recker 1.0.20-next.de24f7d → 1.0.20-next.e194d90

package/dist/plugins/auth/firebase.js

@@ -0,0 +1,195 @@
+import { createSign, createPrivateKey } from 'node:crypto';
+export function createFirebaseCustomToken(serviceAccount, uid, claims) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = {
+        alg: 'RS256',
+        typ: 'JWT',
+    };
+    const payload = {
+        iss: serviceAccount.client_email,
+        sub: serviceAccount.client_email,
+        aud: 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',
+        iat: now,
+        exp: now + 3600,
+        uid,
+        claims,
+    };
+    const encodedHeader = Buffer.from(JSON.stringify(header)).toString('base64url');
+    const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64url');
+    const signatureInput = `${encodedHeader}.${encodedPayload}`;
+    const privateKey = createPrivateKey(serviceAccount.private_key);
+    const sign = createSign('RSA-SHA256');
+    sign.update(signatureInput);
+    const signature = sign.sign(privateKey, 'base64url');
+    return `${signatureInput}.${signature}`;
+}
+async function getServiceAccountAccessToken(serviceAccount, scopes = ['https://www.googleapis.com/auth/cloud-platform', 'https://www.googleapis.com/auth/firebase']) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = {
+        alg: 'RS256',
+        typ: 'JWT',
+    };
+    const payload = {
+        iss: serviceAccount.client_email,
+        sub: serviceAccount.client_email,
+        aud: serviceAccount.token_uri,
+        iat: now,
+        exp: now + 3600,
+        scope: scopes.join(' '),
+    };
+    const encodedHeader = Buffer.from(JSON.stringify(header)).toString('base64url');
+    const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64url');
+    const signatureInput = `${encodedHeader}.${encodedPayload}`;
+    const privateKey = createPrivateKey(serviceAccount.private_key);
+    const sign = createSign('RSA-SHA256');
+    sign.update(signatureInput);
+    const signature = sign.sign(privateKey, 'base64url');
+    const jwt = `${signatureInput}.${signature}`;
+    const response = await fetch(serviceAccount.token_uri, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+            assertion: jwt,
+        }).toString(),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Failed to get Firebase access token: ${error}`);
+    }
+    const data = await response.json();
+    return {
+        accessToken: data.access_token,
+        expiresAt: Date.now() + data.expires_in * 1000,
+    };
+}
+async function exchangeCustomTokenForIdToken(apiKey, customToken) {
+    const response = await fetch(`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+            token: customToken,
+            returnSecureToken: true,
+        }),
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to exchange custom token: ${error.error.message}`);
+    }
+    const data = await response.json();
+    return {
+        idToken: data.idToken,
+        refreshToken: data.refreshToken,
+        expiresAt: Date.now() + parseInt(data.expiresIn, 10) * 1000,
+    };
+}
+async function refreshFirebaseToken(apiKey, refreshToken) {
+    const response = await fetch(`https://securetoken.googleapis.com/v1/token?key=${apiKey}`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            grant_type: 'refresh_token',
+            refresh_token: refreshToken,
+        }).toString(),
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to refresh token: ${error.error.message}`);
+    }
+    const data = await response.json();
+    return {
+        idToken: data.id_token,
+        refreshToken: data.refresh_token,
+        expiresAt: Date.now() + parseInt(data.expires_in, 10) * 1000,
+    };
+}
+export async function verifyFirebaseIdToken(projectId, idToken) {
+    const [, payloadB64] = idToken.split('.');
+    const payload = JSON.parse(Buffer.from(payloadB64, 'base64url').toString());
+    if (payload.iss !== `https://securetoken.google.com/${projectId}`) {
+        throw new Error('Invalid token issuer');
+    }
+    if (payload.aud !== projectId) {
+        throw new Error('Invalid token audience');
+    }
+    if (payload.exp < Date.now() / 1000) {
+        throw new Error('Token expired');
+    }
+    return payload;
+}
+export function firebase(options) {
+    let cachedTokens = null;
+    let serviceAccountToken = null;
+    const getToken = async () => {
+        if (options.tokenStorage) {
+            const stored = await options.tokenStorage.get();
+            if (stored) {
+                cachedTokens = stored;
+            }
+        }
+        if (cachedTokens && cachedTokens.expiresAt && cachedTokens.expiresAt > Date.now() + 60000) {
+            return cachedTokens.idToken;
+        }
+        if (cachedTokens?.refreshToken && options.apiKey) {
+            try {
+                cachedTokens = await refreshFirebaseToken(options.apiKey, cachedTokens.refreshToken);
+                if (options.tokenStorage) {
+                    await options.tokenStorage.set(cachedTokens);
+                }
+                return cachedTokens.idToken;
+            }
+            catch {
+            }
+        }
+        if (options.idToken) {
+            const token = typeof options.idToken === 'function'
+                ? await options.idToken()
+                : options.idToken;
+            return token;
+        }
+        if (options.serviceAccount) {
+            if (!serviceAccountToken || serviceAccountToken.expiresAt < Date.now() + 60000) {
+                serviceAccountToken = await getServiceAccountAccessToken(options.serviceAccount);
+            }
+            return serviceAccountToken.accessToken;
+        }
+        if (options.customToken && options.apiKey) {
+            cachedTokens = await exchangeCustomTokenForIdToken(options.apiKey, options.customToken);
+            if (options.tokenStorage) {
+                await options.tokenStorage.set(cachedTokens);
+            }
+            return cachedTokens.idToken;
+        }
+        throw new Error('No valid authentication method. Provide idToken, serviceAccount, or customToken with apiKey.');
+    };
+    return async (req, next) => {
+        const token = await getToken();
+        const authReq = req.withHeader('Authorization', `Bearer ${token}`);
+        const response = await next(authReq);
+        if (response.status === 401 && cachedTokens?.refreshToken && options.apiKey) {
+            try {
+                cachedTokens = await refreshFirebaseToken(options.apiKey, cachedTokens.refreshToken);
+                if (options.tokenStorage) {
+                    await options.tokenStorage.set(cachedTokens);
+                }
+                const retryReq = req.withHeader('Authorization', `Bearer ${cachedTokens.idToken}`);
+                return next(retryReq);
+            }
+            catch {
+                return response;
+            }
+        }
+        return response;
+    };
+}
+export function firebasePlugin(options) {
+    return (client) => {
+        client.use(firebase(options));
+    };
+}

