447
+ user?: {
3448
+ name?: {
3449
+ firstName?: string;
3450
+ lastName?: string;
3451
+ };
3452
+ email?: string;
3453
+ } | undefined;
3454
+ }): Promise<{
3455
+ user: {
3456
+ id: string;
3457
+ name?: string;
3458
+ email?: string | null;
3459
+ image?: string;
3460
+ emailVerified: boolean;
3461
+ [key: string]: any;
3462
+ };
3463
+ data: any;
3464
+ } | null>;
3465
+ options: TwitchOptions;
3466
+ };
3467
+ twitter: (options: TwitterOption) => {
3468
+ id: "twitter";
3469
+ name: string;
3470
+ createAuthorizationURL(data: {
3471
+ state: string;
3472
+ codeVerifier: string;
3473
+ scopes?: string[] | undefined;
3474
+ redirectURI: string;
3475
+ display?: string | undefined;
3476
+ loginHint?: string | undefined;
3477
+ }): Promise<url.URL>;
3478
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3479
+ code: string;
3480
+ redirectURI: string;
3481
+ codeVerifier?: string | undefined;
3482
+ deviceId?: string | undefined;
3483
+ }) => Promise<OAuth2Tokens>;
3484
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3485
+ getUserInfo(token: OAuth2Tokens & {
3486
+ user?: {
3487
+ name?: {
3488
+ firstName?: string;
3489
+ lastName?: string;
3490
+ };
3491
+ email?: string;
3492
+ } | undefined;
3493
+ }): Promise<{
3494
+ user: {
3495
+ id: string;
3496
+ name?: string;
3497
+ email?: string | null;
3498
+ image?: string;
3499
+ emailVerified: boolean;
3500
+ [key: string]: any;
3501
+ };
3502
+ data: any;
3503
+ } | null>;
3504
+ options: TwitterOption;
3505
+ };
3506
+ dropbox: (options: DropboxOptions) => {
3507
+ id: "dropbox";
3508
+ name: string;
3509
+ createAuthorizationURL: ({ state, scopes, codeVerifier, redirectURI, }: {
3510
+ state: string;
3511
+ codeVerifier: string;
3512
+ scopes?: string[] | undefined;
3513
+ redirectURI: string;
3514
+ display?: string | undefined;
3515
+ loginHint?: string | undefined;
3516
+ }) => Promise<url.URL>;
3517
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3518
+ code: string;
3519
+ redirectURI: string;
3520
+ codeVerifier?: string | undefined;
3521
+ deviceId?: string | undefined;
3522
+ }) => Promise<OAuth2Tokens>;
3523
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3524
+ getUserInfo(token: OAuth2Tokens & {
3525
+ user?: {
3526
+ name?: {
3527
+ firstName?: string;
3528
+ lastName?: string;
3529
+ };
3530
+ email?: string;
3531
+ } | undefined;
3532
+ }): Promise<{
3533
+ user: {
3534
+ id: string;
3535
+ name?: string;
3536
+ email?: string | null;
3537
+ image?: string;
3538
+ emailVerified: boolean;
3539
+ [key: string]: any;
3540
+ };
3541
+ data: any;
3542
+ } | null>;
3543
+ options: DropboxOptions;
3544
+ };
3545
+ kick: (options: KickOptions) => {
3546
+ id: "kick";
3547
+ name: string;
3548
+ createAuthorizationURL({ state, scopes, redirectURI, codeVerifier }: {
3549
+ state: string;
3550
+ codeVerifier: string;
3551
+ scopes?: string[] | undefined;
3552
+ redirectURI: string;
3553
+ display?: string | undefined;
3554
+ loginHint?: string | undefined;
3555
+ }): Promise<url.URL>;
3556
+ validateAuthorizationCode({ code, redirectURI, codeVerifier }: {
3557
+ code: string;
3558
+ redirectURI: string;
3559
+ codeVerifier?: string | undefined;
3560
+ deviceId?: string | undefined;
3561
+ }): Promise<OAuth2Tokens>;
3562
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3563
+ getUserInfo(token: OAuth2Tokens & {
3564
+ user?: {
3565
+ name?: {
3566
+ firstName?: string;
3567
+ lastName?: string;
3568
+ };
3569
+ email?: string;
3570
+ } | undefined;
3571
+ }): Promise<{
3572
+ user: {
3573
+ id: string;
3574
+ name?: string;
3575
+ email?: string | null;
3576
+ image?: string;
3577
+ emailVerified: boolean;
3578
+ [key: string]: any;
3579
+ };
3580
+ data: any;
3581
+ } | null>;
3582
+ options: KickOptions;
3583
+ };
3584
+ linear: (options: LinearOptions) => {
3585
+ id: "linear";
3586
+ name: string;
3587
+ createAuthorizationURL({ state, scopes, loginHint, redirectURI }: {
3588
+ state: string;
3589
+ codeVerifier: string;
3590
+ scopes?: string[] | undefined;
3591
+ redirectURI: string;
3592
+ display?: string | undefined;
3593
+ loginHint?: string | undefined;
3594
+ }): Promise<url.URL>;
3595
+ validateAuthorizationCode: ({ code, redirectURI }: {
3596
+ code: string;
3597
+ redirectURI: string;
3598
+ codeVerifier?: string | undefined;
3599
+ deviceId?: string | undefined;
3600
+ }) => Promise<OAuth2Tokens>;
3601
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3602
+ getUserInfo(token: OAuth2Tokens & {
3603
+ user?: {
3604
+ name?: {
3605
+ firstName?: string;
3606
+ lastName?: string;
3607
+ };
3608
+ email?: string;
3609
+ } | undefined;
3610
+ }): Promise<{
3611
+ user: {
3612
+ id: string;
3613
+ name?: string;
3614
+ email?: string | null;
3615
+ image?: string;
3616
+ emailVerified: boolean;
3617
+ [key: string]: any;
3618
+ };
3619
+ data: any;
3620
+ } | null>;
3621
+ options: LinearOptions;
3622
+ };
3623
+ linkedin: (options: LinkedInOptions) => {
3624
+ id: "linkedin";
3625
+ name: string;
3626
+ createAuthorizationURL: ({ state, scopes, redirectURI, loginHint, }: {
3627
+ state: string;
3628
+ codeVerifier: string;
3629
+ scopes?: string[] | undefined;
3630
+ redirectURI: string;
3631
+ display?: string | undefined;
3632
+ loginHint?: string | undefined;
3633
+ }) => Promise<url.URL>;
3634
+ validateAuthorizationCode: ({ code, redirectURI }: {
3635
+ code: string;
3636
+ redirectURI: string;
3637
+ codeVerifier?: string | undefined;
3638
+ deviceId?: string | undefined;
3639
+ }) => Promise<OAuth2Tokens>;
3640
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3641
+ getUserInfo(token: OAuth2Tokens & {
3642
+ user?: {
3643
+ name?: {
3644
+ firstName?: string;
3645
+ lastName?: string;
3646
+ };
3647
+ email?: string;
3648
+ } | undefined;
3649
+ }): Promise<{
3650
+ user: {
3651
+ id: string;
3652
+ name?: string;
3653
+ email?: string | null;
3654
+ image?: string;
3655
