convex-auth-battlenet 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Juan Hander
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,101 @@
+# convex-auth-battlenet
+
+Battle.net OAuth provider for [Convex Auth](https://labs.convex.dev/auth).
+
+## Installation
+
+```bash
+npm install convex-auth-battlenet
+# or
+bun add convex-auth-battlenet
+```
+
+## Setup
+
+### 1. Create a Battle.net Application
+
+1. Go to the [Battle.net Developer Portal](https://develop.battle.net/)
+2. Create a new application
+3. Set the redirect URI to `https://your-convex-site.convex.site/api/auth/callback/battlenet`
+4. Copy the Client ID and Client Secret
+
+### 2. Configure Environment Variables
+
+Add to your Convex environment (via dashboard or CLI):
+
+```bash
+AUTH_BATTLENET_ID=your_client_id
+AUTH_BATTLENET_SECRET=your_client_secret
+```
+
+### 3. Add to Convex Auth
+
+```typescript
+// convex/auth.ts
+import { convexAuth } from "@convex-dev/auth/server";
+import { BattleNet } from "convex-auth-battlenet";
+
+export const { auth, signIn, signOut, store } = convexAuth({
+  providers: [BattleNet()],
+});
+```
+
+That's it! No custom schema or callbacks required.
+
+## Configuration Options
+
+```typescript
+BattleNet({
+  // OAuth issuer URL (for China region use "https://oauth.battlenet.com.cn")
+  // Default: "https://oauth.battle.net"
+  issuer: "https://oauth.battlenet.com.cn",
+
+  // Override client credentials (optional, reads from env vars by default)
+  clientId: "your_client_id",
+  clientSecret: "your_client_secret",
+});
+```
+
+## Frontend Usage
+
+```tsx
+import { useAuthActions } from "@convex-dev/auth/react";
+
+function LoginButton() {
+  const { signIn } = useAuthActions();
+
+  return (
+    <button onClick={() => signIn("battlenet")}>
+      Sign in with Battle.net
+    </button>
+  );
+}
+```
+
+## User Profile
+
+The provider maps the Battle.net profile to:
+
+| Field | Source |
+|-------|--------|
+| `id` | `sub` (unique identifier) |
+| `name` | `battletag` (e.g., "Player#1234") |
+| `email` | Synthetic email (`{sub}@battlenet.oauth`) |
+
+> **Note:** Battle.net doesn't provide real email addresses. A synthetic email is generated for Convex Auth compatibility. This email cannot receive messages.
+
+## TypeScript
+
+Full TypeScript support with exported types:
+
+```typescript
+import type {
+  BattleNetConfig,
+  BattleNetProfile,
+  BattleNetIssuer,
+} from "convex-auth-battlenet";
+```
+
+## License
+
+MIT

package/dist/index.cjs

@@ -0,0 +1,61 @@
+'use strict';
+
+// src/provider.ts
+var OAUTH_BASE = "https://oauth.battle.net";
+function BattleNet(config) {
+  const { issuer, clientId, clientSecret, ...rest } = config ?? {};
+  const base = issuer ?? OAUTH_BASE;
+  return {
+    id: "battlenet",
+    name: "Battle.net",
+    type: "oauth",
+    clientId: clientId ?? process.env.AUTH_BATTLENET_ID,
+    clientSecret: clientSecret ?? process.env.AUTH_BATTLENET_SECRET,
+    authorization: {
+      url: `${base}/authorize`,
+      params: { scope: "openid" }
+    },
+    token: {
+      url: `${base}/token`,
+      async conform(response) {
+        const data = await response.json();
+        delete data.id_token;
+        return new Response(JSON.stringify(data), {
+          status: response.status,
+          headers: { "Content-Type": "application/json" }
+        });
+      }
+    },
+    userinfo: {
+      url: `${base}/userinfo`,
+      async request({ tokens }) {
+        const response = await fetch(`${base}/userinfo`, {
+          headers: {
+            Authorization: `Bearer ${tokens.access_token}`,
+            Accept: "application/json"
+          }
+        });
+        if (!response.ok) {
