# openauth

License

Pure OAuth 2.0 for any JavaScript runtime. No framework lock-in. No middleware. Just a clean 3-step OAuth flow that works on Deno, Node.js, and Bun. ## Usage Every provider follows the same 3-step flow: ```ts // 1. Generate the authorization URL and redirect the user const url = await oauth.getAuthRequestUri({ state: "random_state" }); // 2. Exchange the authorization code for an access token const token = await oauth.getAccessTokenResponse(code); // 3. Fetch the user profile const user = await oauth.getUserProfile(token.accessToken); ``` For OIDC providers (e.g. Google), you can skip the extra HTTP request and extract the profile directly from the `id_token`: ```ts const user = await oauth.getUserProfileFromIdToken(token.idToken); ``` The token's signature (via JWKS), issuer, audience, and expiration are all verified. ## Providers | Provider | OIDC | | ---------------------- | :-----------: | | [Discord](./discord) | not supported | | [Facebook](./facebook) | ✓ | | [GitHub](./github) | not supported | | [GitLab](./gitlab) | ✓ | | [Google](./google) | ✓ | | [Kakao](./kakao) | ✓ | | [LINE](./line) | ✓ | | [Naver](./naver) | not supported | Click a provider to see its detailed usage guide. The **OIDC** column marks providers that support [`getUserProfileFromIdToken`](#usage) — verifying a signed `id_token` instead of calling the userinfo endpoint.