package/dist/plugins/auth/github-app.d.ts

@@ -0,0 +1,36 @@
+import { Middleware, Plugin } from '../../types/index.js';
+export interface GitHubAppOptions {
+    appId: string | number;
+    privateKey: string;
+    installationId?: string | number;
+    permissions?: Record<string, 'read' | 'write'>;
+    repositoryIds?: number[];
+    repositories?: string[];
+    baseUrl?: string;
+    installationToken?: string | (() => string | Promise<string>);
+    tokenStorage?: {
+        get: () => Promise<GitHubInstallationToken | null>;
+        set: (token: GitHubInstallationToken) => Promise<void>;
+    };
+}
+export interface GitHubInstallationToken {
+    token: string;
+    expiresAt: number;
+    permissions?: Record<string, string>;
+    repositorySelection?: string;
+}
+declare function createGitHubAppJWT(appId: string | number, privateKey: string): string;
+export declare function listGitHubAppInstallations(appId: string | number, privateKey: string, baseUrl?: string): Promise<Array<{
+    id: number;
+    account: {
+        login: string;
+        type: string;
+    };
+    repository_selection: string;
+    permissions: Record<string, string>;
+}>>;
+export declare function getGitHubAppInstallationForRepo(appId: string | number, privateKey: string, owner: string, repo: string, baseUrl?: string): Promise<number>;
+export declare function getGitHubAppInfo(appId: string | number, privateKey: string, baseUrl?: string): Promise<Record<string, unknown>>;
+export declare function githubApp(options: GitHubAppOptions): Middleware;
+export declare function githubAppPlugin(options: GitHubAppOptions): Plugin;
+export { createGitHubAppJWT };