+          throw new Error(`Userinfo request failed: ${response.status}`);
+        }
+        return response.json();
+      }
+    },
+    checks: ["state", "pkce"],
+    client: { token_endpoint_auth_method: "client_secret_post" },
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: profile.battletag ?? profile.battle_tag,
+        // Synthetic email for Convex Auth compatibility (Battle.net doesn't provide emails)
+        email: `${profile.sub}@battlenet.oauth`
+      };
+    },
+    style: { bg: "#148eff", text: "#fff" },
+    ...rest
+  };
+}
+
+exports.BattleNet = BattleNet;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/provider.ts"],"names":[],"mappings":";;;AAGA,IAAM,UAAA,GAAa,0BAAA;AAqBZ,SAAS,UACd,MAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,QAAQ,QAAA,EAAU,YAAA,EAAc,GAAG,IAAA,EAAK,GAAI,UAAU,EAAC;AAC/D,EAAA,MAAM,OAAO,MAAA,IAAU,UAAA;AAEvB,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,WAAA;AAAA,IACJ,IAAA,EAAM,YAAA;AAAA,IACN,IAAA,EAAM,OAAA;AAAA,IACN,QAAA,EAAU,QAAA,IAAY,OAAA,CAAQ,GAAA,CAAI,iBAAA;AAAA,IAClC,YAAA,EAAc,YAAA,IAAgB,OAAA,CAAQ,GAAA,CAAI,qBAAA;AAAA,IAC1C,aAAA,EAAe;AAAA,MACb,GAAA,EAAK,GAAG,IAAI,CAAA,UAAA,CAAA;AAAA,MACZ,MAAA,EAAQ,EAAE,KAAA,EAAO,QAAA;AAAS,KAC5B;AAAA,IACA,KAAA,EAAO;AAAA,MACL,GAAA,EAAK,GAAG,IAAI,CAAA,MAAA,CAAA;AAAA,MACZ,MAAM,QAAQ,QAAA,EAAoB;AAehC,QAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,QAAA,OAAO,IAAA,CAAK,QAAA;AACZ,QAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,UACxC,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAAA,KACF;AAAA,IACA,QAAA,EAAU;AAAA,MACR,GAAA,EAAK,GAAG,IAAI,CAAA,SAAA,CAAA;AAAA,MACZ,MAAM,OAAA,CAAQ,EAAE,MAAA,EAAO,EAA0C;AAC/D,QAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,CAAA,EAAG,IAAI,CAAA,SAAA,CAAA,EAAa;AAAA,UAC/C,OAAA,EAAS;AAAA,YACP,aAAA,EAAe,CAAA,OAAA,EAAU,MAAA,CAAO,YAAY,CAAA,CAAA;AAAA,YAC5C,MAAA,EAAQ;AAAA;AACV,SACD,CAAA;AACD,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,QAAA,CAAS,MAAM,CAAA,CAAE,CAAA;AAAA,QAC/D;AACA,QAAA,OAAO,SAAS,IAAA,EAAK;AAAA,MACvB;AAAA,KACF;AAAA,IACA,MAAA,EAAQ,CAAC,OAAA,EAAS,MAAM,CAAA;AAAA,IACxB,MAAA,EAAQ,EAAE,0BAAA,EAA4B,oBAAA,EAAqB;AAAA,IAC3D,QAAQ,OAAA,EAA2B;AACjC,MAAA,OAAO;AAAA,QACL,IAAI,OAAA,CAAQ,GAAA;AAAA,QACZ,IAAA,EAAM,OAAA,CAAQ,SAAA,IAAa,OAAA,CAAQ,UAAA;AAAA;AAAA,QAEnC,KAAA,EAAO,CAAA,EAAG,OAAA,CAAQ,GAAG,CAAA,gBAAA;AAAA,OACvB;AAAA,IACF,CAAA;AAAA,IACA,KAAA,EAAO,EAAE,EAAA,EAAI,SAAA,EAAW,MAAM,MAAA,EAAO;AAAA,IACrC,GAAG;AAAA,GACL;AACF","file":"index.cjs","sourcesContent":["import type { OAuthConfig, OAuthUserConfig } from \"@auth/core/providers\";\nimport type { BattleNetConfig, BattleNetProfile } from \"./types.js\";\n\nconst OAUTH_BASE = \"https://oauth.battle.net\";\n\n/**\n * Battle.net OAuth provider for Convex Auth\n *\n * Works out-of-the-box with Convex Auth's default schema. Since Battle.net\n * doesn't provide email addresses, a synthetic email is generated using\n * the user's unique ID (e.g., \"12345@battlenet.oauth\").\n *\n * @example\n * ```ts\n * import { convexAuth } from \"@convex-dev/auth/server\";\n * import { BattleNet } from \"convex-auth-battlenet\";\n *\n * export const { auth, signIn, signOut, store } = convexAuth({\n *   providers: [BattleNet()],\n * });\n * ```\n *\n * @see https://develop.battle.net/documentation/guides/using-oauth\n */\nexport function BattleNet(\n  config?: BattleNetConfig & Partial<OAuthUserConfig<BattleNetProfile>>\n): OAuthConfig<BattleNetProfile> {\n  const { issuer, clientId, clientSecret, ...rest } = config ?? {};\n  const base = issuer ?? OAUTH_BASE;\n\n  return {\n    id: \"battlenet\",\n    name: \"Battle.net\",\n    type: \"oauth\",\n    clientId: clientId ?? process.env.AUTH_BATTLENET_ID,\n    clientSecret: clientSecret ?? process.env.AUTH_BATTLENET_SECRET,\n    authorization: {\n      url: `${base}/authorize`,\n      params: { scope: \"openid\" },\n    },\n    token: {\n      url: `${base}/token`,\n      async conform(response: Response) {\n        /**\n         * Battle.net returns an id_token even though we only request the \"openid\" scope.