{"version":3,"sources":["../../../src/oauth2/provider/google.ts"],"sourcesContent":["import { invariant } from '@shware/utils';\nimport { OAuth2Error } from '../error';\nimport type {\n  LoginOAuth2NativeParams,\n  NativeCredential,\n  OAuth2Token,\n  OneTapProvider,\n} from '../types';\nimport { createAuthorizationUri, exchangeAuthorizationCode, verifyIdToken } from './common';\n\nexport function createGoogleProvider(): OneTapProvider {\n  return {\n    authorizationUri: 'https://accounts.google.com/o/oauth2/v2/auth',\n    tokenUri: 'https://oauth2.googleapis.com/token',\n    userInfoUri: 'https://www.googleapis.com/oauth2/v3/userinfo',\n    userNameAttribute: 'sub',\n    jwkSetUri: 'https://www.googleapis.com/oauth2/v3/certs',\n    // https://developers.google.com/identity/protocols/oauth2/scopes#oauth2\n    defaultScope: [\n      'https://www.googleapis.com/auth/userinfo.email',\n      'https://www.googleapis.com/auth/userinfo.profile',\n      'openid',\n    ],\n    createAuthorizationUri(params) {\n      return createAuthorizationUri({\n        ...params,\n        scope: params.scope ?? this.defaultScope,\n        authorizationUri: this.authorizationUri,\n      });\n    },\n    async exchangeAuthorizationCode(params) {\n      const response = await exchangeAuthorizationCode({ ...params, tokenUri: this.tokenUri });\n      if (!response.ok) {\n        const { error, error_description } = (await response.json()) as GoogleErrorResponse;\n        throw new OAuth2Error(response.status, error, error_description);\n      }\n      return (await response.json()) as GoogleToken;\n    },\n    async getUserInfo({ id_token }) {\n      invariant(id_token, 'id_token is required');\n      invariant(this.jwkSetUri, 'jwkSetUri is required');\n      const data = await verifyIdToken<GoogleUserInfo>(id_token, this.jwkSetUri);\n      return {\n        data,\n        claims: {\n          sub: data.sub,\n          name: data.name,\n          picture: data.picture,\n          email: data.email,\n          email_verified: data.email_verified,\n          given_name: data.given_name,\n          family_name: data.family_name,\n          locale: data.locale,\n        },\n      };\n    },\n    async loginOAuth2Native({ pkce: _, credentials, ...params }: LoginOAuth2NativeParams) {\n      invariant(credentials.code, 'code is required');\n      const { code } = credentials;\n      const { tokenUri } = this;\n      const response = await exchangeAuthorizationCode({ code, tokenUri, ...params });\n      if (!response.ok) {\n        const { error, error_description } = (await response.json()) as GoogleErrorResponse;\n        throw new OAuth2Error(response.status, error, error_description);\n      }\n      const token = (await response.json()) as GoogleToken;\n      const userInfo = await this.getUserInfo(token);\n      return { token, userInfo };\n    },\n    async getTokenInfo(id_token: string) {\n      invariant(id_token, 'id_token is required');\n      invariant(this.jwkSetUri, 'jwkSetUri is required');\n      const data = await verifyIdToken<GoogleUserInfo>(id_token, this.jwkSetUri);\n      return {\n        token: {\n          id_token,\n          access_token: '',\n          token_type: '',\n          expires_in: 0,\n          refresh_token: '',\n          scope: '',\n        },\n        userInfo: {\n          data,\n          claims: {\n            sub: data.sub,\n            name: data.name,\n            