🔐

@radzor/auth-oauth

OAuth 2.0 authentication flow supporting multiple providers (Google, GitHub, Discord). Handles token exchange, session management, and user profile retrieval.

Authenticationv0.1.0typescriptpythonoauthauthenticationloginsessionjwt822 downloadsby Radzor

Install

View source on GitHub →

$npx radzor add auth-oauth

⚠ Constraints: Requires OAuth client credentials (client ID + secret) for each provider. Server-side token exchange requires a backend route.

Inputs

Name	Type	Default	Description
providers*	Array<'google' \| 'github' \| 'discord'>	—	List of OAuth providers to enable.
redirectUrl*	string	—	URL to redirect to after successful authentication.
scopes	string[]	openid,profile,email	OAuth scopes to request from the provider.
sessionDuration	number	86400	Session duration in seconds (default: 24 hours).

Outputs

Name	Type	Description
session	AuthSession	Current authentication session containing access token, refresh token, and expiry.
user	UserProfile	Authenticated user profile with id, email, name, and avatar.

Actions

login(provider: string)→ Promise<AuthSession>

Initiate the OAuth login flow with the specified provider.

logout()→ Promise<void>

End the current session and revoke tokens.

getSession()→ AuthSession | null

Get the current authentication session, or null if not authenticated.

refreshToken()→ Promise<AuthSession>

Manually refresh the access token using the refresh token.

Events

onLogin{userId: string, provider: string}

Fired when a user successfully authenticates.

onLogout{userId: string}

Fired when a user logs out.

onTokenRefresh{expiresAt: number}

Fired when the access token is automatically refreshed.

onError{code: string, message: string}

Fired on authentication errors (invalid token, provider error, etc.).

Composability

session→

@radzor/realtime-chat.input.authSession@radzor/stripe-checkout.input.authSession

user→

@radzor/realtime-chat.input.userProfile@radzor/stripe-checkout.input.userProfile

radzor.manifest.json

{
  "llm": {
    "constraints": "Requires OAuth client credentials (client ID + secret) for each provider. Server-side token exchange requires a backend route.",
    "usageExamples": "llm/examples.md",
    "integrationPrompt": "llm/integration.md"
  },
  "name": "@radzor/auth-oauth",
  "tags": [
    "oauth",
    "authentication",
    "login",
    "session",
    "jwt"
  ],
  "events": [
    {
      "name": "onLogin",
      "payload": {
        "userId": "string",
        "provider": "string"
      },
      "description": "Fired when a user successfully authenticates."
    },
    {
      "name": "onLogout",
      "payload": {
        "userId": "string"
      },
      "description": "Fired when a user logs out."
    },
    {
      "name": "onTokenRefresh",
      "payload": {
        "expiresAt": "number"
      },
      "description": "Fired when the access token is automatically refreshed."
    },
    {
      "name": "onError",
      "payload": {
        "code": "string",
        "message": "string"
      },
      "description": "Fired on authentication errors (invalid token, provider error, etc.)."
    }
  ],
  "inputs": [
    {
      "name": "providers",
      "type": "Array<'google' | 'github' | 'discord'>",
      "required": true,
      "description": "List of OAuth providers to enable."
    },
    {
      "name": "redirectUrl",
      "type": "string",
      "required": true,
      "description": "URL to redirect to after successful authentication."
    },
    {
      "name": "scopes",
      "type": "string[]",
      "default": [
        "openid",
        "profile",
        "email"
      ],
      "required": false,
      "description": "OAuth scopes to request from the provider."
    },
    {
      "name": "sessionDuration",
      "type": "number",
      "default": 86400,
      "required": false,
      "description": "Session duration in seconds (default: 24 hours)."
    }
  ],
  "radzor": "1.0.0",
  "actions": [
    {
      "name": "login",
      "params": [
        {
          "name": "provider",
          "type": "string",
          "description": "The OAuth provider to authenticate with."
        }
      ],
      "returns": "Promise<AuthSession>",
      "description": "Initiate the OAuth login flow with the specified provider."
    },
    {
      "name": "logout",
      "params": [],
      "returns": "Promise<void>",
      "description": "End the current session and revoke tokens."
    },
    {
      "name": "getSession",
      "params": [],
      "returns": "AuthSession | null",
      "description": "Get the current authentication session, or null if not authenticated."
    },
    {
      "name": "refreshToken",
      "params": [],
      "returns": "Promise<AuthSession>",
      "description": "Manually refresh the access token using the refresh token."
    }
  ],
  "outputs": [
    {
      "name": "session",
      "type": "AuthSession",
      "description": "Current authentication session containing access token, refresh token, and expiry."
    },
    {
      "name": "user",
      "type": "UserProfile",
      "description": "Authenticated user profile with id, email, name, and avatar."
    }
  ],
  "version": "0.1.0",
  "category": "auth",
  "languages": [
    "typescript",
    "python"
  ],
  "description": "OAuth 2.0 authentication flow supporting multiple providers (Google, GitHub, Discord). Handles token exchange, session management, and user profile retrieval.",
  "dependencies": {
    "packages": {
      "jose": "^5.0.0"
    }
  },
  "composability": {
    "connectsTo": [
      {
        "output": "session",
        "compatibleWith": [
          "@radzor/realtime-chat.input.authSession",
          "@radzor/stripe-checkout.input.authSession"
        ]
      },
      {
        "output": "user",
        "compatibleWith": [
          "@radzor/realtime-chat.input.userProfile",
          "@radzor/stripe-checkout.input.userProfile"
        ]
      }
    ]
  }
}

Version History

0.1.0

Initial release

4/3/2026