+ emailVerified: boolean;
3656
+ [key: string]: any;
3657
+ };
3658
+ data: any;
3659
+ } | null>;
3660
+ options: LinkedInOptions;
3661
+ };
3662
+ gitlab: (options: GitlabOptions) => {
3663
+ id: "gitlab";
3664
+ name: string;
3665
+ createAuthorizationURL: ({ state, scopes, codeVerifier, loginHint, redirectURI, }: {
3666
+ state: string;
3667
+ codeVerifier: string;
3668
+ scopes?: string[] | undefined;
3669
+ redirectURI: string;
3670
+ display?: string | undefined;
3671
+ loginHint?: string | undefined;
3672
+ }) => Promise<url.URL>;
3673
+ validateAuthorizationCode: ({ code, redirectURI, codeVerifier }: {
3674
+ code: string;
3675
+ redirectURI: string;
3676
+ codeVerifier?: string | undefined;
3677
+ deviceId?: string | undefined;
3678
+ }) => Promise<OAuth2Tokens>;
3679
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3680
+ getUserInfo(token: OAuth2Tokens & {
3681
+ user?: {
3682
+ name?: {
3683
+ firstName?: string;
3684
+ lastName?: string;
3685
+ };
3686
+ email?: string;
3687
+ } | undefined;
3688
+ }): Promise<{
3689
+ user: {
3690
+ id: string;
3691
+ name?: string;
3692
+ email?: string | null;
3693
+ image?: string;
3694
+ emailVerified: boolean;
3695
+ [key: string]: any;
3696
+ };
3697
+ data: any;
3698
+ } | {
3699
+ user: {
3700
+ id: number;
3701
+ name: string;
3702
+ email: string;
3703
+ image: string;
3704
+ emailVerified: boolean;
3705
+ } | {
3706
+ id: string | number;
3707
+ name: string;
3708
+ email: string | null;
3709
+ image: string;
3710
+ emailVerified: boolean;
3711
+ } | {
3712
+ id: string | number;
3713
+ name: string;
3714
+ email: string | null;
3715
+ image: string;
3716
+ emailVerified: boolean;
3717
+ };
3718
+ data: GitlabProfile;
3719
+ } | null>;
3720
+ options: GitlabOptions;
3721
+ };
3722
+ tiktok: (options: TiktokOptions) => {
3723
+ id: "tiktok";
3724
+ name: string;
3725
+ createAuthorizationURL({ state, scopes, redirectURI }: {
3726
+ state: string;
3727
+ codeVerifier: string;
3728
+ scopes?: string[] | undefined;
3729
+ redirectURI: string;
3730
+ display?: string | undefined;
3731
+ loginHint?: string | undefined;
3732
+ }): url.URL;
3733
+ validateAuthorizationCode: ({ code, redirectURI }: {
3734
+ code: string;
3735
+ redirectURI: string;
3736
+ codeVerifier?: string | undefined;
3737
+ deviceId?: string | undefined;
3738
+ }) => Promise<OAuth2Tokens>;
3739
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3740
+ getUserInfo(token: OAuth2Tokens & {
3741
+ user?: {
3742
+ name?: {
3743
+ firstName?: string;
3744
+ lastName?: string;
3745
+ };
3746
+ email?: string;
3747
+ } | undefined;
3748
+ }): Promise<{
3749
+ user: {
3750
+ id: string;
3751
+ name?: string;
3752
+ email?: string | null;
3753
+ image?: string;
3754
+ emailVerified: boolean;
3755
+ [key: string]: any;
3756
+ };
3757
+ data: any;
3758
+ } | null>;
3759
+ options: TiktokOptions;
3760
+ };
3761
+ reddit: (options: RedditOptions) => {
3762
+ id: "reddit";
3763
+ name: string;
3764
+ createAuthorizationURL({ state, scopes, redirectURI }: {
3765
+ state: string;
3766
+ codeVerifier: string;
3767
+ scopes?: string[] | undefined;
3768
+ redirectURI: string;
3769
+ display?: string | undefined;
3770
+ loginHint?: string | undefined;
3771
+ }): Promise<url.URL>;
3772
+ validateAuthorizationCode: ({ code, redirectURI }: {
3773
+ code: string;
3774
+ redirectURI: string;
3775
+ codeVerifier?: string | undefined;
3776
+ deviceId?: string | undefined;
3777
+ }) => Promise<OAuth2Tokens>;
3778
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3779
+ getUserInfo(token: OAuth2Tokens & {
3780
+ user?: {
3781
+ name?: {
3782
+ firstName?: string;
3783
+ lastName?: string;
3784
+ };
3785
+ email?: string;
3786
+ } | undefined;
3787
+ }): Promise<{
3788
+ user: {
3789
+ id: string;
3790
+ name?: string;
3791
+ email?: string | null;
3792
+ image?: string;
3793
+ emailVerified: boolean;
3794
+ [key: string]: any;
3795
+ };
3796
+ data: any;
3797
+ } | null>;
3798
+ options: RedditOptions;
3799
+ };
3800
+ roblox: (options: RobloxOptions) => {
3801
+ id: "roblox";
3802
+ name: string;
3803
+ createAuthorizationURL({ state, scopes, redirectURI }: {
3804
+ state: string;
3805
+ codeVerifier: string;
3806
+ scopes?: string[] | undefined;
3807
+ redirectURI: string;
3808
+ display?: string | undefined;
3809
+ loginHint?: string | undefined;
3810
+ }): url.URL;
3811
+ validateAuthorizationCode: ({ code, redirectURI }: {
3812
+ code: string;
3813
+ redirectURI: string;
3814
+ codeVerifier?: string | undefined;
3815
+ deviceId?: string | undefined;
3816
+ }) => Promise<OAuth2Tokens>;
3817
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3818
+ getUserInfo(token: OAuth2Tokens & {
3819
+ user?: {
3820
+ name?: {
3821
+ firstName?: string;
3822
+ lastName?: string;
3823
+ };
3824
+ email?: string;
3825
+ } | undefined;
3826
+ }): Promise<{
3827
+ user: {
3828
+ id: string;
3829
+ name?: string;
3830
+ email?: string | null;
3831
+ image?: string;
3832
+ emailVerified: boolean;
3833
+ [key: string]: any;
3834
+ };
3835
+ data: any;
3836
+ } | null>;
3837
+ options: RobloxOptions;
3838
+ };
3839
+ salesforce: (options: SalesforceOptions) => {
3840
+ id: "salesforce";
3841
+ name: string;
3842
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
3843
+ state: string;
3844
+ codeVerifier: string;
3845
+ scopes?: string[] | undefined;
3846
+ redirectURI: string;
3847
+ display?: string | undefined;
3848
+ loginHint?: string | undefined;
3849
+ }): Promise<url.URL>;
3850
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
3851
+ code: string;
3852
+ redirectURI: string;
3853
+ codeVerifier?: string | undefined;
3854
+ deviceId?: string | undefined;
3855
+ }) => Promise<OAuth2Tokens>;
3856
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3857
+ getUserInfo(token: OAuth2Tokens & {
3858
+ user?: {
3859
+ name?: {
3860
+ firstName?: string;
3861
+ lastName?: string;
3862
+ };
3863