package/dist/plugins/auth/github-app.js

@@ -0,0 +1,170 @@
+import { createSign, createPrivateKey } from 'node:crypto';
+function createGitHubAppJWT(appId, privateKey) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = {
+        alg: 'RS256',
+        typ: 'JWT',
+    };
+    const payload = {
+        iat: now - 60,
+        exp: now + 600,
+        iss: appId.toString(),
+    };
+    const encodedHeader = Buffer.from(JSON.stringify(header)).toString('base64url');
+    const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64url');
+    const signatureInput = `${encodedHeader}.${encodedPayload}`;
+    const key = createPrivateKey(privateKey);
+    const sign = createSign('RSA-SHA256');
+    sign.update(signatureInput);
+    const signature = sign.sign(key, 'base64url');
+    return `${signatureInput}.${signature}`;
+}
+async function getInstallationToken(jwt, installationId, options) {
+    const baseUrl = options.baseUrl || 'https://api.github.com';
+    const url = `${baseUrl}/app/installations/${installationId}/access_tokens`;
+    const body = {};
+    if (options.permissions) {
+        body.permissions = options.permissions;
+    }
+    if (options.repositoryIds) {
+        body.repository_ids = options.repositoryIds;
+    }
+    if (options.repositories) {
+        body.repositories = options.repositories;
+    }
+    const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+            Authorization: `Bearer ${jwt}`,
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+            'Content-Type': 'application/json',
+        },
+        body: Object.keys(body).length > 0 ? JSON.stringify(body) : undefined,
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to get installation token: ${error.message}`);
+    }
+    const data = await response.json();
+    return {
+        token: data.token,
+        expiresAt: new Date(data.expires_at).getTime(),
+        permissions: data.permissions,
+        repositorySelection: data.repository_selection,
+    };
+}
+export async function listGitHubAppInstallations(appId, privateKey, baseUrl) {
+    const jwt = createGitHubAppJWT(appId, privateKey);
+    const url = `${baseUrl || 'https://api.github.com'}/app/installations`;
+    const response = await fetch(url, {
+        headers: {
+            Authorization: `Bearer ${jwt}`,
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+        },
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to list installations: ${error.message}`);
+    }
+    return response.json();
+}
+export async function getGitHubAppInstallationForRepo(appId, privateKey, owner, repo, baseUrl) {
+    const jwt = createGitHubAppJWT(appId, privateKey);
+    const url = `${baseUrl || 'https://api.github.com'}/repos/${owner}/${repo}/installation`;
+    const response = await fetch(url, {
+        headers: {
+            Authorization: `Bearer ${jwt}`,
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+        },
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to get installation: ${error.message}`);
+    }
+    const data = await response.json();
+    return data.id;
+}
+export async function getGitHubAppInfo(appId, privateKey, baseUrl) {
+    const jwt = createGitHubAppJWT(appId, privateKey);
+    const url = `${baseUrl || 'https://api.github.com'}/app`;
+    const response = await fetch(url, {
+        headers: {
+            Authorization: `Bearer ${jwt}`,
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+        },
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to get app info: ${error.message}`);
+    }
+    return response.json();
+}
+export function githubApp(options) {
+    let cachedToken = null;
+    const getToken = async () => {
+        if (options.installationToken) {
+            const token = typeof options.installationToken === 'function'
+                ? await options.installationToken()
+                : options.installationToken;
+            return token;
+        }
+        if (options.tokenStorage) {
+            const stored = await options.tokenStorage.get();
+            if (stored) {
+                cachedToken = stored;
+            }
+        }
+        if (cachedToken && cachedToken.expiresAt > Date.now() + 300000) {
+            return cachedToken.token;
+        }
+        if (!options.installationId) {
+            throw new Error('Installation ID is required for GitHub App authentication');
+        }
+        const jwt = createGitHubAppJWT(options.appId, options.privateKey);
+        cachedToken = await getInstallationToken(jwt, options.installationId, {
+            baseUrl: options.baseUrl,
+            permissions: options.permissions,
+            repositoryIds: options.repositoryIds,
+            repositories: options.repositories,
+        });
+        if (options.tokenStorage) {
+            await options.tokenStorage.set(cachedToken);
+        }
+        return cachedToken.token;
+    };
+    return async (req, next) => {
+        const token = await getToken();
+        let authReq = req.withHeader('Authorization', `Bearer ${token}`);
+        authReq = authReq.withHeader('Accept', 'application/vnd.github+json');
+        authReq = authReq.withHeader('X-GitHub-Api-Version', '2022-11-28');
+        const response = await next(authReq);
+        if (response.status === 401 && options.installationId) {
+            cachedToken = null;
+            const jwt = createGitHubAppJWT(options.appId, options.privateKey);
+            cachedToken = await getInstallationToken(jwt, options.installationId, {
+                baseUrl: options.baseUrl,
+                permissions: options.permissions,
+                repositoryIds: options.repositoryIds,
+                repositories: options.repositories,
+            });
+            if (options.tokenStorage) {
+                await options.tokenStorage.set(cachedToken);
+            }
+            let retryReq = req.withHeader('Authorization', `Bearer ${cachedToken.token}`);
+            retryReq = retryReq.withHeader('Accept', 'application/vnd.github+json');
+            retryReq = retryReq.withHeader('X-GitHub-Api-Version', '2022-11-28');
+            return next(retryReq);
+        }
+        return response;
+    };
+}
+export function githubAppPlugin(options) {
+    return (client) => {
+        client.use(githubApp(options));
+    };
+}
+export { createGitHubAppJWT };

