payload-auth-plugin
Version:
Authentication plugin for Payload CMS
552 lines (532 loc) • 14.7 kB
JavaScript
// src/providers/oauth2/apple.ts
var authorization_server = {
issuer: "https://appleid.apple.com",
authorization_endpoint: "https://appleid.apple.com/auth/authorize",
token_endpoint: "https://appleid.apple.com/auth/token"
};
function AppleOAuth2Provider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "apple",
scope: overrideScope ?? "name email",
authorization_server,
name: "Apple",
algorithm: "oauth2",
params: {
...config.params,
response_mode: "form_post"
},
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var apple_default = AppleOAuth2Provider;
// src/providers/oauth2/atlassian.ts
var algorithm = "oauth2";
var authorization_server2 = {
issuer: "https://auth.atlassian.com",
authorization_endpoint: "https://auth.atlassian.com/authorize",
token_endpoint: "https://auth.atlassian.com/oauth/token",
userinfo_endpoint: "https://api.atlassian.com/me"
};
function AtlassianAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "atlassian",
authorization_server: authorization_server2,
name: "Atlassian",
algorithm,
scope: overrideScope ?? "read:me read:account",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.account_id,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var atlassian_default = AtlassianAuthProvider;
// src/providers/oauth2/auth0.ts
function Auth0AuthProvider(config) {
const { domain, overrideScope, ...restConfig } = config;
const authorization_server8 = {
issuer: `https://${domain}/`,
authorization_endpoint: `https://${domain}/authorize`,
token_endpoint: `https://${domain}/oauth/token`,
userinfo_endpoint: `https://${domain}/userinfo`
};
return {
...restConfig,
id: "auth0",
scope: overrideScope ?? "openid email profile",
authorization_server: authorization_server8,
name: "Auth0",
algorithm: "oauth2",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var auth0_default = Auth0AuthProvider;
// src/providers/oauth2/discord.ts
var authorization_server3 = {
issuer: "https://discord.com",
authorization_endpoint: "https://discord.com/api/oauth2/authorize",
token_endpoint: "https://discord.com/api/oauth2/token",
userinfo_endpoint: "https://discord.com/api/users/@me"
};
function DiscordAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "discord",
scope: overrideScope ?? "identify email",
authorization_server: authorization_server3,
name: "Discord",
algorithm: "oauth2",
kind: "oauth",
profile: (profile) => {
const format = profile.avatar.toString().startsWith("a_") ? "gif" : "png";
return {
sub: profile.id,
name: profile.username ?? profile.global_name,
email: profile.email,
picture: `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
};
}
};
}
var discord_default = DiscordAuthProvider;
// src/providers/oauth2/facebook.ts
var authorization_server4 = {
issuer: "https://www.facebook.com",
authorization_endpoint: "https://www.facebook.com/v19.0/dialog/oauth",
token_endpoint: "https://graph.facebook.com/oauth/access_token",
userinfo_endpoint: "https://graph.facebook.com/me?fields=id,name,email,picture"
};
function FacebookAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "facebook",
scope: overrideScope ?? "email",
authorization_server: authorization_server4,
name: "Facebook",
algorithm: "oauth2",
kind: "oauth",
profile: (profile) => {
let picture;
if (typeof profile.picture === "object" && profile.picture !== null) {
const dataContainer = profile.picture;
if ("data" in dataContainer) {
picture = dataContainer.data.url;
}
}
return {
sub: profile.id,
name: profile.name,
email: profile.email,
picture
};
}
};
}
var facebook_default = FacebookAuthProvider;
// src/providers/oauth2/github.ts
var authorization_server5 = {
issuer: "https://github.com",
authorization_endpoint: "https://github.com/login/oauth/authorize",
token_endpoint: "https://github.com/login/oauth/access_token",
userinfo_endpoint: "https://api.github.com/user"
};
function GitHubAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "github",
scope: overrideScope ?? "openid email profile",
authorization_server: authorization_server5,
name: "GitHub",
algorithm: "oauth2",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.id,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var github_default = GitHubAuthProvider;
// src/providers/oauth2/jumpcloud.ts
var authorization_server6 = {
issuer: "https://oauth.id.jumpcloud.com/",
authorization_endpoint: "https://oauth.id.jumpcloud.com/oauth2/auth",
token_endpoint: "https://oauth.id.jumpcloud.com/oauth2/token",
userinfo_endpoint: "https://oauth.id.jumpcloud.com/userinfo"
};
function JumpCloudAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "jumpcloud",
scope: overrideScope ?? "openid email profile",
authorization_server: authorization_server6,
name: "Jump Cloud",
algorithm: "oauth2",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.email,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var jumpcloud_default = JumpCloudAuthProvider;
// src/providers/oauth2/twitch.ts
var authorization_server7 = {
issuer: "https://id.twitch.tv/oauth2",
authorization_endpoint: "https://id.twitch.tv/oauth2/authorize",
token_endpoint: "https://id.twitch.tv/oauth2/token",
userinfo_endpoint: "https://id.twitch.tv/oauth2/userinfo"
};
function TwitchAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "twitch",
scope: overrideScope ?? "openid user:read:email",
authorization_server: authorization_server7,
name: "Twitch",
algorithm: "oauth2",
kind: "oauth",
params: {
scope: overrideScope ?? "openid user:read:email",
claims: JSON.stringify({
id_token: { email: null, picture: null, preferred_username: null },
userinfo: { email: null, picture: null, preferred_username: null }
})
},