+ email?: string;
3864
+ } | undefined;
3865
+ }): Promise<{
3866
+ user: {
3867
+ id: string;
3868
+ name?: string;
3869
+ email?: string | null;
3870
+ image?: string;
3871
+ emailVerified: boolean;
3872
+ [key: string]: any;
3873
+ };
3874
+ data: any;
3875
+ } | null>;
3876
+ options: SalesforceOptions;
3877
+ };
3878
+ vk: (options: VkOption) => {
3879
+ id: "vk";
3880
+ name: string;
3881
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
3882
+ state: string;
3883
+ codeVerifier: string;
3884
+ scopes?: string[] | undefined;
3885
+ redirectURI: string;
3886
+ display?: string | undefined;
3887
+ loginHint?: string | undefined;
3888
+ }): Promise<url.URL>;
3889
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI, deviceId, }: {
3890
+ code: string;
3891
+ redirectURI: string;
3892
+ codeVerifier?: string | undefined;
3893
+ deviceId?: string | undefined;
3894
+ }) => Promise<OAuth2Tokens>;
3895
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3896
+ getUserInfo(data: OAuth2Tokens & {
3897
+ user?: {
3898
+ name?: {
3899
+ firstName?: string;
3900
+ lastName?: string;
3901
+ };
3902
+ email?: string;
3903
+ } | undefined;
3904
+ }): Promise<{
3905
+ user: {
3906
+ id: string;
3907
+ name?: string;
3908
+ email?: string | null;
3909
+ image?: string;
3910
+ emailVerified: boolean;
3911
+ [key: string]: any;
3912
+ };
3913
+ data: any;
3914
+ } | null>;
3915
+ options: VkOption;
3916
+ };
3917
+ zoom: (userOptions: ZoomOptions) => {
3918
+ id: "zoom";
3919
+ name: string;
3920
+ createAuthorizationURL: ({ state, redirectURI, codeVerifier }: {
3921
+ state: string;
3922
+ codeVerifier: string;
3923
+ scopes?: string[] | undefined;
3924
+ redirectURI: string;
3925
+ display?: string | undefined;
3926
+ loginHint?: string | undefined;
3927
+ }) => Promise<url.URL>;
3928
+ validateAuthorizationCode: ({ code, redirectURI, codeVerifier }: {
3929
+ code: string;
3930
+ redirectURI: string;
3931
+ codeVerifier?: string | undefined;
3932
+ deviceId?: string | undefined;
3933
+ }) => Promise<OAuth2Tokens>;
3934
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3935
+ getUserInfo(token: OAuth2Tokens & {
3936
+ user?: {
3937
+ name?: {
3938
+ firstName?: string;
3939
+ lastName?: string;
3940
+ };
3941
+ email?: string;
3942
+ } | undefined;
3943
+ }): Promise<{
3944
+ user: {
3945
+ id: string;
3946
+ name?: string;
3947
+ email?: string | null;
3948
+ image?: string;
3949
+ emailVerified: boolean;
3950
+ [key: string]: any;
3951
+ };
3952
+ data: any;
3953
+ } | null>;
3954
+ };
3955
+ notion: (options: NotionOptions) => {
3956
+ id: "notion";
3957
+ name: string;
3958
+ createAuthorizationURL({ state, scopes, loginHint, redirectURI }: {
3959
+ state: string;
3960
+ codeVerifier: string;
3961
+ scopes?: string[] | undefined;
3962
+ redirectURI: string;
3963
+ display?: string | undefined;
3964
+ loginHint?: string | undefined;
3965
+ }): Promise<url.URL>;
3966
+ validateAuthorizationCode: ({ code, redirectURI }: {
3967
+ code: string;
3968
+ redirectURI: string;
3969
+ codeVerifier?: string | undefined;
3970
+ deviceId?: string | undefined;
3971
+ }) => Promise<OAuth2Tokens>;
3972
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
3973
+ getUserInfo(token: OAuth2Tokens & {
3974
+ user?: {
3975
+ name?: {
3976
+ firstName?: string;
3977
+ lastName?: string;
3978
+ };
3979
+ email?: string;
3980
+ } | undefined;
3981
+ }): Promise<{
3982
+ user: {
3983
+ id: string;
3984
+ name?: string;
3985
+ email?: string | null;
3986
+ image?: string;
3987
+ emailVerified: boolean;
3988
+ [key: string]: any;
3989
+ };
3990
+ data: any;
3991
+ } | null>;
3992
+ options: NotionOptions;
3993
+ };
3994
+ kakao: (options: KakaoOptions) => {
3995
+ id: "kakao";
3996
+ name: string;
3997
+ createAuthorizationURL({ state, scopes, redirectURI }: {
3998
+ state: string;
3999
+ codeVerifier: string;
4000
+ scopes?: string[] | undefined;
4001
+ redirectURI: string;
4002
+ display?: string | undefined;
4003
+ loginHint?: string | undefined;
4004
+ }): Promise<url.URL>;
4005
+ validateAuthorizationCode: ({ code, redirectURI }: {
4006
+ code: string;
4007
+ redirectURI: string;
4008
+ codeVerifier?: string | undefined;
4009
+ deviceId?: string | undefined;
4010
+ }) => Promise<OAuth2Tokens>;
4011
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4012
+ getUserInfo(token: OAuth2Tokens & {
4013
+ user?: {
4014
+ name?: {
4015
+ firstName?: string;
4016
+ lastName?: string;
4017
+ };
4018
+ email?: string;
4019
+ } | undefined;
4020
+ }): Promise<{
4021
+ user: {
4022
+ id: string;
4023
+ name?: string;
4024
+ email?: string | null;
4025
+ image?: string;
4026
+ emailVerified: boolean;
4027
+ [key: string]: any;
4028
+ };
4029
+ data: any;
4030
+ } | {
4031
+ user: {
4032
+ id: string;
4033
+ name: string;
4034
+ email: string | undefined;
4035
+ image: string | undefined;
4036
+ emailVerified: boolean;
4037
+ } | {
4038
+ id: string;
4039
+ name: string;
4040
+ email: string | null;
4041
+ image: string;
4042
+ emailVerified: boolean;
4043
+ } | {
4044
+ id: string;
4045
+ name: string;
4046
+ email: string | null;
4047
+ image: string;
4048
+ emailVerified: boolean;
4049
+ };
4050
+ data: KakaoProfile;
4051
+ } | null>;
4052
+ options: KakaoOptions;
4053
+ };
4054
+ naver: (options: NaverOptions) => {
4055
+ id: "naver";
4056
+ name: string;
4057
+ createAuthorizationURL({ state, scopes, redirectURI }: {
4058
+ state: string;
4059
+ codeVerifier: string;
4060
+ scopes?: string[] | undefined;
4061
+ redirectURI: string;
4062
+ display?: string | undefined;
4063
+ loginHint?: string | undefined;
4064
+ }): Promise<url.URL>;
4065
+ validateAuthorizationCode: ({ code, redirectURI }: {
4066
+ code: string;
4067
+ redirectURI: string;
4068
+ codeVerifier?: string | undefined;
4069
+ deviceId?: string | undefined;
4070
+ }) => Promise<OAuth2Tokens>;
4071
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4072
