From a8dfc8ebb11ccb96fd694db888e52f0d20395e64 Mon Sep 17 00:00:00 2001
From: Doron Sharon <dorsha@descope.com>
Date: Mon, 26 Jun 2023 19:18:58 +0300
Subject: [PATCH] feat(providers): Add Descope provider (#7874)

* Add Descope provider

* Add Descope provider

* Remove dark logo, remove wellKnown, and fix user profile syntax

* Change to DESCOPE_SECRET

* Fix env comment

* Fix clientId extracting

* Change to client id
---
 .github/ISSUE_TEMPLATE/2_bug_provider.yml     |   1 +
 apps/dev/nextjs-v4/.env.local.example         |   3 +
 apps/dev/nextjs/.env.local.example            |   3 +
 .../nextjs/pages/api/auth/[...nextauth].ts    |   2 +
 apps/examples/nextjs/.env.local.example       |   3 +
 apps/examples/nextjs/process.d.ts             |   2 +
 docs/src/components/ProviderMarquee.js        |   1 +
 docs/static/img/providers/descope.svg         |  50 ++++++++
 packages/core/src/providers/descope.ts        | 111 ++++++++++++++++++
 9 files changed, 176 insertions(+)
 create mode 100644 docs/static/img/providers/descope.svg
 create mode 100644 packages/core/src/providers/descope.ts

diff --git a/.github/ISSUE_TEMPLATE/2_bug_provider.yml b/.github/ISSUE_TEMPLATE/2_bug_provider.yml
index ebacb231..f33d31b2 100644
--- a/.github/ISSUE_TEMPLATE/2_bug_provider.yml
+++ b/.github/ISSUE_TEMPLATE/2_bug_provider.yml
@@ -37,6 +37,7 @@ body:
         - "Bungie"
         - "Cognito"
         - "Coinbase"
+        - "Descope"
         - "Discord"
         - "Dropbox"
         - "EVE Online"
diff --git a/apps/dev/nextjs-v4/.env.local.example b/apps/dev/nextjs-v4/.env.local.example
index fa6a263d..16071773 100644
--- a/apps/dev/nextjs-v4/.env.local.example
+++ b/apps/dev/nextjs-v4/.env.local.example
@@ -13,6 +13,9 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 KEYCLOAK_ID=
 KEYCLOAK_SECRET=
 KEYCLOAK_ISSUER=
diff --git a/apps/dev/nextjs/.env.local.example b/apps/dev/nextjs/.env.local.example
index 254a1410..7c23f97e 100644
--- a/apps/dev/nextjs/.env.local.example
+++ b/apps/dev/nextjs/.env.local.example
@@ -22,6 +22,9 @@ BEYOND_IDENTITY_CLIENT_ID=
 BEYOND_IDENTITY_CLIENT_SECRET=
 BEYOND_IDENTITY_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 GITHUB_ID=
 GITHUB_SECRET=
 
diff --git a/apps/dev/nextjs/pages/api/auth/[...nextauth].ts b/apps/dev/nextjs/pages/api/auth/[...nextauth].ts
index 5c7c3ec6..ad7b787a 100644
--- a/apps/dev/nextjs/pages/api/auth/[...nextauth].ts
+++ b/apps/dev/nextjs/pages/api/auth/[...nextauth].ts
@@ -10,6 +10,7 @@ import BeyondIdentity from "@auth/core/providers/beyondidentity"
 import BoxyHQSAML from "@auth/core/providers/boxyhq-saml"
 // import Cognito from "@auth/core/providers/cognito"
 import Credentials from "@auth/core/providers/credentials"
+import Descope from "@auth/core/providers/descope"
 import Discord from "@auth/core/providers/discord"
 import DuendeIDS6 from "@auth/core/providers/duende-identity-server6"
 // import Email from "@auth/core/providers/email"
@@ -101,6 +102,7 @@ export const authConfig: AuthConfig = {
     }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
     // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
+    Descope({ clientId: process.env.DESCOPE_ID, clientSecret: process.env.DESCOPE_SECRET }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
     DuendeIDS6({ clientId: "interactive.confidential", clientSecret: "secret", issuer: "https://demo.duendesoftware.com" }),
     Facebook({ clientId: process.env.FACEBOOK_ID, clientSecret: process.env.FACEBOOK_SECRET }),
diff --git a/apps/examples/nextjs/.env.local.example b/apps/examples/nextjs/.env.local.example
index 2c86f73d..d14d1852 100644
--- a/apps/examples/nextjs/.env.local.example
+++ b/apps/examples/nextjs/.env.local.example
@@ -6,6 +6,9 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
+DESCOPE_ID=
+DESCOPE_SECRET=
+
 FACEBOOK_ID=
 FACEBOOK_SECRET=
 
