start-oauth@1.3.0

Author: thomasbuilds

.github/workflows/codeql.yml

@@ -0,0 +1,46 @@
+name: CodeQL Analysis
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+jobs:
+  analyze:
+    name: Analyze Code
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [javascript-typescript]
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - uses: pnpm/action-setup@v4
+        with:
+          version: latest
+      - uses: actions/setup-node@v5
+        with:
+          node-version: 22
+          cache: pnpm
+      - run: pnpm install --frozen-lockfile
+        if: steps.setup-node.outputs.cache-hit != 'true'
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: none
+          queries: +security-and-quality
+      - uses: github/codeql-action/analyze@v3
+        with:
+          category: /language:javascript-typescript
+          output: ./codeql-results
+          upload: true
+      - uses: actions/upload-artifact@v4
+        with:
+          name: codeql-results
+          path: ./codeql-results

.gitignore

@@ -1,3 +1 @@
 node_modules
-package-lock.json
-pnpm-lock.yaml

CONTRIBUTING.md

@@ -0,0 +1,20 @@
+## Reporting Issues
+
+If you find a bug or have an idea for improvement, please [open an issue](https://github.com/thomasbuilds/start-oauth/issues) on GitHub. Provide as much detail as possible, including steps to reproduce the issue if applicable.
+
+## Adding Providers
+
+To add support for a new OAuth provider
+
+1. Duplicate an existing provider file (e.g. [`src/providers/google.ts`](src/providers/google.ts))
+2. Update the endpoints, configuration options, and any provider-specific links
+3. Ensure your implementation aligns with the structure and flow of existing providers
+4. Submit a pull request with your changes
+
+## Pull Requests
+
+Before submitting a pull request
+
+- Ensure your code adheres to the project's coding style (`npm run format`)
+- Test your changes thoroughly to avoid breaking existing functionality
+- Update documentation if your contribution affects usage or configuration

README.md

@@ -1,82 +1,71 @@
-[![Banner](https://assets.solidjs.com/banner?background=tiles&project=oauth)](https://github.com/solidjs)
-
 <div align="center">
 
+[![Banner](https://assets.solidjs.com/banner?background=tiles&type=Start&project=oauth)](https://github.com/solidjs/solid-start)
+
 [![Version](https://img.shields.io/npm/v/start-oauth.svg?style=for-the-badge&color=blue&logo=npm)](https://www.npmjs.com/package/start-oauth)
 [![Downloads](https://img.shields.io/npm/dm/start-oauth.svg?style=for-the-badge&color=green&logo=npm)](https://www.npmjs.com/package/start-oauth)
 [![Stars](https://img.shields.io/github/stars/thomasbuilds/start-oauth.svg?style=for-the-badge&color=yellow&logo=github)](https://github.com/thomasbuilds/start-oauth)
 [![Prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=for-the-badge&logo=prettier&logoColor=white)](https://github.com/prettier/prettier)
 
 </div>
 
-Lightweight and secure OAuth 2.1 for [SolidStart](https://github.com/solidjs/solid-start) — access the `name`, `email`, and `image` of authenticated users.
+**Lightweight and Secure OAuth2 for [SolidStart](https://start.solidjs.com)** — Access the `name`, `email`, and when available `image` of authenticated users.
 For extended usage, the `provider` name and access `token` are included in the `oauth` object.
 
-**Supported Providers:** Amazon, Discord, GitHub, Google, LinkedIn, Microsoft, Spotify, and Yahoo
+**Supported Providers:** Amazon, Discord, GitHub, Google, LinkedIn, Microsoft, Spotify, X, and Yahoo
 
 ## Installation
 
-```bash
-# using npm
-npm install start-oauth
-```
-
-```bash
-# using pnpm
-pnpm add start-oauth
-```
+Add `start-oauth` as a dependency in your **SolidStart** app
 
 ```bash
-# using bun
-bun add start-oauth
+# use preferred package manager
+npm add start-oauth
 ```
 