+ getUserInfo(token: OAuth2Tokens & {
4073
+ user?: {
4074
+ name?: {
4075
+ firstName?: string;
4076
+ lastName?: string;
4077
+ };
4078
+ email?: string;
4079
+ } | undefined;
4080
+ }): Promise<{
4081
+ user: {
4082
+ id: string;
4083
+ name?: string;
4084
+ email?: string | null;
4085
+ image?: string;
4086
+ emailVerified: boolean;
4087
+ [key: string]: any;
4088
+ };
4089
+ data: any;
4090
+ } | {
4091
+ user: {
4092
+ id: string;
4093
+ name: string;
4094
+ email: string;
4095
+ image: string;
4096
+ emailVerified: boolean;
4097
+ } | {
4098
+ id: string;
4099
+ name: string;
4100
+ email: string | null;
4101
+ image: string;
4102
+ emailVerified: boolean;
4103
+ } | {
4104
+ id: string;
4105
+ name: string;
4106
+ email: string | null;
4107
+ image: string;
4108
+ emailVerified: boolean;
4109
+ };
4110
+ data: NaverProfile;
4111
+ } | null>;
4112
+ options: NaverOptions;
4113
+ };
4114
+ line: (options: LineOptions) => {
4115
+ id: "line";
4116
+ name: string;
4117
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, }: {
4118
+ state: string;
4119
+ codeVerifier: string;
4120
+ scopes?: string[] | undefined;
4121
+ redirectURI: string;
4122
+ display?: string | undefined;
4123
+ loginHint?: string | undefined;
4124
+ }): Promise<url.URL>;
4125
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4126
+ code: string;
4127
+ redirectURI: string;
4128
+ codeVerifier?: string | undefined;
4129
+ deviceId?: string | undefined;
4130
+ }) => Promise<OAuth2Tokens>;
4131
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4132
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4133
+ getUserInfo(token: OAuth2Tokens & {
4134
+ user?: {
4135
+ name?: {
4136
+ firstName?: string;
4137
+ lastName?: string;
4138
+ };
4139
+ email?: string;
4140
+ } | undefined;
4141
+ }): Promise<{
4142
+ user: {
4143
+ id: string;
4144
+ name?: string;
4145
+ email?: string | null;
4146
+ image?: string;
4147
+ emailVerified: boolean;
4148
+ [key: string]: any;
4149
+ };
4150
+ data: any;
4151
+ } | {
4152
+ user: {
4153
+ id: any;
4154
+ name: any;
4155
+ email: any;
4156
+ image: any;
4157
+ emailVerified: false;
4158
+ } | {
4159
+ id: any;
4160
+ name: any;
4161
+ email: any;
4162
+ image: any;
4163
+ emailVerified: boolean;
4164
+ } | {
4165
+ id: any;
4166
+ name: any;
4167
+ email: any;
4168
+ image: any;
4169
+ emailVerified: boolean;
4170
+ };
4171
+ data: any;
4172
+ } | null>;
4173
+ options: LineOptions;
4174
+ };
4175
+ paybin: (options: PaybinOptions) => {
4176
+ id: "paybin";
4177
+ name: string;
4178
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, }: {
4179
+ state: string;
4180
+ codeVerifier: string;
4181
+ scopes?: string[] | undefined;
4182
+ redirectURI: string;
4183
+ display?: string | undefined;
4184
+ loginHint?: string | undefined;
4185
+ }): Promise<url.URL>;
4186
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4187
+ code: string;
4188
+ redirectURI: string;
4189
+ codeVerifier?: string | undefined;
4190
+ deviceId?: string | undefined;
4191
+ }) => Promise<OAuth2Tokens>;
4192
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4193
+ getUserInfo(token: OAuth2Tokens & {
4194
+ user?: {
4195
+ name?: {
4196
+ firstName?: string;
4197
+ lastName?: string;
4198
+ };
4199
+ email?: string;
4200
+ } | undefined;
4201
+ }): Promise<{
4202
+ user: {
4203
+ id: string;
4204
+ name?: string;
4205
+ email?: string | null;
4206
+ image?: string;
4207
+ emailVerified: boolean;
4208
+ [key: string]: any;
4209
+ };
4210
+ data: any;
4211
+ } | null>;
4212
+ options: PaybinOptions;
4213
+ };
4214
+ paypal: (options: PayPalOptions) => {
4215
+ id: "paypal";
4216
+ name: string;
4217
+ createAuthorizationURL({ state, codeVerifier, redirectURI }: {
4218
+ state: string;
4219
+ codeVerifier: string;
4220
+ scopes?: string[] | undefined;
4221
+ redirectURI: string;
4222
+ display?: string | undefined;
4223
+ loginHint?: string | undefined;
4224
+ }): Promise<url.URL>;
4225
+ validateAuthorizationCode: ({ code, redirectURI }: {
4226
+ code: string;
4227
+ redirectURI: string;
4228
+ codeVerifier?: string | undefined;
4229
+ deviceId?: string | undefined;
4230
+ }) => Promise<{
4231
+ accessToken: string;
4232
+ refreshToken: string | undefined;
4233
+ accessTokenExpiresAt: Date | undefined;
4234
+ idToken: string | undefined;
4235
+ }>;
4236
+ refreshAccessToken: ((refreshToken: string) => Promise<OAuth2Tokens>) | ((refreshToken: string) => Promise<{
4237
+ accessToken: any;
4238
+ refreshToken: any;
4239
+ accessTokenExpiresAt: Date | undefined;
4240
+ }>);
4241
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4242
+ getUserInfo(token: OAuth2Tokens & {
4243
+ user?: {
4244
+ name?: {
4245
+ firstName?: string;
4246
+ lastName?: string;
4247
+ };
4248
+ email?: string;
4249
+ } | undefined;
4250
+ }): Promise<{
4251
+ user: {
4252
+ id: string;
4253
+ name?: string;
4254
+ email?: string | null;
4255
+ image?: string;
4256
+ emailVerified: boolean;
4257
+ [key: string]: any;
4258
+ };
4259
+ data: any;
4260
+ } | {
4261
+ user: {
4262
+ id: string;
4263
+ name: string;
4264
+ email: string;
4265
+ image: string | undefined;
4266
+ emailVerified: boolean;
4267
+ } | {
4268
+ id: string;
4269
+ name: string;
4270
+ email: string | null;
4271
+ image: string;
4272
+ emailVerified: boolean;
4273
+ } | {
4274
+ id: string;
4275
+ name: string;
4276
+ email: string | null;
4277
+ image: string;
4278
+ emailVerified: boolean;
4279
+ };
4280
+ data: PayPalProfile;
4281
+ } | null>;
4282
+ options: PayPalOptions;
4283
+ };
4284
+ polar: (options: PolarOptions) => {
4285
+ id: "polar";
4286
+ name: string;
4287
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
4288
+ state: string;
4289
+ codeVerifier: string;
4290
+ scopes?: string[] | undefined;
4291
+ redirectURI: string;
4292
+ display?: string | undefined;
4293
+ loginHint?: string | undefined;
4294
+ }): Promise<url.URL>;
4295