package/dist/plugins/auth/google-service-account.d.ts

@@ -0,0 +1,49 @@
+import { Middleware, Plugin } from '../../types/index.js';
+export interface GoogleServiceAccountOptions {
+    credentials?: GoogleServiceAccountCredentials;
+    keyFile?: string;
+    scopes: string[];
+    subject?: string;
+    accessToken?: string | (() => string | Promise<string>);
+}
+export interface GoogleServiceAccountCredentials {
+    type: 'service_account';
+    project_id: string;
+    private_key_id: string;
+    private_key: string;
+    client_email: string;
+    client_id: string;
+    auth_uri: string;
+    token_uri: string;
+    auth_provider_x509_cert_url: string;
+    client_x509_cert_url: string;
+    universe_domain?: string;
+}
+export declare function getGoogleIdToken(credentials: GoogleServiceAccountCredentials, targetAudience: string): Promise<string>;
+export declare function googleServiceAccount(options: GoogleServiceAccountOptions): Middleware;
+export declare function googleServiceAccountPlugin(options: GoogleServiceAccountOptions): Plugin;
+export declare const GoogleScopes: {
+    readonly CLOUD_PLATFORM: "https://www.googleapis.com/auth/cloud-platform";
+    readonly CLOUD_PLATFORM_READ_ONLY: "https://www.googleapis.com/auth/cloud-platform.read-only";
+    readonly BIGQUERY: "https://www.googleapis.com/auth/bigquery";
+    readonly BIGQUERY_READ_ONLY: "https://www.googleapis.com/auth/bigquery.readonly";
+    readonly STORAGE_FULL: "https://www.googleapis.com/auth/devstorage.full_control";
+    readonly STORAGE_READ_WRITE: "https://www.googleapis.com/auth/devstorage.read_write";
+    readonly STORAGE_READ_ONLY: "https://www.googleapis.com/auth/devstorage.read_only";
+    readonly COMPUTE: "https://www.googleapis.com/auth/compute";
+    readonly COMPUTE_READ_ONLY: "https://www.googleapis.com/auth/compute.readonly";
+    readonly PUBSUB: "https://www.googleapis.com/auth/pubsub";
+    readonly DATASTORE: "https://www.googleapis.com/auth/datastore";
+    readonly FIRESTORE: "https://www.googleapis.com/auth/datastore";
+    readonly FIREBASE: "https://www.googleapis.com/auth/firebase";
+    readonly DRIVE: "https://www.googleapis.com/auth/drive";
+    readonly DRIVE_READ_ONLY: "https://www.googleapis.com/auth/drive.readonly";
+    readonly GMAIL_SEND: "https://www.googleapis.com/auth/gmail.send";
+    readonly GMAIL_READ_ONLY: "https://www.googleapis.com/auth/gmail.readonly";
+    readonly CALENDAR: "https://www.googleapis.com/auth/calendar";
+    readonly CALENDAR_READ_ONLY: "https://www.googleapis.com/auth/calendar.readonly";
+    readonly SHEETS: "https://www.googleapis.com/auth/spreadsheets";
+    readonly SHEETS_READ_ONLY: "https://www.googleapis.com/auth/spreadsheets.readonly";
+    readonly ADMIN_DIRECTORY_USER: "https://www.googleapis.com/auth/admin.directory.user";
+    readonly ADMIN_DIRECTORY_GROUP: "https://www.googleapis.com/auth/admin.directory.group";
+};