picture: data.picture,\n            email: data.email,\n            email_verified: data.email_verified,\n            given_name: data.given_name,\n            family_name: data.family_name,\n            locale: data.locale,\n          },\n        },\n      };\n    },\n  };\n}\n\nexport const google = createGoogleProvider();\n\nexport interface GoogleUserInfo {\n  aud: string;\n  azp: string;\n  email: string;\n  email_verified: boolean;\n  exp: number;\n  family_name: string;\n  given_name: string;\n  hd?: string;\n  iat: number;\n  iss: string;\n  jti?: string;\n  locale?: string;\n  name: string;\n  nbf?: number;\n  picture: string;\n  sub: string;\n  nonce?: string;\n}\n\nexport interface GoogleToken extends OAuth2Token {\n  access_token: string;\n  token_type: string;\n  expires_in: number;\n  refresh_token: string;\n  id_token: string;\n  scope: string;\n}\n\n// android,ios has different client_id and redirect_uri\nexport interface GoogleAppCredential extends NativeCredential {\n  state: string;\n  code: string;\n  client_id: string;\n  redirect_uri: string;\n}\n\nexport interface GoogleErrorResponse {\n  error:\n    | 'invalid_request'\n    | 'invalid_client'\n    | 'invalid_grant'\n    | 'invalid_token'\n    | 'invalid_scope'\n    | 'unauthorized_client'\n    | 'unsupported_grant_type'\n    | 'access_denied'\n    | 'server_error';\n  error_description: string;\n}\n"],"mappings":";AAAA,SAAS,iBAAiB;AAC1B,SAAS,mBAAmB;AAO5B,SAAS,wBAAwB,2BAA2B,qBAAqB;AAE1E,SAAS,uBAAuC;AACrD,SAAO;AAAA,IACL,kBAAkB;AAAA,IAClB,UAAU;AAAA,IACV,aAAa;AAAA,IACb,mBAAmB;AAAA,IACnB,WAAW;AAAA;AAAA,IAEX,cAAc;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,uBAAuB,QAAQ;AAC7B,aAAO,uBAAuB;AAAA,QAC5B,GAAG;AAAA,QACH,OAAO,OAAO,SAAS,KAAK;AAAA,QAC5B,kBAAkB,KAAK;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,IACA,MAAM,0BAA0B,QAAQ;AACtC,YAAM,WAAW,MAAM,0BAA0B,EAAE,GAAG,QAAQ,UAAU,KAAK,SAAS,CAAC;AACvF,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,EAAE,OAAO,kBAAkB,IAAK,MAAM,SAAS,KAAK;AAC1D,cAAM,IAAI,YAAY,SAAS,QAAQ,OAAO,iBAAiB;AAAA,MACjE;AACA,aAAQ,MAAM,SAAS,KAAK;AAAA,IAC9B;AAAA,IACA,MAAM,YAAY,EAAE,SAAS,GAAG;AAC9B,gBAAU,UAAU,sBAAsB;AAC1C,gBAAU,KAAK,WAAW,uBAAuB;AACjD,YAAM,OAAO,MAAM,cAA8B,UAAU,KAAK,SAAS;AACzE,aAAO;AAAA,QACL;AAAA,QACA,QAAQ;AAAA,UACN,KAAK,KAAK;AAAA,UACV,MAAM,KAAK;AAAA,UACX,SAAS,KAAK;AAAA,UACd,OAAO,KAAK;AAAA,UACZ,gBAAgB,KAAK;AAAA,UACrB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,UAClB,QAAQ,KAAK;AAAA,QACf;AAAA,MACF;AAAA,IACF;AAAA,IACA,MAAM,kBAAkB,EAAE,MAAM,GAAG,aAAa,GAAG,OAAO,GAA4B;AACpF,gBAAU,YAAY,MAAM,kBAAkB;AAC9C,YAAM,EAAE,KAAK,IAAI;AACjB,YAAM,EAAE,SAAS,IAAI;AACrB,YAAM,WAAW,MAAM,0BAA0B,EAAE,MAAM,UAAU,GAAG,OAAO,CAAC;AAC9E,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,EAAE,OAAO,kBAAkB,IAAK,MAAM,SAAS,KAAK;AAC1D,cAAM,IAAI,YAAY,SAAS,QAAQ,OAAO,iBAAiB;AAAA,MACjE;AACA,YAAM,QAAS,MAAM,SAAS,KAAK;AACnC,YAAM,WAAW,MAAM,KAAK,YAAY,KAAK;AAC7C,aAAO,EAAE,OAAO,SAAS;AAAA,IAC3B;AAAA,IACA,MAAM,aAAa,UAAkB;AACnC,gBAAU,UAAU,sBAAsB;AAC1C,gBAAU,KAAK,WAAW,uBAAuB;AACjD,YAAM,OAAO,MAAM,cAA8B,UAAU,KAAK,SAAS;AACzE,aAAO;AAAA,QACL,OAAO;AAAA,UACL;AAAA,UACA,cAAc;AAAA,UACd,YAAY;AAAA,UACZ,YAAY;AAAA,UACZ,eAAe;AAAA,UACf,OAAO;AAAA,QACT;AAAA,QACA,UAAU;AAAA,UACR;AAAA,UACA,QAAQ;AAAA,YACN,KAAK,KAAK;AAAA,YACV,MAAM,KAAK;AAAA,YACX,SAAS,KAAK;AAAA,YACd,OAAO,KAAK;AAAA,YACZ,gBAAgB,KAAK;AAAA,YACrB,YAAY,KAAK;AAAA,YACjB,aAAa,KAAK;AAAA,YAClB,QAAQ,KAAK;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,SAAS,qBAAqB;","names":[]}