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4296
+ code: string;
4297
+ redirectURI: string;
4298
+ codeVerifier?: string | undefined;
4299
+ deviceId?: string | undefined;
4300
+ }) => Promise<OAuth2Tokens>;
4301
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4302
+ getUserInfo(token: OAuth2Tokens & {
4303
+ user?: {
4304
+ name?: {
4305
+ firstName?: string;
4306
+ lastName?: string;
4307
+ };
4308
+ email?: string;
4309
+ } | undefined;
4310
+ }): Promise<{
4311
+ user: {
4312
+ id: string;
4313
+ name?: string;
4314
+ email?: string | null;
4315
+ image?: string;
4316
+ emailVerified: boolean;
4317
+ [key: string]: any;
4318
+ };
4319
+ data: any;
4320
+ } | null>;
4321
+ options: PolarOptions;
4322
+ };
4323
+ railway: (options: RailwayOptions) => {
4324
+ id: "railway";
4325
+ name: string;
4326
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
4327
+ state: string;
4328
+ codeVerifier: string;
4329
+ scopes?: string[] | undefined;
4330
+ redirectURI: string;
4331
+ display?: string | undefined;
4332
+ loginHint?: string | undefined;
4333
+ }): Promise<url.URL>;
4334
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4335
+ code: string;
4336
+ redirectURI: string;
4337
+ codeVerifier?: string | undefined;
4338
+ deviceId?: string | undefined;
4339
+ }) => Promise<OAuth2Tokens>;
4340
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4341
+ getUserInfo(token: OAuth2Tokens & {
4342
+ user?: {
4343
+ name?: {
4344
+ firstName?: string;
4345
+ lastName?: string;
4346
+ };
4347
+ email?: string;
4348
+ } | undefined;
4349
+ }): Promise<{
4350
+ user: {
4351
+ id: string;
4352
+ name?: string;
4353
+ email?: string | null;
4354
+ image?: string;
4355
+ emailVerified: boolean;
4356
+ [key: string]: any;
4357
+ };
4358
+ data: any;
4359
+ } | null>;
4360
+ options: RailwayOptions;
4361
+ };
4362
+ vercel: (options: VercelOptions) => {
4363
+ id: "vercel";
4364
+ name: string;
4365
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
4366
+ state: string;
4367
+ codeVerifier: string;
4368
+ scopes?: string[] | undefined;
4369
+ redirectURI: string;
4370
+ display?: string | undefined;
4371
+ loginHint?: string | undefined;
4372
+ }): Promise<url.URL>;
4373
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4374
+ code: string;
4375
+ redirectURI: string;
4376
+ codeVerifier?: string | undefined;
4377
+ deviceId?: string | undefined;
4378
+ }) => Promise<OAuth2Tokens>;
4379
+ getUserInfo(token: OAuth2Tokens & {
4380
+ user?: {
4381
+ name?: {
4382
+ firstName?: string;
4383
+ lastName?: string;
4384
+ };
4385
+ email?: string;
4386
+ } | undefined;
4387
+ }): Promise<{
4388
+ user: {
4389
+ id: string;
4390
+ name?: string;
4391
+ email?: string | null;
4392
+ image?: string;
4393
+ emailVerified: boolean;
4394
+ [key: string]: any;
4395
+ };
4396
+ data: any;
4397
+ } | null>;
4398
+ options: VercelOptions;
4399
+ };
4400
+ wechat: (options: WeChatOptions) => {
4401
+ id: "wechat";
4402
+ name: string;
4403
+ createAuthorizationURL({ state, scopes, redirectURI }: {
4404
+ state: string;
4405
+ codeVerifier: string;
4406
+ scopes?: string[] | undefined;
4407
+ redirectURI: string;
4408
+ display?: string | undefined;
4409
+ loginHint?: string | undefined;
4410
+ }): url.URL;
4411
+ validateAuthorizationCode: ({ code }: {
4412
+ code: string;
4413
+ redirectURI: string;
4414
+ codeVerifier?: string | undefined;
4415
+ deviceId?: string | undefined;
4416
+ }) => Promise<{
4417
+ tokenType: "Bearer";
4418
+ accessToken: string;
4419
+ refreshToken: string;
4420
+ accessTokenExpiresAt: Date;
4421
+ scopes: string[];
4422
+ openid: string;
4423
+ unionid: string | undefined;
4424
+ }>;
4425
+ refreshAccessToken: ((refreshToken: string) => Promise<OAuth2Tokens>) | ((refreshToken: string) => Promise<{
4426
+ tokenType: "Bearer";
4427
+ accessToken: string;
4428
+ refreshToken: string;
4429
+ accessTokenExpiresAt: Date;
4430
+ scopes: string[];
4431
+ }>);
4432
+ getUserInfo(token: OAuth2Tokens & {
4433
+ user?: {
4434
+ name?: {
4435
+ firstName?: string;
4436
+ lastName?: string;
4437
+ };
4438
+ email?: string;
4439
+ } | undefined;
4440
+ }): Promise<{
4441
+ user: {
4442
+ id: string;
4443
+ name?: string;
4444
+ email?: string | null;
4445
+ image?: string;
4446
+ emailVerified: boolean;
4447
+ [key: string]: any;
4448
+ };
4449
+ data: any;
4450
+ } | null>;
4451
+ options: WeChatOptions;
4452
+ };
4453
+ };
4454
+ /** Runtime list of built-in provider ids (includes `athena`). */
4455
+ declare const socialProviderList: ["github", ...(keyof typeof socialProviders)[]];
4456
+ /**
4457
+ * Zod schema for a social provider id: any built-in key or open string
4458
+ * (custom providers via `(string & {})`).
4459
+ */
4460
+ declare const SocialProviderListEnum: z.ZodType<SocialProviderList[number] | (string & {})>;
4461
+ /** Provider id string with autocomplete for built-ins and allowance for custom keys. */
4462
+ type SocialProvider = z.infer<typeof SocialProviderListEnum>;
4463
+ /**
4464
+ * Config map for enabling/configuring social providers on an auth instance.
4465
+ * Each key is optional; values may be options objects or async factories.
4466
+ */
4467
+ type SocialProviders = {
4468
+ [K in SocialProviderList[number]]?: AwaitableFunction<Parameters<(typeof socialProviders)[K]>[0] & {
4469
+ enabled?: boolean | undefined;
4470
+ }>;
4471
+ };
4472
+ /** Tuple type of {@link socialProviderList}. */
4473
+ type SocialProviderList = typeof socialProviderList;
4474
+
4475
+ /** Minimal JWK fields used when selecting a key from a JWKS document. */
4476
+ type JwkLike = {
4477
+ kid: string;
4478
+ alg: string;
4479
+ kty: string;
4480
+ use?: string;
4481
+ n?: string;
4482
+ e?: string;
4483
+ x5c?: string[];
4484
+ x5t?: string;
4485
+ [key: string]: unknown;
4486
+ };
4487
+ /**
4488
+ * Fetch a JWKS document, find the key by `kid`, and import it for JWT verify.