package/dist/plugins/auth/google-service-account.js

@@ -0,0 +1,172 @@
+import { createSign, createPrivateKey } from 'node:crypto';
+function createServiceAccountJWT(credentials, scopes, subject) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = {
+        alg: 'RS256',
+        typ: 'JWT',
+        kid: credentials.private_key_id,
+    };
+    const payload = {
+        iss: credentials.client_email,
+        aud: credentials.token_uri,
+        iat: now,
+        exp: now + 3600,
+        scope: scopes.join(' '),
+    };
+    if (subject) {
+        payload.sub = subject;
+    }
+    const encodedHeader = Buffer.from(JSON.stringify(header)).toString('base64url');
+    const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64url');
+    const signatureInput = `${encodedHeader}.${encodedPayload}`;
+    const privateKey = createPrivateKey(credentials.private_key);
+    const sign = createSign('RSA-SHA256');
+    sign.update(signatureInput);
+    const signature = sign.sign(privateKey, 'base64url');
+    return `${signatureInput}.${signature}`;
+}
+async function exchangeJWTForAccessToken(credentials, jwt) {
+    const response = await fetch(credentials.token_uri, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+            assertion: jwt,
+        }).toString(),
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to get access token: ${error.error_description || error.error}`);
+    }
+    const data = await response.json();
+    return {
+        accessToken: data.access_token,
+        expiresAt: Date.now() + data.expires_in * 1000,
+    };
+}
+export async function getGoogleIdToken(credentials, targetAudience) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = {
+        alg: 'RS256',
+        typ: 'JWT',
+        kid: credentials.private_key_id,
+    };
+    const payload = {
+        iss: credentials.client_email,
+        aud: credentials.token_uri,
+        iat: now,
+        exp: now + 3600,
+        target_audience: targetAudience,
+    };
+    const encodedHeader = Buffer.from(JSON.stringify(header)).toString('base64url');
+    const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64url');
+    const signatureInput = `${encodedHeader}.${encodedPayload}`;
+    const privateKey = createPrivateKey(credentials.private_key);
+    const sign = createSign('RSA-SHA256');
+    sign.update(signatureInput);
+    const signature = sign.sign(privateKey, 'base64url');
+    const jwt = `${signatureInput}.${signature}`;
+    const response = await fetch(credentials.token_uri, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+            assertion: jwt,
+        }).toString(),
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(`Failed to get ID token: ${error.error_description || error.error}`);
+    }
+    const data = await response.json();
+    return data.id_token;
+}
+async function loadCredentialsFromFile(keyFile) {
+    const fs = await import('node:fs/promises');
+    const content = await fs.readFile(keyFile, 'utf-8');
+    return JSON.parse(content);
+}
+export function googleServiceAccount(options) {
+    let cachedToken = null;
+    let credentialsLoaded = null;
+    const getCredentials = async () => {
+        if (credentialsLoaded) {
+            return credentialsLoaded;
+        }
+        if (options.credentials) {
+            credentialsLoaded = options.credentials;
+            return credentialsLoaded;
+        }
+        if (options.keyFile) {