\n         * The oauth4webapi library (used by @auth/core) performs strict nonce validation\n         * on id_tokens, but Battle.net's id_token doesn't always pass this validation.\n         *\n         * Since we're using the OAuth 2.0 authorization code flow (not pure OIDC),\n         * we don't need the id_token - we fetch user info directly from the userinfo\n         * endpoint using the access_token instead.\n         *\n         * This is a safe workaround because:\n         * 1. We use PKCE + state for request validation\n         * 2. User identity is verified via the userinfo endpoint\n         * 3. The access_token is sufficient for our authentication needs\n         */\n        const data = await response.json();\n        delete data.id_token;\n        return new Response(JSON.stringify(data), {\n          status: response.status,\n          headers: { \"Content-Type\": \"application/json\" },\n        });\n      },\n    },\n    userinfo: {\n      url: `${base}/userinfo`,\n      async request({ tokens }: { tokens: { access_token?: string } }) {\n        const response = await fetch(`${base}/userinfo`, {\n          headers: {\n            Authorization: `Bearer ${tokens.access_token}`,\n            Accept: \"application/json\",\n          },\n        });\n        if (!response.ok) {\n          throw new Error(`Userinfo request failed: ${response.status}`);\n        }\n        return response.json();\n      },\n    },\n    checks: [\"state\", \"pkce\"],\n    client: { token_endpoint_auth_method: \"client_secret_post\" },\n    profile(profile: BattleNetProfile) {\n      return {\n        id: profile.sub,\n        name: profile.battletag ?? profile.battle_tag,\n        // Synthetic email for Convex Auth compatibility (Battle.net doesn't provide emails)\n        email: `${profile.sub}@battlenet.oauth`,\n      };\n    },\n    style: { bg: \"#148eff\", text: \"#fff\" },\n    ...rest,\n  } as OAuthConfig<BattleNetProfile>;\n}\n"]}

package/dist/index.d.cts

@@ -0,0 +1,60 @@
+import { OAuthUserConfig, OAuthConfig } from '@auth/core/providers';
+
+/**
+ * Battle.net OAuth issuer URLs
+ * - Global: https://oauth.battle.net
+ * - China: https://oauth.battlenet.com.cn
+ */
+type BattleNetIssuer = "https://oauth.battle.net" | "https://oauth.battlenet.com.cn";
+/**
+ * Battle.net user profile from the userinfo endpoint
+ */
+interface BattleNetProfile extends Record<string, unknown> {
+    /** Unique user identifier */
+    sub: string;
+    /** BattleTag (e.g., "Player#1234") */
+    battletag?: string;
+    /** Alternative BattleTag field name */
+    battle_tag?: string;
+}
+/**
+ * Configuration options for the BattleNet provider
+ */
+interface BattleNetConfig {
+    /**
+     * OAuth issuer URL
+     * @default "https://oauth.battle.net"
+     */
+    issuer?: BattleNetIssuer;
+    /**
+     * OAuth client ID (falls back to AUTH_BATTLENET_ID env var)
+     */
+    clientId?: string;
+    /**
+     * OAuth client secret (falls back to AUTH_BATTLENET_SECRET env var)
+     */
+    clientSecret?: string;
+}
+
+/**
+ * Battle.net OAuth provider for Convex Auth
+ *
+ * Works out-of-the-box with Convex Auth's default schema. Since Battle.net
+ * doesn't provide email addresses, a synthetic email is generated using
+ * the user's unique ID (e.g., "12345@battlenet.oauth").