 ## Configuration
 
 Create a catch-all API route at `routes/api/oauth/[...oauth].ts`
 
 ```ts
+import OAuth from "start-oauth";
 import { redirect } from "@solidjs/router";
-import OAuth, { type Configuration } from "start-oauth";
 
-const config: Configuration = {
-  password: process.env.SESSION_SECRET,
+export const GET = OAuth({
+  password: process.env.PASSWORD!, // openssl rand -hex 32
   discord: {
-    id: process.env.DISCORD_ID,
-    secret: process.env.DISCORD_SECRET,
+    id: process.env.DISCORD_ID!,
+    secret: process.env.DISCORD_SECRET!
   },
   google: {
-    id: process.env.GOOGLE_ID,
-    secret: process.env.GOOGLE_SECRET,
+    id: process.env.GOOGLE_ID!,
+    secret: process.env.GOOGLE_SECRET!
   },
   async handler({ name, email, image, oauth }, redirectTo) {
-    // implement your logic (e.g. database call, session creation)
-    const session = await getSession();
-    await session.update({ name, email, image });
+    // add your logic (e.g. database call, session creation)
+    // const session = await getSession();
+    // await session.update({ name, email, image });
 
-    // then redirect user
     return redirect(
       // only allow internal redirects
       redirectTo?.startsWith("/") && !redirectTo.startsWith("//")
         ? redirectTo
-        : "/default"
+        : "/defaultPage"
     );
-  },
-};
-
-export const GET = OAuth(config);
+  }
+});
 ```
 
 In your OAuth provider's dashboard, set the redirect URIs
 
-- **Production**: `https://your-domain.com/api/oauth/[provider]`
 - **Development**: `http://localhost:3000/api/oauth/[provider]`
+- **Production**: `https://your-domain.com/api/oauth/[provider]`
 
 ## Usage
 
 ```tsx
-// for example routes/login.tsx
-import useOAuthLogin from "start-oauth/client";
+// for example in routes/login.tsx
+import { useOAuthLogin } from "start-oauth";
 
 export default function Login() {
   const login = useOAuthLogin();
@@ -103,17 +92,17 @@ See `start-oauth` in action with the SolidStart [with-auth](https://github.com/s
 
 ```bash
 # using npm
-npm create solid -- --s --t with-auth
+npm create solid@latest -- -s -t with-auth
 ```
 
 ```bash
 # using pnpm
-pnpm create solid --s --t with-auth
+pnpm create solid@latest -s -t with-auth
 ```
 
 ```bash
 # using bun
-bun create solid --s --t with-auth
+bun create solid@latest --s --t with-auth
 ```
 
 ## Security Features
@@ -122,7 +111,3 @@ bun create solid --s --t with-auth
 - AES-256-GCM encryption for state parameters to prevent tampering
 - Timeout-protected HTTP requests to avoid hanging connections
 - Strict validation of fallback URLs to prevent open redirects
-
-## Contributing
-
-Contributions are welcome! To add a new provider, duplicate an existing [provider](src/providers/google.ts), update the configuration links, and submit a pull request!

package.json

@@ -1,40 +1,42 @@
 {
   "name": "start-oauth",
-  "version": "1.2.6",
-  "description": "Lightweight and secure OAuth2 for SolidStart",
+  "version": "1.3.0",
+  "description": "Lightweight and Secure OAuth2 for SolidStart",
+  "keywords": [
+    "api",
+    "oauth2",
+    "crypto",
+    "solidjs",
+    "solid-router",
+    "solidstart"
+  ],
   "homepage": "https://github.com/thomasbuilds/start-oauth#readme",
+  "bugs": {
+    "url": "https://github.com/thomasbuilds/start-oauth/issues"
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/thomasbuilds/start-oauth.git"
   },
-  "bugs": {
-    "url": "https://github.com/thomasbuilds/start-oauth/issues"
-  },
+  "license": "MIT",
+  "author": "thomasbuilds",
+  "sideEffects": false,
   "type": "module",
-  "types": "src/index.ts",
-  "exports": {
-    ".": "./src/index.ts",
-    "./client": "./src/client.ts"
-  },
+  "main": "src/index.ts",
   "files": [
     "src"
   ],
-  "author": "thomasbuilds",
-  "keywords": [
-    "api",
-    "oauth2",
-    "solidstart",
-    "crypto"
-  ],
-  "license": "MIT",
-  "sideEffects": false,
+  "scripts": {
+    "format": "prettier --write . --trailing-comma none"
+  },
+  "devDependencies": {
+    "@types/node": "^24.3.1",
+    "prettier": "^3.6.2"
+  },
   "peerDependencies": {
     "@solidjs/router": "^0.15.3",
     "@solidjs/start": "^1.1.7"
   },
-  "devDependencies": {
-    "@types/node": "^24.3.0"
-  },
   "engines": {
     "node": ">=22"
   }