+            credentialsLoaded = await loadCredentialsFromFile(options.keyFile);
+            return credentialsLoaded;
+        }
+        const adcPath = process.env.GOOGLE_APPLICATION_CREDENTIALS;
+        if (adcPath) {
+            credentialsLoaded = await loadCredentialsFromFile(adcPath);
+            return credentialsLoaded;
+        }
+        throw new Error('No credentials provided. Set credentials, keyFile, or GOOGLE_APPLICATION_CREDENTIALS environment variable.');
+    };
+    const getAccessToken = async () => {
+        if (options.accessToken) {
+            const token = typeof options.accessToken === 'function'
+                ? await options.accessToken()
+                : options.accessToken;
+            return token;
+        }
+        if (cachedToken && cachedToken.expiresAt > Date.now() + 60000) {
+            return cachedToken.accessToken;
+        }
+        const credentials = await getCredentials();
+        const jwt = createServiceAccountJWT(credentials, options.scopes, options.subject);
+        cachedToken = await exchangeJWTForAccessToken(credentials, jwt);
+        return cachedToken.accessToken;
+    };
+    return async (req, next) => {
+        const token = await getAccessToken();
+        const authReq = req.withHeader('Authorization', `Bearer ${token}`);
+        const response = await next(authReq);
+        if (response.status === 401) {
+            cachedToken = null;
+            const newToken = await getAccessToken();
+            const retryReq = req.withHeader('Authorization', `Bearer ${newToken}`);
+            return next(retryReq);
+        }
+        return response;
+    };
+}
+export function googleServiceAccountPlugin(options) {
+    return (client) => {
+        client.use(googleServiceAccount(options));
+    };
+}
+export const GoogleScopes = {
+    CLOUD_PLATFORM: 'https://www.googleapis.com/auth/cloud-platform',
+    CLOUD_PLATFORM_READ_ONLY: 'https://www.googleapis.com/auth/cloud-platform.read-only',
+    BIGQUERY: 'https://www.googleapis.com/auth/bigquery',
+    BIGQUERY_READ_ONLY: 'https://www.googleapis.com/auth/bigquery.readonly',
+    STORAGE_FULL: 'https://www.googleapis.com/auth/devstorage.full_control',
+    STORAGE_READ_WRITE: 'https://www.googleapis.com/auth/devstorage.read_write',
+    STORAGE_READ_ONLY: 'https://www.googleapis.com/auth/devstorage.read_only',
+    COMPUTE: 'https://www.googleapis.com/auth/compute',
+    COMPUTE_READ_ONLY: 'https://www.googleapis.com/auth/compute.readonly',
+    PUBSUB: 'https://www.googleapis.com/auth/pubsub',
+    DATASTORE: 'https://www.googleapis.com/auth/datastore',
+    FIRESTORE: 'https://www.googleapis.com/auth/datastore',
+    FIREBASE: 'https://www.googleapis.com/auth/firebase',
+    DRIVE: 'https://www.googleapis.com/auth/drive',
+    DRIVE_READ_ONLY: 'https://www.googleapis.com/auth/drive.readonly',
+    GMAIL_SEND: 'https://www.googleapis.com/auth/gmail.send',
+    GMAIL_READ_ONLY: 'https://www.googleapis.com/auth/gmail.readonly',
+    CALENDAR: 'https://www.googleapis.com/auth/calendar',
+    CALENDAR_READ_ONLY: 'https://www.googleapis.com/auth/calendar.readonly',
+    SHEETS: 'https://www.googleapis.com/auth/spreadsheets',
+    SHEETS_READ_ONLY: 'https://www.googleapis.com/auth/spreadsheets.readonly',
+    ADMIN_DIRECTORY_USER: 'https://www.googleapis.com/auth/admin.directory.user',
+    ADMIN_DIRECTORY_GROUP: 'https://www.googleapis.com/auth/admin.directory.group',
+};