+ *
+ * @example
+ * ```ts
+ * import { convexAuth } from "@convex-dev/auth/server";
+ * import { BattleNet } from "convex-auth-battlenet";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [BattleNet()],
+ * });
+ * ```
+ *
+ * @see https://develop.battle.net/documentation/guides/using-oauth
+ */
+declare function BattleNet(config?: BattleNetConfig & Partial<OAuthUserConfig<BattleNetProfile>>): OAuthConfig<BattleNetProfile>;
+
+export { BattleNet, type BattleNetConfig, type BattleNetIssuer, type BattleNetProfile };

package/dist/index.d.ts

@@ -0,0 +1,60 @@
+import { OAuthUserConfig, OAuthConfig } from '@auth/core/providers';
+
+/**
+ * Battle.net OAuth issuer URLs
+ * - Global: https://oauth.battle.net
+ * - China: https://oauth.battlenet.com.cn
+ */
+type BattleNetIssuer = "https://oauth.battle.net" | "https://oauth.battlenet.com.cn";
+/**
+ * Battle.net user profile from the userinfo endpoint
+ */
+interface BattleNetProfile extends Record<string, unknown> {
+    /** Unique user identifier */
+    sub: string;
+    /** BattleTag (e.g., "Player#1234") */
+    battletag?: string;
+    /** Alternative BattleTag field name */
+    battle_tag?: string;
+}
+/**
+ * Configuration options for the BattleNet provider
+ */
+interface BattleNetConfig {
+    /**
+     * OAuth issuer URL
+     * @default "https://oauth.battle.net"
+     */
+    issuer?: BattleNetIssuer;
+    /**
+     * OAuth client ID (falls back to AUTH_BATTLENET_ID env var)
+     */
+    clientId?: string;
+    /**
+     * OAuth client secret (falls back to AUTH_BATTLENET_SECRET env var)
+     */
+    clientSecret?: string;
+}
+
+/**
+ * Battle.net OAuth provider for Convex Auth
+ *
+ * Works out-of-the-box with Convex Auth's default schema. Since Battle.net
+ * doesn't provide email addresses, a synthetic email is generated using
+ * the user's unique ID (e.g., "12345@battlenet.oauth").
+ *
+ * @example
+ * ```ts
+ * import { convexAuth } from "@convex-dev/auth/server";
+ * import { BattleNet } from "convex-auth-battlenet";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [BattleNet()],
+ * });
+ * ```
+ *
+ * @see https://develop.battle.net/documentation/guides/using-oauth
+ */
+declare function BattleNet(config?: BattleNetConfig & Partial<OAuthUserConfig<BattleNetProfile>>): OAuthConfig<BattleNetProfile>;
+
+export { BattleNet, type BattleNetConfig, type BattleNetIssuer, type BattleNetProfile };

package/dist/index.js

@@ -0,0 +1,59 @@
+// src/provider.ts
+var OAUTH_BASE = "https://oauth.battle.net";
+function BattleNet(config) {
+  const { issuer, clientId, clientSecret, ...rest } = config ?? {};
+  const base = issuer ?? OAUTH_BASE;
+  return {
+    id: "battlenet",
+    name: "Battle.net",
+    type: "oauth",
+    clientId: clientId ?? process.env.AUTH_BATTLENET_ID,
+    clientSecret: clientSecret ?? process.env.AUTH_BATTLENET_SECRET,
+    authorization: {
+      url: `${base}/authorize`,
+      params: { scope: "openid" }
+    },
+    token: {
+      url: `${base}/token`,
+      async conform(response) {
+        const data = await response.json();
+        delete data.id_token;
+        return new Response(JSON.stringify(data), {
+          status: response.status,
+          headers: { "Content-Type": "application/json" }
+        });
+      }
+    },
+    userinfo: {
+      url: `${base}/userinfo`,
+      async request({ tokens }) {
+        const response = await fetch(`${base}/userinfo`, {
+          headers: {
