{"version":3,"file":"client-credentials-token.mjs","names":["headers: Record<string, any>","tokens: OAuth2Tokens"],"sources":["../../src/oauth2/client-credentials-token.ts"],"sourcesContent":["import { base64Url } from \"@better-auth/utils/base64\";\nimport { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuth2Tokens, ProviderOptions } from \"./oauth-provider\";\n\nexport function createClientCredentialsTokenRequest({\n\toptions,\n\tscope,\n\tauthentication,\n\tresource,\n}: {\n\toptions: ProviderOptions & { clientSecret: string };\n\tscope?: string | undefined;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\tresource?: (string | string[]) | undefined;\n}) {\n\tconst body = new URLSearchParams();\n\tconst headers: Record<string, any> = {\n\t\t\"content-type\": \"application/x-www-form-urlencoded\",\n\t\taccept: \"application/json\",\n\t};\n\n\tbody.set(\"grant_type\", \"client_credentials\");\n\tscope && body.set(\"scope\", scope);\n\tif (resource) {\n\t\tif (typeof resource === \"string\") {\n\t\t\tbody.append(\"resource\", resource);\n\t\t} else {\n\t\t\tfor (const _resource of resource) {\n\t\t\t\tbody.append(\"resource\", _resource);\n\t\t\t}\n\t\t}\n\t}\n\tif (authentication === \"basic\") {\n\t\tconst primaryClientId = Array.isArray(options.clientId)\n\t\t\t? options.clientId[0]\n\t\t\t: options.clientId;\n\t\tconst encodedCredentials = base64Url.encode(\n\t\t\t`${primaryClientId}:${options.clientSecret}`,\n\t\t);\n\t\theaders[\"authorization\"] = `Basic ${encodedCredentials}`;\n\t} else {\n\t\tconst primaryClientId = Array.isArray(options.clientId)\n\t\t\t? options.clientId[0]\n\t\t\t: options.clientId;\n\t\tbody.set(\"client_id\", primaryClientId);\n\t\tbody.set(\"client_secret\", options.clientSecret);\n\t}\n\n\treturn {\n\t\tbody,\n\t\theaders,\n\t};\n}\n\nexport async function clientCredentialsToken({\n\toptions,\n\ttokenEndpoint,\n\tscope,\n\tauthentication,\n\tresource,\n}: {\n\toptions: ProviderOptions & { clientSecret: string };\n\ttokenEndpoint: string;\n\tscope: string;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\tresource?: (string | string[]) | undefined;\n}): Promise<OAuth2Tokens> {\n\tconst { body, headers } = createClientCredentialsTokenRequest({\n\t\toptions,\n\t\tscope,\n\t\tauthentication,\n\t\tresource,\n\t});\n\n\tconst { data, error } = await betterFetch<{\n\t\taccess_token: string;\n\t\texpires_in?: number | undefined;\n\t\ttoken_type?: string | undefined;\n\t\tscope?: string | undefined;\n\t}>(tokenEndpoint, {\n\t\tmethod: \"POST\",\n\t\tbody,\n\t\theaders,\n\t});\n\tif (error) {\n\t\tthrow error;\n\t}\n\tconst tokens: OAuth2Tokens = {\n\t\taccessToken: data.access_token,\n\t\ttokenType: data.token_type,\n\t\tscopes: data.scope?.split(\" \"),\n\t};\n\n\tif (data.expires_in) {\n\t\tconst now = new Date();\n\t\ttokens.accessTokenExpiresAt = new Date(\n\t\t\tnow.getTime() + data.expires_in * 1000,\n\t\t);\n\t}\n\n\treturn tokens;\n}\n"],"mappings":";;;;AAIA,SAAgB,oCAAoC,EACnD,SACA,OACA,gBACA,YAME;CACF,MAAM,OAAO,IAAI,iBAAiB;CAClC,MAAMA,UAA+B;EACpC,gBAAgB;EAChB,QAAQ;EACR;AAED,MAAK,IAAI,cAAc,qBAAqB;AAC5C,UAAS,KAAK,IAAI,SAAS,MAAM;AACjC,KAAI,SACH,KAAI,OAAO,aAAa,SACvB,MAAK,OAAO,YAAY,SAAS;KAEjC,MAAK,MAAM,aAAa,SACvB,MAAK,OAAO,YAAY,UAAU;AAIrC,KAAI,mBAAmB,SAAS;EAC/B,MAAM,kBAAkB,MAAM,QAAQ,QAAQ,SAAS,GACpD,QAAQ,SAAS,KACjB,QAAQ;AAIX,UAAQ,mBAAmB,SAHA,UAAU,OACpC,GAAG,gBAAgB,GAAG,QAAQ,eAC9B;QAEK;EACN,MAAM,kBAAkB,MAAM,QAAQ,QAAQ,SAAS,GACpD,QAAQ,SAAS,KACjB,QAAQ;AACX,OAAK,IAAI,aAAa,gBAAgB;AACtC,OAAK,IAAI,iBAAiB,QAAQ,aAAa;;AAGhD,QAAO;EACN;EACA;EACA;;AAGF,eAAsB,uBAAuB,EAC5C,SACA,eACA,OACA,gBACA,YAOyB;CACzB,MAAM,EAAE,MAAM,YAAY,oCAAoC;EAC7D;EACA;EACA;EACA;EACA,CAAC;CAEF,MAAM,EAAE,MAAM,UAAU,MAAM,YAK3B,eAAe;EACjB,QAAQ;EACR;EACA;EACA,CAAC;AACF,KAAI,MACH,OAAM;CAEP,MAAMC,SAAuB;EAC5B,aAAa,KAAK;EAClB,WAAW,KAAK;EAChB,QAAQ,KAAK,OAAO,MAAM,IAAI;EAC9B;AAED,KAAI,KAAK,YAAY;EACpB,MAAM,sBAAM,IAAI,MAAM;AACtB,SAAO,uBAAuB,IAAI,KACjC,IAAI,SAAS,GAAG,KAAK,aAAa,IAClC;;AAGF,QAAO"}