package/dist/plugins/auth/index.d.ts

@@ -0,0 +1,15 @@
+export { basicAuth, basicAuthPlugin, type BasicAuthOptions, } from './basic.js';
+export { bearerAuth, bearerAuthPlugin, type BearerAuthOptions, } from './bearer.js';
+export { apiKeyAuth, apiKeyAuthPlugin, type ApiKeyAuthOptions, } from './api-key.js';
+export { digestAuth, digestAuthPlugin, type DigestAuthOptions, } from './digest.js';
+export { oauth2, oauth2Plugin, type OAuth2Options, } from './oauth2.js';
+export { awsSignatureV4, awsSignatureV4Plugin, type AWSSignatureV4Options, } from './aws-sigv4.js';
+export { oidc, oidcPlugin, generatePKCE, generateAuthorizationUrl, fetchDiscoveryDocument, exchangeCode, refreshTokens, clientCredentialsFlow, type OIDCOptions, type OIDCTokens, type OIDCDiscoveryDocument, } from './oidc.js';
+export { auth0, auth0Plugin, generateAuth0AuthUrl, exchangeAuth0Code, getAuth0UserInfo, type Auth0Options, } from './auth0.js';
+export { cognito, cognitoPlugin, getCognitoIdentityCredentials, getCognitoHostedUIUrl, type CognitoOptions, type CognitoTokens, type CognitoAWSCredentials, } from './cognito.js';
+export { okta, oktaPlugin, generateOktaAuthUrl, exchangeOktaCode, getOktaUserInfo, introspectOktaToken, revokeOktaToken, type OktaOptions, } from './okta.js';
+export { azureAD, azureADPlugin, entraId, entraIdPlugin, generateAzureADAuthUrl, exchangeAzureADCode, azureADOnBehalfOf, getAzureADUserInfo, type AzureADOptions, } from './azure-ad.js';
+export { firebase, firebasePlugin, createFirebaseCustomToken, verifyFirebaseIdToken, type FirebaseAuthOptions, type FirebaseServiceAccount, type FirebaseTokens, } from './firebase.js';
+export { googleServiceAccount, googleServiceAccountPlugin, getGoogleIdToken, GoogleScopes, type GoogleServiceAccountOptions, type GoogleServiceAccountCredentials, } from './google-service-account.js';
+export { githubApp, githubAppPlugin, createGitHubAppJWT, listGitHubAppInstallations, getGitHubAppInstallationForRepo, getGitHubAppInfo, type GitHubAppOptions, type GitHubInstallationToken, } from './github-app.js';
+export { mtls, mtlsPlugin, createMTLSAgent, parseCertificateInfo, isCertificateValid, verifyCertificateFingerprint, type MTLSOptions, type MTLSCertificateInfo, } from './mtls.js';

package/dist/plugins/auth/index.js

@@ -0,0 +1,15 @@
+export { basicAuth, basicAuthPlugin, } from './basic.js';
+export { bearerAuth, bearerAuthPlugin, } from './bearer.js';
+export { apiKeyAuth, apiKeyAuthPlugin, } from './api-key.js';
+export { digestAuth, digestAuthPlugin, } from './digest.js';
+export { oauth2, oauth2Plugin, } from './oauth2.js';
+export { awsSignatureV4, awsSignatureV4Plugin, } from './aws-sigv4.js';
+export { oidc, oidcPlugin, generatePKCE, generateAuthorizationUrl, fetchDiscoveryDocument, exchangeCode, refreshTokens, clientCredentialsFlow, } from './oidc.js';
+export { auth0, auth0Plugin, generateAuth0AuthUrl, exchangeAuth0Code, getAuth0UserInfo, } from './auth0.js';
+export { cognito, cognitoPlugin, getCognitoIdentityCredentials, getCognitoHostedUIUrl, } from './cognito.js';
+export { okta, oktaPlugin, generateOktaAuthUrl, exchangeOktaCode, getOktaUserInfo, introspectOktaToken, revokeOktaToken, } from './okta.js';
+export { azureAD, azureADPlugin, entraId, entraIdPlugin, generateAzureADAuthUrl, exchangeAzureADCode, azureADOnBehalfOf, getAzureADUserInfo, } from './azure-ad.js';
+export { firebase, firebasePlugin, createFirebaseCustomToken, verifyFirebaseIdToken, } from './firebase.js';
+export { googleServiceAccount, googleServiceAccountPlugin, getGoogleIdToken, GoogleScopes, } from './google-service-account.js';
+export { githubApp, githubAppPlugin, createGitHubAppJWT, listGitHubAppInstallations, getGitHubAppInstallationForRepo, getGitHubAppInfo, } from './github-app.js';
+export { mtls, mtlsPlugin, createMTLSAgent, parseCertificateInfo, isCertificateValid, verifyCertificateFingerprint, } from './mtls.js';