{"version":3,"file":"salesforce.mjs","names":[],"sources":["../../src/social-providers/salesforce.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { logger } from \"../env\";\nimport { BetterAuthError } from \"../error\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface SalesforceProfile {\n\tsub: string;\n\tuser_id: string;\n\torganization_id: string;\n\tpreferred_username?: string | undefined;\n\temail: string;\n\temail_verified?: boolean | undefined;\n\tname: string;\n\tgiven_name?: string | undefined;\n\tfamily_name?: string | undefined;\n\tzoneinfo?: string | undefined;\n\tphotos?:\n\t\t| {\n\t\t\t\tpicture?: string;\n\t\t\t\tthumbnail?: string;\n\t\t  }\n\t\t| undefined;\n}\n\nexport interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {\n\tclientId: string;\n\tenvironment?: (\"sandbox\" | \"production\") | undefined;\n\tloginUrl?: string | undefined;\n\t/**\n\t * Override the redirect URI if auto-detection fails.\n\t * Should match the Callback URL configured in your Salesforce Connected App.\n\t * @example \"http://localhost:3000/api/auth/callback/salesforce\"\n\t */\n\tredirectURI?: string | undefined;\n}\n\nexport const salesforce = (options: SalesforceOptions) => {\n\tconst environment = options.environment ?? \"production\";\n\tconst isSandbox = environment === \"sandbox\";\n\tconst authorizationEndpoint = options.loginUrl\n\t\t? `https://${options.loginUrl}/services/oauth2/authorize`\n\t\t: isSandbox\n\t\t\t? \"https://test.salesforce.com/services/oauth2/authorize\"\n\t\t\t: \"https://login.salesforce.com/services/oauth2/authorize\";\n\n\tconst tokenEndpoint = options.loginUrl\n\t\t? `https://${options.loginUrl}/services/oauth2/token`\n\t\t: isSandbox\n\t\t\t? \"https://test.salesforce.com/services/oauth2/token\"\n\t\t\t: \"https://login.salesforce.com/services/oauth2/token\";\n\n\tconst userInfoEndpoint = options.loginUrl\n\t\t? `https://${options.loginUrl}/services/oauth2/userinfo`\n\t\t: isSandbox\n\t\t\t? \"https://test.salesforce.com/services/oauth2/userinfo\"\n\t\t\t: \"https://login.salesforce.com/services/oauth2/userinfo\";\n\n\treturn {\n\t\tid: \"salesforce\",\n\t\tname: \"Salesforce\",\n\n\t\tasync createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tif (!options.clientId || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new BetterAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Salesforce\");\n\t\t\t}\n\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"email\", \"profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"salesforce\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t});\n\t\t},\n\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst { data: user } = await betterFetch<SalesforceProfile>(\n\t\t\t\t\tuserInfoEndpoint,\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t);\n\n\t\t\t\tif (!user) {\n\t\t\t\t\tlogger.error(\"Failed to fetch user info from Salesforce\");\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\tconst userMap = await options.mapProfileToUser?.(user);\n\n\t\t\t\treturn {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\tid: user.user_id,\n\t\t\t\t\t\tname: user.name,\n\t\t\t\t\t\temail: user.email,\n\t\t\t\t\t\timage: user.photos?.picture || user.photos?.thumbnail,\n\t\t\t\t\t\temailVerified: user.email_verified ?? false,\n\t\t\t\t\t\t...userMap,\n\t\t\t\t\t},\n\t\t\t\t\tdata: user,\n\t\t\t\t};\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to fetch user info from Salesforce:\", error);\n\t\t\t\treturn null;\n\t\t\t}\n\t\t},\n\n\t\toptions,\n\t} satisfies OAuthProvider<SalesforceProfile>;\n};\n"],"mappings":";;;;;;;;;;AAyCA,MAAa,cAAc,YAA+B;CAEzD,MAAM,aADc,QAAQ,eAAe,kBACT;CAClC,MAAM,wBAAwB,QAAQ,WACnC,WAAW,QAAQ,SAAS,8BAC5B,YACC,0DACA;CAEJ,MAAM,gBAAgB,QAAQ,WAC3B,WAAW,QAAQ,SAAS,0BAC5B,YACC,sDACA;CAEJ,MAAM,mBAAmB,QAAQ,WAC9B,WAAW,QAAQ,SAAS,6BAC5B,YACC,yDACA;AAEJ,QAAO;EACN,IAAI;EACJ,MAAM;EAEN,MAAM,uBAAuB,EAAE,OAAO,QAAQ,cAAc,eAAe;AAC1E,OAAI,CAAC,QAAQ,YAAY,CAAC,QAAQ,cAAc;AAC/C,WAAO,MACN,qGACA;AACD,UAAM,IAAI,gBAAgB,gCAAgC;;AAE3D,OAAI,CAAC,aACJ,OAAM,IAAI,gBAAgB,0CAA0C;GAGrE,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAU;IAAS;IAAU;AACjC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AAEnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA;IACA,QAAQ;IACR;IACA;IACA,aAAa,QAAQ,eAAe;IACpC,CAAC;;EAGH,2BAA2B,OAAO,EAAE,MAAM,cAAc,kBAAkB;AACzE,UAAO,0BAA0B;IAChC;IACA;IACA,aAAa,QAAQ,eAAe;IACpC;IACA;IACA,CAAC;;EAGH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,cAAc,QAAQ;KACtB;IACD;IACA,CAAC;;EAGL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;AAGlC,OAAI;IACH,MAAM,EAAE,MAAM,SAAS,MAAM,YAC5B,kBACA,EACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CACD;AAED,QAAI,CAAC,MAAM;AACV,YAAO,MAAM,4CAA4C;AACzD,YAAO;;IAGR,MAAM,UAAU,MAAM,QAAQ,mBAAmB,KAAK;AAEtD,WAAO;KACN,MAAM;MACL,IAAI,KAAK;MACT,MAAM,KAAK;MACX,OAAO,KAAK;MACZ,OAAO,KAAK,QAAQ,WAAW,KAAK,QAAQ;MAC5C,eAAe,KAAK,kBAAkB;MACtC,GAAG;MACH;KACD,MAAM;KACN;YACO,OAAO;AACf,WAAO,MAAM,8CAA8C,MAAM;AACjE,WAAO;;;EAIT;EACA"}