better-auth/dist/plugins/generic-oauth/providers/okta.mjs.map

The most comprehensive authentication framework for TypeScript.

{"version":3,"file":"okta.mjs","names":[],"sources":["../../../../src/plugins/generic-oauth/providers/okta.ts"],"sourcesContent":["import type { OAuth2Tokens, OAuth2UserInfo } from \"@better-auth/core/oauth2\";\nimport { betterFetch } from \"@better-fetch/fetch\";\nimport type { BaseOAuthProviderOptions, GenericOAuthConfig } from \"../index\";\n\nexport interface OktaOptions extends BaseOAuthProviderOptions {\n\t/**\n\t * Okta issuer URL (e.g., https://dev-xxxxx.okta.com/oauth2/default)\n\t * This will be used to construct the discovery URL.\n\t */\n\tissuer: string;\n}\n\ninterface OktaProfile {\n\tsub: string;\n\tname?: string;\n\temail?: string;\n\temail_verified?: boolean;\n\tpicture?: string;\n\tpreferred_username?: string;\n\tgiven_name?: string;\n\tfamily_name?: string;\n}\n\n/**\n * Okta OAuth provider helper\n *\n * @example\n * ```ts\n * import { genericOAuth, okta } from \"better-auth/plugins/generic-oauth\";\n *\n * export const auth = betterAuth({\n *   plugins: [\n *     genericOAuth({\n *       config: [\n *         okta({\n *           clientId: process.env.OKTA_CLIENT_ID,\n *           clientSecret: process.env.OKTA_CLIENT_SECRET,\n *           issuer: process.env.OKTA_ISSUER,\n *         }),\n *       ],\n *     }),\n *   ],\n * });\n * ```\n */\nexport function okta(options: OktaOptions): GenericOAuthConfig {\n\tconst defaultScopes = [\"openid\", \"profile\", \"email\"];\n\n\t// Ensure issuer ends without trailing slash for proper discovery URL construction\n\tconst issuer = options.issuer.replace(/\\/$/, \"\");\n\tconst discoveryUrl = `${issuer}/.well-known/openid-configuration`;\n\n\tconst getUserInfo = async (\n\t\ttokens: OAuth2Tokens,\n\t): Promise<OAuth2UserInfo | null> => {\n\t\tconst userInfoUrl = `${issuer}/v1/userinfo`;\n\n\t\tconst { data: profile, error } = await betterFetch<OktaProfile>(\n\t\t\tuserInfoUrl,\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${tokens.accessToken}`,\n\t\t\t\t},\n\t\t\t},\n\t\t);\n\n\t\tif (error || !profile) {\n\t\t\treturn null;\n\t\t}\n\n\t\treturn {\n\t\t\tid: profile.sub,\n\t\t\tname: profile.name ?? profile.preferred_username ?? undefined,\n\t\t\temail: profile.email ?? undefined,\n\t\t\timage: profile.picture,\n\t\t\temailVerified: profile.email_verified ?? false,\n\t\t};\n\t};\n\n\treturn {\n\t\tproviderId: \"okta\",\n\t\tdiscoveryUrl,\n\t\tclientId: options.clientId,\n\t\tclientSecret: options.clientSecret,\n\t\tscopes: options.scopes ?? defaultScopes,\n\t\tredirectURI: options.redirectURI,\n\t\tpkce: options.pkce,\n\t\tdisableImplicitSignUp: options.disableImplicitSignUp,\n\t\tdisableSignUp: options.disableSignUp,\n\t\toverrideUserInfo: options.overrideUserInfo,\n\t\tgetUserInfo,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,SAAgB,KAAK,SAA0C;CAC9D,MAAM,gBAAgB;EAAC;EAAU;EAAW;EAAQ;CAGpD,MAAM,SAAS,QAAQ,OAAO,QAAQ,OAAO,GAAG;CAChD,MAAM,eAAe,GAAG,OAAO;CAE/B,MAAM,cAAc,OACnB,WACoC;EAGpC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YAFnB,GAAG,OAAO,eAI7B,EACC,SAAS,EACR,eAAe,UAAU,OAAO,eAChC,EACD,CACD;AAED,MAAI,SAAS,CAAC,QACb,QAAO;AAGR,SAAO;GACN,IAAI,QAAQ;GACZ,MAAM,QAAQ,QAAQ,QAAQ,sBAAsB;GACpD,OAAO,QAAQ,SAAS;GACxB,OAAO,QAAQ;GACf,eAAe,QAAQ,kBAAkB;GACzC;;AAGF,QAAO;EACN,YAAY;EACZ;EACA,UAAU,QAAQ;EAClB,cAAc,QAAQ;EACtB,QAAQ,QAAQ,UAAU;EAC1B,aAAa,QAAQ;EACrB,MAAM,QAAQ;EACd,uBAAuB,QAAQ;EAC/B,eAAe,QAAQ;EACvB,kBAAkB,QAAQ;EAC1B;EACA"}