@radzor/auth-oauth

OAuth 2.0 authentication flow supporting multiple providers (Google, GitHub, Discord). Handles token exchange, session management, and user profile retrieval.

Authenticationv0.1.0typescriptpythonServeroauthauthenticationloginsessionjwtby Radzor

Install

View source on GitHub →

$npx radzor@latest add auth-oauth

⚠ Constraints: Requires OAuth client credentials (client ID + secret) for each provider. Server-side token exchange requires a backend route.

Inputs

Name	Type	Default	Description
providers*	Array<'google' \| 'github' \| 'discord'>	—	List of OAuth providers to enable.
redirectUrl*	string	—	URL to redirect to after successful authentication.
scopes	string[]	openid,profile,email	OAuth scopes to request from the provider.
sessionDuration	number	86400	Session duration in seconds (default: 24 hours).
clientCredentials*	Record<string, { clientId: string; clientSecret: string }>	—	OAuth client credentials for each enabled provider. Keys must match the provider names.
jwtSecret*	string	—

{ "llm": { "constraints": "Requires OAuth client credentials (client ID + secret) for each provider. Server-side token exchange requires a backend route.", "usageExamples": "llm/examples.md", "integrationPrompt": "llm/integration.md" }, "name": "@radzor/auth-oauth", "tags": [ "oauth", "authentication", "login", "session", "jwt" ], "events": [ { "name": "onLogin", "payload": { "userId": "string", "provider": "string" }, "description": "Fired when a user successfully authenticates." }, { "name": "onLogout", "payload": { "userId": "string" }, "description": "Fired when a user logs out." }, { "name": "onTokenRefresh", "payload": { "expiresAt": "number" }, "description": "Fired when the access token is automatically refreshed." }, { "name": "onError", "payload": { "code": "string", "message": "string" }, "description": "Fired on authentication errors (invalid token, provider error, etc.)." } ], "inputs": [ { "name": "providers", "type": "Array<'google' | 'github' | 'discord'>", "required": true, "description": "List of OAuth providers to enable." }, { "name": "redirectUrl", "type": "string", "required": true, "description": "URL to redirect to after successful authentication." }, { "name": "scopes", "type": "string[]", "default": [ "openid", "profile", "email" ], "required": false, "description": "OAuth scopes to request from the provider." }, { "name": "sessionDuration", "type": "number", "default": 86400, "required": false, "description": "Session duration in seconds (default: 24 hours)." }, { "name": "clientCredentials", "type": "Record<string, { clientId: string; clientSecret: string }>", "required": true, "description": "OAuth client credentials for each enabled provider. Keys must match the provider names." }, { "name": "jwtSecret", "type": "string", "envVar": "JWT_SECRET", "required": true, "description": "Secret key used to sign and verify JWT session tokens." } ], "radzor": "1.0.0", "actions": [ { "name": "login", "params": [ { "name": "provider", "type": "string", "description": "The OAuth provider to authenticate with." } ], "returns": "Promise<string>", "description": "Get the authorization URL to redirect the user to for the specified provider." }, { "name": "handleCallback", "params": [ { "name": "provider", "type": "string", "description": "The OAuth provider that sent the callback." }, { "name": "code", "type": "string", "description": "The authorization code from the OAuth callback." } ], "returns": "Promise<AuthSession>", "description": "Exchange the authorization code for tokens and fetch the user profile." }, { "name": "logout", "params": [], "returns": "Promise<void>", "description": "End the current session and revoke tokens." }, { "name": "getSession", "params": [], "returns": "AuthSession | null", "description": "Get the current authentication session, or null if not authenticated." }, { "name": "getUser", "params": [], "returns": "UserProfile | null", "description": "Get the current authenticated user profile, or null if not authenticated." }, { "name": "refreshToken", "params": [], "returns": "Promise<AuthSession>", "description": "Manually refresh the access token using the refresh token." }, { "name": "createSessionToken", "params": [], "returns": "Promise<string>", "description": "Create a signed JWT for the current session (for server-side cookies)." }, { "name": "verifySessionToken", "params": [ { "name": "token", "type": "string", "description": "The JWT session token to verify." } ], "returns": "Promise<JWTPayload>", "description": "Verify and decode a session JWT." } ], "outputs": [ { "name": "session", "type": "AuthSession", "fields": [ { "name": "accessToken", "type": "string" }, { "name": "refreshToken", "type": "string" }, { "name": "expiresAt", "type": "number" }, { "name": "provider", "type": "string" } ], "description": "Current authentication session containing access token, refresh token, and expiry." }, { "name": "user", "type": "UserProfile", "fields": [ { "name": "id", "type": "string" }, { "name": "email", "type": "string" }, { "name": "name", "type": "string" }, { "name": "avatar", "type": "string | null" }, { "name": "provider", "type": "string" } ], "description": "Authenticated user profile with id, email, name, and avatar." } ], "runtime": "server", "version": "0.1.0", "category": "auth", "languages": [ "typescript", "python" ], "description": "OAuth 2.0 authentication flow supporting multiple providers (Google, GitHub, Discord). Handles token exchange, session management, and user profile retrieval.", "dependencies": { "packages": { "jose": "^5.0.0" } }, "composability": { "connectsTo": [ { "output": "session", "compatibleWith": [ "@radzor/session-manager.action.create.data" ] }, { "event": "onLogin", "description": "Notify on new user login/signup.", "compatibleWith": [ "@radzor/email-send.action.send.message", "@radzor/slack-bot.action.sendMessage.text", "@radzor/event-bus.action.publish.payload" ] } ] } }

@radzor/auth-oauth

Install

Inputs

Outputs

Actions

Events

Composability

radzor.manifest.json

Version History

Name	Type	Description
session	AuthSession	Current authentication session containing access token, refresh token, and expiry. .accessTokenstring .refreshTokenstring .expiresAtnumber .providerstring
user	UserProfile	Authenticated user profile with id, email, name, and avatar. .idstring .emailstring .namestring .avatarstring \| null .providerstring