feat(providers): Add Descope provider (#7874)

* Add Descope provider

* Add Descope provider

* Remove dark logo, remove wellKnown, and fix user profile syntax

* Change to DESCOPE_SECRET

* Fix env comment

* Fix clientId extracting

* Change to client id

Author: dorsha

.github/ISSUE_TEMPLATE/2_bug_provider.yml

@@ -37,6 +37,7 @@ body:
         - "Bungie"
         - "Cognito"
         - "Coinbase"
+        - "Descope"
         - "Discord"
         - "Dropbox"
         - "EVE Online"

apps/dev/nextjs-v4/.env.local.example

@@ -13,6 +13,9 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 KEYCLOAK_ID=
 KEYCLOAK_SECRET=
 KEYCLOAK_ISSUER=

apps/dev/nextjs/.env.local.example

@@ -22,6 +22,9 @@ BEYOND_IDENTITY_CLIENT_ID=
 BEYOND_IDENTITY_CLIENT_SECRET=
 BEYOND_IDENTITY_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 GITHUB_ID=
 GITHUB_SECRET=
 

apps/dev/nextjs/pages/api/auth/[...nextauth].ts

@@ -10,6 +10,7 @@ import BeyondIdentity from "@auth/core/providers/beyondidentity"
 import BoxyHQSAML from "@auth/core/providers/boxyhq-saml"
 // import Cognito from "@auth/core/providers/cognito"
 import Credentials from "@auth/core/providers/credentials"
+import Descope from "@auth/core/providers/descope"
 import Discord from "@auth/core/providers/discord"
 import DuendeIDS6 from "@auth/core/providers/duende-identity-server6"
 // import Email from "@auth/core/providers/email"
@@ -101,6 +102,7 @@ export const authConfig: AuthConfig = {
     }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
     // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
+    Descope({ clientId: process.env.DESCOPE_ID, clientSecret: process.env.DESCOPE_SECRET }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
     DuendeIDS6({ clientId: "interactive.confidential", clientSecret: "secret", issuer: "https://demo.duendesoftware.com" }),
     Facebook({ clientId: process.env.FACEBOOK_ID, clientSecret: process.env.FACEBOOK_SECRET }),

apps/examples/nextjs/.env.local.example

@@ -6,6 +6,9 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 FACEBOOK_ID=
 FACEBOOK_SECRET=
 

apps/examples/nextjs/process.d.ts

@@ -12,5 +12,7 @@ declare namespace NodeJS {
     GOOGLE_SECRET: string
     AUTH0_ID: string
     AUTH0_SECRET: string
+    DESCOPE_ID: string
+    DESCOPE_SECRET: string
   }
 }

docs/src/components/ProviderMarquee.js

@@ -7,6 +7,7 @@ const icons = [
   "/img/providers/apple.svg",
   "/img/providers/auth0.svg",
   "/img/providers/cognito.svg",
+  "/img/providers/descope.svg",
   "/img/providers/battlenet.svg",
   "/img/providers/box.svg",
   "/img/providers/facebook.svg",

docs/static/img/providers/descope.svg

@@ -0,0 +1,111 @@
+/**
+ * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
+ * <span style={{fontSize: "1.35rem" }}>
+ *  Built-in sign in with <b>Descope</b> integration.
+ * </span>
+ * <a href="https://descope.com" style={{backgroundColor: "#000000", padding: "12px", borderRadius: "100%" }}>
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/descope.svg" width="24"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/descope
+ */
+
+import type { OIDCConfig, OIDCUserConfig } from "./index.js"
+
+/** The returned user profile from Descope when using the profile callback. */
+export interface DescopeProfile {
+  /** The user Descope ID */
+  sub: string
+  name: string
+  email: string
+  email_verified: boolean
+  phone_number: string
+  phone_number_verified: boolean
+  picture: string
+  /** Custom user's attributes */
+  [claim: string]: unknown
+}
+
+/**
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/descope
+ * ```
+ *
+ * #### Configuration
+ *
+ * Import the provider and configure it in your **Auth.js** initialization file:
+ *
+ * ```ts title="pages/api/auth/[...nextauth].ts"
+ * import NextAuth from "next-auth"
+ * import DescopeProvider from "next-auth/providers/descope";
+ *
+ * export default NextAuth({
+ *  providers: [
+ *    DescopeProvider({
+ *      clientId: process.env.DESCOPE_ID,
+ *      clientSecret: process.env.DESCOPE_SECRET,
+ *    }),
+ *  ],
+ * })
+ * ```
+ *
+ * ### Configuring Descope
+ *
+ * Follow these steps:
+ *
+ * 1. Log into the [Descope console](https://app.descope.com)
+ * 2. Follow the [OIDC instructions](https://docs.descope.com/customize/auth/oidc)
+ *
+ * Then, create a `.env.local` file in the project root add the following entries:
+ *
+ * Get the following from the Descope's console:
+ * ```
+ * DESCOPE_ID="<Descope Issuer's last url segment>" # Descope's Issuer can be found in "Authentication Methods > SSO > Identity Provider" (Can also be taken from "Project > Project ID")
+ * DESCOPE_SECRET="<Descope Access Key>" # Manage > Access Keys
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Descope OIDC](https://docs.descope.com/customize/auth/oidc)
+ * - [Descope Flows](https://docs.descope.com/customize/flows)
+ *
+ * ### Notes
+ *
+ * The Descope provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/descope.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::info
+ * By default, Auth.js assumes that the Descope provider is based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) spec
+ * :::
+ *
+ * ## Help
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ */
+export default function Descope(
+  config: OIDCUserConfig<DescopeProfile>
+): OIDCConfig<DescopeProfile> {
+  return {
+    id: "descope",
+    name: "Descope",
+    type: "oidc",
+    clientId: `https://api.descope.com/${config.clientId}`,
+    style: {
+      logo: "/descope.svg",
+      logoDark: "/descope.svg",
+      bg: "#1C1C23",
+      text: "#ffffff",
+      bgDark: "#1C1C23",
+      textDark: "#ffffff",
+    },
+    options: config,
+  }
+}