4489
+ *
4490
+ * Shared by Apple, Google, Microsoft, Cognito, PayPal, and other OIDC providers
4491
+ * that publish RSA/EC public keys at a well-known JWKS URL.
4492
+ *
4493
+ * @param jwksUrl - Absolute URL of the provider JWKS (`/.well-known/jwks.json` or equivalent)
4494
+ * @param kid - Key id from the JWT protected header
4495
+ * @returns Key material suitable for `jose` `jwtVerify`
4496
+ * @throws {APIError} When the JWKS response has no `keys` array
4497
+ * @throws {Error} When no key matches `kid`
4498
+ */
4499
+ declare function getJwksPublicKey(jwksUrl: string, kid: string): Promise<Awaited<ReturnType<typeof importJWK>>>;
4500
+
4501
+ /**
4502
+ * Merge default, configured, and request-time OAuth scopes without duplicates.
4503
+ *
4504
+ * Order of application: defaults → `optionScopes` → `requestScopes`.
4505
+ * When `disableDefaultScope` is true, the default list is skipped.
4506
+ *
4507
+ * @param defaults - Provider default scopes (e.g. `openid profile email`)
4508
+ * @param optionScopes - Scopes from provider options
4509
+ * @param requestScopes - Scopes from the authorization request call
4510
+ * @param disableDefaultScope - When true, omit `defaults`
4511
+ * @returns Deduplicated scope list preserving first-seen order
4512
+ */
4513
+ declare function mergeScopes(defaults: string[], optionScopes: string[] | undefined, requestScopes: string[] | undefined, disableDefaultScope?: boolean): string[];
4514
+
4515
+ /**
4516
+ * Strip trailing `/` characters without a ReDoS-prone regex (loop-based).
4517
+ *
4518
+ * Used for OAuth authority/issuer base URLs so endpoint concatenation never
4519
+ * produces double slashes that break issuer comparisons.
4520
+ *
4521
+ * @param value - Absolute or path-like URL string
4522
+ * @returns Same string with all trailing slashes removed
4523
+ */
4524
+ declare function trimTrailingSlash(value: string): string;
4525
+
4526
+ /**
4527
+ * Fetch Apple's JWKS and import the key for the given JWT `kid`.
4528
+ * @see https://appleid.apple.com/auth/keys
4529
+ */
4530
+ declare const getApplePublicKey: (kid: string) => Promise<Uint8Array<ArrayBufferLike> | crypto.webcrypto.CryptoKey>;
4531
+
4532
+ /**
4533
+ * Sign in with Apple OAuth provider factory.
4534
+ *
4535
+ * Uses `response_mode=form_post` and `code id_token` when requesting
4536
+ * name/email scopes (Apple REST API requirements).
4537
+ *
4538
+ * @param options - Apple Services ID / client secret configuration
4539
+ */
4540
+ declare const apple: (options: AppleOptions) => {
4541
+ id: "apple";
4542
+ name: string;
4543
+ createAuthorizationURL({ state, scopes, redirectURI }: {
4544
+ state: string;
4545
+ codeVerifier: string;
4546
+ scopes?: string[] | undefined;
4547
+ redirectURI: string;
4548
+ display?: string | undefined;
4549
+ loginHint?: string | undefined;
4550
+ }): Promise<url.URL>;
4551
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4552
+ code: string;
4553
+ redirectURI: string;
4554
+ codeVerifier?: string | undefined;
4555
+ deviceId?: string | undefined;
4556
+ }) => Promise<OAuth2Tokens>;
4557
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4558
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4559
+ getUserInfo(token: OAuth2Tokens & {
4560
+ user?: {
4561
+ name?: {
4562
+ firstName?: string;
4563
+ lastName?: string;
4564
+ };
4565
+ email?: string;
4566
+ } | undefined;
4567
+ }): Promise<{
4568
+ user: {
4569
+ id: string;
4570
+ name?: string;
4571
+ email?: string | null;
4572
+ image?: string;
4573
+ emailVerified: boolean;
4574
+ [key: string]: any;
4575
+ };
4576
+ data: any;
4577
+ } | null>;
4578
+ options: AppleOptions;
4579
+ };
4580
+
4581
+ /**
4582
+ * Fetch the Cognito User Pool JWKS and import the key for `kid`.
4583
+ *
4584
+ * @param kid - JWT header key id
4585
+ * @param region - AWS region of the pool (e.g. `us-east-1`)
4586
+ * @param userPoolId - Cognito User Pool id
4587
+ */
4588
+ declare const getCognitoPublicKey: (kid: string, region: string, userPoolId: string) => Promise<Uint8Array<ArrayBufferLike> | crypto.webcrypto.CryptoKey>;
4589
+
4590
+ /**
4591
+ * Amazon Cognito Hosted UI OAuth provider factory.
4592
+ *
4593
+ * @param options - Domain, region, user pool id, and app client settings
4594
+ */
4595
+ declare const cognito: (options: CognitoOptions) => {
4596
+ id: "cognito";
4597
+ name: string;
4598
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }: {
4599
+ state: string;
4600
+ codeVerifier: string;
4601
+ scopes?: string[] | undefined;
4602
+ redirectURI: string;
4603
+ display?: string | undefined;
4604
+ loginHint?: string | undefined;
4605
+ }): Promise<url.URL>;
4606
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4607
+ code: string;
4608
+ redirectURI: string;
4609
+ codeVerifier?: string | undefined;
4610
+ deviceId?: string | undefined;
4611
+ }) => Promise<OAuth2Tokens>;
4612
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4613
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4614
+ getUserInfo(token: OAuth2Tokens & {
4615
+ user?: {
4616
+ name?: {
4617
+ firstName?: string;
4618
+ lastName?: string;
4619
+ };
4620
+ email?: string;
4621
+ } | undefined;
4622
+ }): Promise<{
4623
+ user: {
4624
+ id: string;
4625
+ name?: string;
4626
+ email?: string | null;
4627
+ image?: string;
4628
+ emailVerified: boolean;
4629
+ [key: string]: any;
4630
+ };
4631
+ data: any;
4632
+ } | null>;
4633
+ options: CognitoOptions;
4634
+ };
4635
+
4636
+ /**
4637
+ * Validate an opaque Facebook access token against the configured app.
4638
+ *
4639
+ * Facebook access tokens are not audience-bound at Graph `/me`: a token
4640
+ * minted for any Facebook app returns that app's profile. Without this check,
4641
+ * a token issued to an unrelated app could be accepted on the direct sign-in
4642
+ * path. Calls `debug_token` and requires the token to be valid, bound to one
4643
+ * of the configured client ids, and tied to a user.
4644
+ *
4645
+ * @see https://developers.facebook.com/docs/facebook-login/guides/access-tokens/debugging
4646
+ *
4647
+ * @returns The inspected token's `user_id` when valid, otherwise `null`.