+            Authorization: `Bearer ${tokens.access_token}`,
+            Accept: "application/json"
+          }
+        });
+        if (!response.ok) {
+          throw new Error(`Userinfo request failed: ${response.status}`);
+        }
+        return response.json();
+      }
+    },
+    checks: ["state", "pkce"],
+    client: { token_endpoint_auth_method: "client_secret_post" },
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: profile.battletag ?? profile.battle_tag,
+        // Synthetic email for Convex Auth compatibility (Battle.net doesn't provide emails)
+        email: `${profile.sub}@battlenet.oauth`
+      };
+    },
+    style: { bg: "#148eff", text: "#fff" },
+    ...rest
+  };
+}
+
+export { BattleNet };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/provider.ts"],"names":[],"mappings":";AAGA,IAAM,UAAA,GAAa,0BAAA;AAqBZ,SAAS,UACd,MAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,QAAQ,QAAA,EAAU,YAAA,EAAc,GAAG,IAAA,EAAK,GAAI,UAAU,EAAC;AAC/D,EAAA,MAAM,OAAO,MAAA,IAAU,UAAA;AAEvB,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,WAAA;AAAA,IACJ,IAAA,EAAM,YAAA;AAAA,IACN,IAAA,EAAM,OAAA;AAAA,IACN,QAAA,EAAU,QAAA,IAAY,OAAA,CAAQ,GAAA,CAAI,iBAAA;AAAA,IAClC,YAAA,EAAc,YAAA,IAAgB,OAAA,CAAQ,GAAA,CAAI,qBAAA;AAAA,IAC1C,aAAA,EAAe;AAAA,MACb,GAAA,EAAK,GAAG,IAAI,CAAA,UAAA,CAAA;AAAA,MACZ,MAAA,EAAQ,EAAE,KAAA,EAAO,QAAA;AAAS,KAC5B;AAAA,IACA,KAAA,EAAO;AAAA,MACL,GAAA,EAAK,GAAG,IAAI,CAAA,MAAA,CAAA;AAAA,MACZ,MAAM,QAAQ,QAAA,EAAoB;AAehC,QAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,QAAA,OAAO,IAAA,CAAK,QAAA;AACZ,QAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,UACxC,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAAA,KACF;AAAA,IACA,QAAA,EAAU;AAAA,MACR,GAAA,EAAK,GAAG,IAAI,CAAA,SAAA,CAAA;AAAA,MACZ,MAAM,OAAA,CAAQ,EAAE,MAAA,EAAO,EAA0C;AAC/D,QAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,CAAA,EAAG,IAAI,CAAA,SAAA,CAAA,EAAa;AAAA,UAC/C,OAAA,EAAS;AAAA,YACP,aAAA,EAAe,CAAA,OAAA,EAAU,MAAA,CAAO,YAAY,CAAA,CAAA;AAAA,YAC5C,MAAA,EAAQ;AAAA;AACV,SACD,CAAA;AACD,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,QAAA,CAAS,MAAM,CAAA,CAAE,CAAA;AAAA,QAC/D;AACA,QAAA,OAAO,SAAS,IAAA,EAAK;AAAA,MACvB;AAAA,KACF;AAAA,IACA,MAAA,EAAQ,CAAC,OAAA,EAAS,MAAM,CAAA;AAAA,IACxB,MAAA,EAAQ,EAAE,0BAAA,EAA4B,oBAAA,EAAqB;AAAA,IAC3D,QAAQ,OAAA,EAA2B;AACjC,MAAA,OAAO;AAAA,QACL,IAAI,OAAA,CAAQ,GAAA;AAAA,QACZ,IAAA,EAAM,OAAA,CAAQ,SAAA,IAAa,OAAA,CAAQ,UAAA;AAAA;AAAA,QAEnC,KAAA,EAAO,CAAA,EAAG,OAAA,CAAQ,GAAG,CAAA,gBAAA;AAAA,OACvB;AAAA,IACF,CAAA;AAAA,IACA,KAAA,EAAO,EAAE,EAAA,EAAI,SAAA,EAAW,MAAM,MAAA,EAAO;AAAA,IACrC,GAAG;AAAA,GACL;AACF","file":"index.js","sourcesContent":["import type { OAuthConfig, OAuthUserConfig } from \"@auth/core/providers\";\nimport type { BattleNetConfig, BattleNetProfile } from \"./types.js\";\n\nconst OAUTH_BASE = \"https://oauth.battle.net\";\n\n/**\n * Battle.net OAuth provider for Convex Auth\n *\n * Works out-of-the-box with Convex Auth's default schema. Since Battle.net\n * doesn't provide email addresses, a synthetic email is generated using\n * the user's unique ID (e.g., \"12345@battlenet.oauth\").