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var twitch_default = TwitchAuthProvider;
// src/providers/oidc/apple.ts
function AppleOIDCAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "apple",
scope: overrideScope ?? "openid name email",
issuer: "https://appleid.apple.com",
name: "Apple",
algorithm: "oidc",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var apple_default2 = AppleOIDCAuthProvider;
// src/providers/oidc/cognito.ts
function CognitoAuthProvider(config) {
const { domain, overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "cognito",
scope: overrideScope ?? "email openid profile",
issuer: domain,
name: "Congnito",
algorithm: "oidc",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var cognito_default = CognitoAuthProvider;
// src/providers/oidc/gitlab.ts
function GitLabAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "gitlab",
scope: overrideScope ?? "openid email profile",
issuer: "https://gitlab.com",
name: "GitLab",
algorithm: "oidc",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var gitlab_default = GitLabAuthProvider;
// src/providers/oidc/google.ts
function GoogleAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "google",
scope: overrideScope ?? "openid email profile",
issuer: "https://accounts.google.com",
name: "Google",
algorithm: "oidc",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var google_default = GoogleAuthProvider;
// src/providers/oidc/keycloak.ts
function KeyCloakAuthProvider(config) {
const { realm, domain, identifier, name, overrideScope, ...restConfig } = config;
return {
...restConfig,
id: identifier,
scope: overrideScope ?? "email openid profile",
issuer: `https://${domain}/realms/${realm}`,
name,
algorithm: "oidc",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var keycloak_default = KeyCloakAuthProvider;
// src/providers/oidc/microsoft-entra.ts
function MicrosoftEntraAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "msft-entra",
scope: overrideScope ?? "openid profile email offline_access",
issuer: `https://${config.tenant_id}.ciamlogin.com/${config.tenant_id}/v2.0`,
name: "Microsoft Entra",
algorithm: "oidc",
kind: "oauth",
profile: (profile) => {
const email = profile.email;
return {
sub: profile.sub,
name: profile.name,
email: email.toLowerCase(),
picture: profile.picture
};
}
};
}
var microsoft_entra_default = MicrosoftEntraAuthProvider;
// src/providers/oidc/okta.ts
function encodeString(s) {
let h = 0;
const l = s.length;
let i = 0;
if (l > 0) {
while (i < l) {
h = (h << 5) - h + s.charCodeAt(i++) | 0;
}
}
return h;
}
function OktaAuthProvider(config) {
const { domain, overrideScope, ...restConfig } = config;
const stateCode = encodeString(config.client_id).toString();
return {
...restConfig,
id: "okta",
scope: overrideScope ?? "email openid profile",
issuer: `https://${domain}`,
name: "Okta",
algorithm: "oidc",
kind: "oauth",
params: {
state: `state-${stateCode}`
},
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var okta_default = OktaAuthProvider;
// src/core/errors/consoleErrors.ts
var PluginError = class extends Error {
constructor(message, cause) {
super(message);
this.name = "PAYLOAD_AUTH_PLUGIN_ERROR";
this.message = message;
this.cause = cause;
this.stack = "";
}
};
var InvalidDomain = class extends PluginError {
constructor() {
super("Invalid domain format");
}
};
// src/providers/utils.ts
function encodeString2(s) {
let h = 0;
const l = s.length;
let i = 0;
if (l > 0) {
while (i < l) {
h = (h << 5) - h + s.charCodeAt(i++) | 0;
}
}
return h;
}
// src/providers/oidc/roblox.ts
function RobloxAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
const domainRegex = /^(?!-)(?:[a-zA-Z0-9-]{1,63}\.)+[a-zA-Z]{2,63}$/;
const isValidDomain = domainRegex.test(restConfig.emailDomain);
if (!isValidDomain) {
throw new InvalidDomain();
}
const stateCode = encodeString2(config.client_id).toString();
return {
...restConfig,
id: "roblox",
scope: overrideScope ?? "openid email profile",
issuer: "https://apis.roblox.com/oauth/",
name: "Roblox",
algorithm: "oidc",
kind: "oauth",
params: {
state: `state-${stateCode}`
},
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var roblox_default = RobloxAuthProvider;
// src/providers/oidc/slack.ts
function SlackAuthProvider(config) {
const { overrideScope, ...restConfig } = config;
return {
...restConfig,
id: "slack",
scope: overrideScope ?? "openid email profile",
issuer: "https://slack.com",
name: "Slack",
algorithm: "oidc",
kind: "oauth",
profile: (profile) => {
return {
sub: profile.sub,
name: profile.name,
email: profile.email,
picture: profile.picture
};
}
};
}
var slack_default = SlackAuthProvider;
// src/providers/passkey.ts
function PasskeyAuthProvider() {
return {
id: "passkey",
kind: "passkey"
};
}
var passkey_default = PasskeyAuthProvider;
// src/providers/password.ts
function PasswordProvider(options) {
return {
id: "password",
kind: "password",
...options
};
}
var password_default = PasswordProvider;
export {
apple_default as AppleOAuth2Provider,
apple_default2 as AppleOIDCAuthProvider,
atlassian_default as AtlassianAuthProvider,
auth0_default as Auth0AuthProvider,
cognito_default as CognitoAuthProvider,
discord_default as DiscordAuthProvider,
facebook_default as FacebookAuthProvider,
github_default as GitHubAuthProvider,
gitlab_default as GitLabAuthProvider,
google_default as GoogleAuthProvider,
jumpcloud_default as JumpCloudAuthProvider,
keycloak_default as KeyCloakAuthProvider,
microsoft_entra_default as MicrosoftEntraAuthProvider,
okta_default as OktaAuthProvider,
passkey_default as PasskeyAuthProvider,
password_default as PasswordProvider,
roblox_default as RobloxAuthProvider,
slack_default as SlackAuthProvider,
twitch_default as TwitchAuthProvider
};
//# sourceMappingURL=index.js.map