4648
+ */
4649
+ declare function verifyFacebookAccessToken(accessToken: string, options: FacebookOptions): Promise<string | null>;
4650
+
4651
+ /**
4652
+ * Facebook Login OAuth provider factory (Graph API v24).
4653
+ *
4654
+ * Supports limited-login JWT ID tokens and opaque access tokens (with
4655
+ * `debug_token` app binding).
4656
+ *
4657
+ * @param options - App id/secret and optional field extensions
4658
+ */
4659
+ declare const facebook: (options: FacebookOptions) => {
4660
+ id: "facebook";
4661
+ name: string;
4662
+ createAuthorizationURL({ state, scopes, redirectURI, loginHint }: {
4663
+ state: string;
4664
+ codeVerifier: string;
4665
+ scopes?: string[] | undefined;
4666
+ redirectURI: string;
4667
+ display?: string | undefined;
4668
+ loginHint?: string | undefined;
4669
+ }): Promise<url.URL>;
4670
+ validateAuthorizationCode: ({ code, redirectURI }: {
4671
+ code: string;
4672
+ redirectURI: string;
4673
+ codeVerifier?: string | undefined;
4674
+ deviceId?: string | undefined;
4675
+ }) => Promise<OAuth2Tokens>;
4676
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4677
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4678
+ getUserInfo(token: OAuth2Tokens & {
4679
+ user?: {
4680
+ name?: {
4681
+ firstName?: string;
4682
+ lastName?: string;
4683
+ };
4684
+ email?: string;
4685
+ } | undefined;
4686
+ }): Promise<{
4687
+ user: {
4688
+ id: string;
4689
+ name?: string;
4690
+ email?: string | null;
4691
+ image?: string;
4692
+ emailVerified: boolean;
4693
+ [key: string]: any;
4694
+ };
4695
+ data: any;
4696
+ } | null>;
4697
+ options: FacebookOptions;
4698
+ };
4699
+
4700
+ declare const getGooglePublicKey: (kid: string) => Promise<Uint8Array<ArrayBufferLike> | crypto.webcrypto.CryptoKey>;
4701
+
4702
+ /**
4703
+ * Verifies a Google ID token against Google's issuer, audience, signature,
4704
+ * expiry, and maximum token age.
4705
+ */
4706
+ declare const verifyGoogleIdToken: ({ token, audience, nonce, }: VerifyGoogleIdTokenOptions) => Promise<JWTPayload | null>;
4707
+ /**
4708
+ * Checks whether Google's verified `hd` claim satisfies the configured hosted
4709
+ * domain restriction. `hd: "*"` accepts any Google Workspace hosted domain.
4710
+ */
4711
+ declare const isGoogleHostedDomainAllowed: (configuredHostedDomain: string | undefined, tokenHostedDomain: unknown) => boolean;
4712
+
4713
+ /**
4714
+ * Google OAuth / OpenID Connect provider factory.
4715
+ *
4716
+ * @param options - Client id/secret, optional hosted domain (`hd`), access type
4717
+ * @returns Provider with authorize, token, refresh, ID-token verify, and userinfo
4718
+ */
4719
+ declare const google: (options: GoogleOptions) => {
4720
+ id: "google";
4721
+ name: string;
4722
+ createAuthorizationURL({ state, scopes, codeVerifier, redirectURI, loginHint, display, }: {
4723
+ state: string;
4724
+ codeVerifier: string;
4725
+ scopes?: string[] | undefined;
4726
+ redirectURI: string;
4727
+ display?: string | undefined;
4728
+ loginHint?: string | undefined;
4729
+ }): Promise<url.URL>;
4730
+ validateAuthorizationCode: ({ code, codeVerifier, redirectURI }: {
4731
+ code: string;
4732
+ redirectURI: string;
4733
+ codeVerifier?: string | undefined;
4734
+ deviceId?: string | undefined;
4735
+ }) => Promise<OAuth2Tokens>;
4736
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4737
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4738
+ getUserInfo(token: OAuth2Tokens & {
4739
+ user?: {
4740
+ name?: {
4741
+ firstName?: string;
4742
+ lastName?: string;
4743
+ };
4744
+ email?: string;
4745
+ } | undefined;
4746
+ }): Promise<{
4747
+ user: {
4748
+ id: string;
4749
+ name?: string;
4750
+ email?: string | null;
4751
+ image?: string;
4752
+ emailVerified: boolean;
4753
+ [key: string]: any;
4754
+ };
4755
+ data: any;
4756
+ } | null>;
4757
+ options: GoogleOptions;
4758
+ };
4759
+
4760
+ /**
4761
+ * Import the Microsoft Entra ID JWKS public key for the given JWT `kid`.
4762
+ *
4763
+ * @param kid - JWT protected-header key id
4764
+ * @param tenant - Tenant id or common/organizations/consumers
4765
+ * @param authority - Authority host (no trailing slash), e.g. login.microsoftonline.com
4766
+ */
4767
+ declare const getMicrosoftPublicKey: (kid: string, tenant: string, authority: string) => Promise<Uint8Array<ArrayBufferLike> | crypto.webcrypto.CryptoKey>;
4768
+
4769
+ /**
4770
+ * Microsoft Entra ID (Azure AD) OAuth provider factory.
4771
+ *
4772
+ * Supports multi-tenant endpoints (common/organizations/consumers) with
4773
+ * explicit tenant-class checks on ID tokens.
4774
+ *
4775
+ * @param options - Client id, optional tenant/authority, profile photo settings
4776
+ */
4777
+ declare const microsoft: (options: MicrosoftOptions) => {
4778
+ id: "microsoft";
4779
+ name: string;
4780
+ createAuthorizationURL(data: {
4781
+ state: string;
4782
+ codeVerifier: string;
4783
+ scopes?: string[] | undefined;
4784
+ redirectURI: string;
4785
+ display?: string | undefined;
4786
+ loginHint?: string | undefined;
4787
+ }): Promise<url.URL>;
4788
+ validateAuthorizationCode({ code, codeVerifier, redirectURI }: {
4789
+ code: string;
4790
+ redirectURI: string;
4791
+ codeVerifier?: string | undefined;
4792
+ deviceId?: string | undefined;
4793
+ }): Promise<OAuth2Tokens>;
4794
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4795
+ getUserInfo(token: OAuth2Tokens & {
4796
+ user?: {
4797
+ name?: {
4798
+ firstName?: string;
4799
+ lastName?: string;
4800
+ };
4801
+ email?: string;
4802
+ } | undefined;
4803
+ }): Promise<{
4804
+ user: {
4805
+ id: string;
4806
+ name?: string;
4807
+ email?: string | null;
4808
+ image?: string;
4809
+ emailVerified: boolean;
4810
+ [key: string]: any;
4811
+ };
4812
+ data: any;
4813
+ } | null>;
4814
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4815
+ options: MicrosoftOptions;
4816
+ };
4817
+
4818
+ /**
4819
+ * Import the PayPal JWKS public key matching `kid` for RS256 ID-token verify.