\n *\n * @example\n * ```ts\n * import { convexAuth } from \"@convex-dev/auth/server\";\n * import { BattleNet } from \"convex-auth-battlenet\";\n *\n * export const { auth, signIn, signOut, store } = convexAuth({\n *   providers: [BattleNet()],\n * });\n * ```\n *\n * @see https://develop.battle.net/documentation/guides/using-oauth\n */\nexport function BattleNet(\n  config?: BattleNetConfig & Partial<OAuthUserConfig<BattleNetProfile>>\n): OAuthConfig<BattleNetProfile> {\n  const { issuer, clientId, clientSecret, ...rest } = config ?? {};\n  const base = issuer ?? OAUTH_BASE;\n\n  return {\n    id: \"battlenet\",\n    name: \"Battle.net\",\n    type: \"oauth\",\n    clientId: clientId ?? process.env.AUTH_BATTLENET_ID,\n    clientSecret: clientSecret ?? process.env.AUTH_BATTLENET_SECRET,\n    authorization: {\n      url: `${base}/authorize`,\n      params: { scope: \"openid\" },\n    },\n    token: {\n      url: `${base}/token`,\n      async conform(response: Response) {\n        /**\n         * Battle.net returns an id_token even though we only request the \"openid\" scope.\n         * The oauth4webapi library (used by @auth/core) performs strict nonce validation\n         * on id_tokens, but Battle.net's id_token doesn't always pass this validation.\n         *\n         * Since we're using the OAuth 2.0 authorization code flow (not pure OIDC),\n         * we don't need the id_token - we fetch user info directly from the userinfo\n         * endpoint using the access_token instead.\n         *\n         * This is a safe workaround because:\n         * 1. We use PKCE + state for request validation\n         * 2. User identity is verified via the userinfo endpoint\n         * 3. The access_token is sufficient for our authentication needs\n         */\n        const data = await response.json();\n        delete data.id_token;\n        return new Response(JSON.stringify(data), {\n          status: response.status,\n          headers: { \"Content-Type\": \"application/json\" },\n        });\n      },\n    },\n    userinfo: {\n      url: `${base}/userinfo`,\n      async request({ tokens }: { tokens: { access_token?: string } }) {\n        const response = await fetch(`${base}/userinfo`, {\n          headers: {\n            Authorization: `Bearer ${tokens.access_token}`,\n            Accept: \"application/json\",\n          },\n        });\n        if (!response.ok) {\n          throw new Error(`Userinfo request failed: ${response.status}`);\n        }\n        return response.json();\n      },\n    },\n    checks: [\"state\", \"pkce\"],\n    client: { token_endpoint_auth_method: \"client_secret_post\" },\n    profile(profile: BattleNetProfile) {\n      return {\n        id: profile.sub,\n        name: profile.battletag ?? profile.battle_tag,\n        // Synthetic email for Convex Auth compatibility (Battle.net doesn't provide emails)\n        email: `${profile.sub}@battlenet.oauth`,\n      };\n    },\n    style: { bg: \"#148eff\", text: \"#fff\" },\n    ...rest,\n  } as OAuthConfig<BattleNetProfile>;\n}\n"]}

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "convex-auth-battlenet",
+  "version": "0.1.0",
+  "description": "Battle.net OAuth provider for Convex Auth",
+  "author": "Juan Hander",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "bun test",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "bun run build && bun run test"
+  },
+  "keywords": [
+    "convex",
+    "auth",
+    "battlenet",
+    "battle.net",
+    "blizzard",
+    "oauth",
+    "authentication"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/juanhander/convex-auth-battlenet"
+  },
+  "peerDependencies": {
+    "@auth/core": ">=0.35.0",
+    "@convex-dev/auth": ">=0.0.71"
+  },
+  "devDependencies": {
+    "@auth/core": "^0.37.0",
+    "@convex-dev/auth": "^0.0.80",
+    "@types/bun": "^1.3.6",
+    "tsup": "^8.4.0",
+    "typescript": "^5.9.3"
+  }
+}