4820
+ *
4821
+ * @param kid - Key id from the JWT protected header
4822
+ * @param jwksUri - Sandbox or live JWKS endpoint
4823
+ */
4824
+ declare const getPayPalPublicKey: (kid: string, jwksUri: string) => Promise<Uint8Array<ArrayBufferLike> | crypto.webcrypto.CryptoKey>;
4825
+
4826
+ /**
4827
+ * PayPal Login with PayPal OAuth provider factory.
4828
+ *
4829
+ * @param options - Client credentials and sandbox/live environment
4830
+ * @returns OAuth provider implementation for PayPal
4831
+ */
4832
+ declare const paypal: (options: PayPalOptions) => {
4833
+ id: "paypal";
4834
+ name: string;
4835
+ createAuthorizationURL({ state, codeVerifier, redirectURI }: {
4836
+ state: string;
4837
+ codeVerifier: string;
4838
+ scopes?: string[] | undefined;
4839
+ redirectURI: string;
4840
+ display?: string | undefined;
4841
+ loginHint?: string | undefined;
4842
+ }): Promise<url.URL>;
4843
+ validateAuthorizationCode: ({ code, redirectURI }: {
4844
+ code: string;
4845
+ redirectURI: string;
4846
+ codeVerifier?: string | undefined;
4847
+ deviceId?: string | undefined;
4848
+ }) => Promise<{
4849
+ accessToken: string;
4850
+ refreshToken: string | undefined;
4851
+ accessTokenExpiresAt: Date | undefined;
4852
+ idToken: string | undefined;
4853
+ }>;
4854
+ refreshAccessToken: ((refreshToken: string) => Promise<OAuth2Tokens>) | ((refreshToken: string) => Promise<{
4855
+ accessToken: any;
4856
+ refreshToken: any;
4857
+ accessTokenExpiresAt: Date | undefined;
4858
+ }>);
4859
+ verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
4860
+ getUserInfo(token: OAuth2Tokens & {
4861
+ user?: {
4862
+ name?: {
4863
+ firstName?: string;
4864
+ lastName?: string;
4865
+ };
4866
+ email?: string;
4867
+ } | undefined;
4868
+ }): Promise<{
4869
+ user: {
4870
+ id: string;
4871
+ name?: string;
4872
+ email?: string | null;
4873
+ image?: string;
4874
+ emailVerified: boolean;
4875
+ [key: string]: any;
4876
+ };
4877
+ data: any;
4878
+ } | {
4879
+ user: {
4880
+ id: string;
4881
+ name: string;
4882
+ email: string;
4883
+ image: string | undefined;
4884
+ emailVerified: boolean;
4885
+ } | {
4886
+ id: string;
4887
+ name: string;
4888
+ email: string | null;
4889
+ image: string;
4890
+ emailVerified: boolean;
4891
+ } | {
4892
+ id: string;
4893
+ name: string;
4894
+ email: string | null;
4895
+ image: string;
4896
+ emailVerified: boolean;
4897
+ };
4898
+ data: PayPalProfile;
4899
+ } | null>;
4900
+ options: PayPalOptions;
4901
+ };
4902
+
4903
+ /**
4904
+ * Zoom OAuth provider factory (Users API).
4905
+ *
4906
+ * @param userOptions - Client id/secret; PKCE defaults to enabled
4907
+ * @see https://developers.zoom.us/docs/integrations/oauth/
4908
+ */
4909
+ declare const zoom: (userOptions: ZoomOptions) => {
4910
+ id: "zoom";
4911
+ name: string;
4912
+ createAuthorizationURL: ({ state, redirectURI, codeVerifier }: {
4913
+ state: string;
4914
+ codeVerifier: string;
4915
+ scopes?: string[] | undefined;
4916
+ redirectURI: string;
4917
+ display?: string | undefined;
4918
+ loginHint?: string | undefined;
4919
+ }) => Promise<url.URL>;
4920
+ validateAuthorizationCode: ({ code, redirectURI, codeVerifier }: {
4921
+ code: string;
4922
+ redirectURI: string;
4923
+ codeVerifier?: string | undefined;
4924
+ deviceId?: string | undefined;
4925
+ }) => Promise<OAuth2Tokens>;
4926
+ refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
4927
+ getUserInfo(token: OAuth2Tokens & {
4928
+ user?: {
4929
+ name?: {
4930
+ firstName?: string;
4931
+ lastName?: string;
4932
+ };
4933
+ email?: string;
4934
+ } | undefined;
4935
+ }): Promise<{
4936
+ user: {
4937
+ id: string;
4938
+ name?: string;
4939
+ email?: string | null;
4940
+ image?: string;
4941
+ emailVerified: boolean;
4942
+ [key: string]: any;
4943
+ };
4944
+ data: any;
4945
+ } | null>;
4946
+ };
4947
+
4948
+ export { type AccountStatus, type AppleNonConformUser, type AppleOptions, type AppleProfile, type AthenaOptions, type AthenaProfile, type AtlassianOptions, type AtlassianProfile, type CognitoOptions, type CognitoProfile, type DiscordOptions, type DiscordProfile, type DropboxOptions, type DropboxProfile, type FacebookOptions, type FacebookProfile, type FigmaOptions, type FigmaProfile, type GithubOptions, type GithubProfile, type GitlabOptions, type GitlabProfile, type GoogleOptions, type GoogleProfile, type HuggingFaceOptions, type HuggingFaceProfile, type JwkLike, type KakaoOptions, type KakaoProfile, type KickOptions, type KickProfile, type LineIdTokenPayload, type LineOptions, type LineUserInfo, type LinearOptions, type LinearProfile, type LinearUser, type LinkedInOptions, type LinkedInProfile, type LoginType, MICROSOFT_CONSUMER_TENANT_ID, type MicrosoftEntraIDProfile, type MicrosoftOptions, type NaverOptions, type NaverProfile, type NotionOptions, type NotionProfile, type PayPalOptions, type PayPalProfile, type PayPalTokenResponse, type PaybinOptions, type PaybinProfile, type PhoneNumber, type PolarOptions, type PolarProfile, type PronounOption, type RailwayOptions, type RailwayProfile, type RedditOptions, type RedditProfile, type RobloxOptions, type RobloxProfile, type SalesforceOptions, type SalesforceProfile, type SlackOptions, type SlackProfile, type SocialProvider, type SocialProviderList, SocialProviderListEnum, type SocialProviders, type SpotifyOptions, type SpotifyProfile, type TiktokOptions, type TiktokProfile, type TwitchOptions, type TwitchProfile, type TwitterOption, type TwitterProfile, type VercelOptions, type VercelProfile, type VerifyGoogleIdTokenOptions, type VkOption, type VkProfile, type WeChatOptions, type WeChatProfile, type ZoomOptions, type ZoomProfile, apple, athena, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, getJwksPublicKey, getMicrosoftPublicKey, getPayPalPublicKey, github, gitlab, google, huggingface, isGoogleHostedDomainAllowed, kakao, kick, line, linear, linkedin, mergeScopes, microsoft, naver, notion, paybin, paypal, polar, railway, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, trimTrailingSlash, twitch, twitter, vercel, verifyFacebookAccessToken, verifyGoogleIdToken, vk, wechat, zoom };