diff --git a/apps/examples/nextjs/process.d.ts b/apps/examples/nextjs/process.d.ts
index b140ecb4..ef9f3fab 100644
--- a/apps/examples/nextjs/process.d.ts
+++ b/apps/examples/nextjs/process.d.ts
@@ -12,5 +12,7 @@ declare namespace NodeJS {
     GOOGLE_SECRET: string
     AUTH0_ID: string
     AUTH0_SECRET: string
+    DESCOPE_ID: string
+    DESCOPE_SECRET: string
   }
 }
diff --git a/docs/src/components/ProviderMarquee.js b/docs/src/components/ProviderMarquee.js
index 319716ee..f8f8186e 100644
--- a/docs/src/components/ProviderMarquee.js
+++ b/docs/src/components/ProviderMarquee.js
@@ -7,6 +7,7 @@ const icons = [
   "/img/providers/apple.svg",
   "/img/providers/auth0.svg",
   "/img/providers/cognito.svg",
+  "/img/providers/descope.svg",
   "/img/providers/battlenet.svg",
   "/img/providers/box.svg",
   "/img/providers/facebook.svg",
diff --git a/docs/static/img/providers/descope.svg b/docs/static/img/providers/descope.svg
new file mode 100644
index 00000000..d5c4409f
--- /dev/null
+++ b/docs/static/img/providers/descope.svg
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 26.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="194.7px" height="215.2px" viewBox="0 0 194.7 215.2" style="enable-background:new 0 0 194.7 215.2;" xml:space="preserve"
+	>
+<style type="text/css">
+	.st0{fill:url(#SVGID_1_);}
+	.st1{fill:url(#SVGID_00000004519561486438896460000001266960168497785022_);}
+	.st2{fill:url(#SVGID_00000049204468076180615810000015113731544435055266_);}
+	.st3{fill:url(#SVGID_00000116951257355544416270000003794629356563808950_);}
+</style>
+<g>
+	<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="68.3919" y1="222.1531" x2="185.0265" y2="41.0264">
+		<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+		<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+		<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+	</linearGradient>
+	<path class="st0" d="M129.8,174.7c7.6-1.6,14-4.8,19.2-9.7c7.7-7.3,8.8-17.1,8.8-29.4V80.7c0-12.3-1.1-22.1-8.8-29.4
+		c-5.2-4.9-11.6-8.1-19.2-9.7V15.4c12.5,1.8,22.9,6.5,31,14.2c10.6,10,19.9,23.5,19.9,40.5v75c0,17-9.3,30.5-19.9,40.5
+		c-8.1,7.7-18.5,12.4-31,14.2V174.7z"/>
+	
+		<linearGradient id="SVGID_00000040544740507634666800000017273841385603649669_" gradientUnits="userSpaceOnUse" x1="5.037" y1="181.3564" x2="121.6716" y2="0.2297">
+		<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+		<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+		<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+	</linearGradient>
+	<path style="fill:url(#SVGID_00000040544740507634666800000017273841385603649669_);" d="M33.9,29.6c8.1-7.7,18.5-12.4,31-14.2
+		v26.3c-7.6,1.6-14,4.8-19.2,9.7c-7.7,7.3-8.8,17-8.8,29.2v55.1c0,12.3,1.1,22.1,8.8,29.4c5.2,4.9,11.6,8.1,19.2,9.7v25.1
+		c-12.5-1.8-22.9-6.5-31-14.2c-10.6-10-19.9-23.5-19.9-40.5V69.8C13.9,53,23.2,39.6,33.9,29.6z"/>
+	<g>
+		
+			<linearGradient id="SVGID_00000060713993868866928010000000698955780952733088_" gradientUnits="userSpaceOnUse" x1="22.0278" y1="192.2974" x2="138.6624" y2="11.1707">
+			<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+			<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+			<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+		</linearGradient>
+		<path style="fill:url(#SVGID_00000060713993868866928010000000698955780952733088_);" d="M120.2,87.8l8.5-13.7l-17.8-9.4
+			l-7.5,14.2c-1.1,2.1-3.1,3.3-5.5,3.3c-2.3,0-4.4-1.2-5.5-3.3L85,64.7L67.3,74l12.3,19.7L120.2,87.8z"/>
+		
+			<linearGradient id="SVGID_00000115475840050352750520000000840372054167564949_" gradientUnits="userSpaceOnUse" x1="37.9651" y1="202.5601" x2="154.5998" y2="21.4334">
+			<stop  offset="1.481436e-07" style="stop-color:#0083B5"/>
+			<stop  offset="0.4173" style="stop-color:#00FFFF"/>
+			<stop  offset="0.9952" style="stop-color:#6FF12D"/>
+		</linearGradient>
+		<path style="fill:url(#SVGID_00000115475840050352750520000000840372054167564949_);" d="M142.4,97.7l-87.8,0.8v17.7l27.5-0.1
+			l-14.8,23.8l17.7,9.3l7.5-14.2c1.1-2.1,3.1-3.3,5.5-3.3c2.3,0,4.4,1.2,5.5,3.3l7.5,14.2l17.8-9.4l-12-19.3L93.7,116l48.7-0.2V97.7
+			z"/>
+	</g>
+</g>
+</svg>
diff --git a/packages/core/src/providers/descope.ts b/packages/core/src/providers/descope.ts
new file mode 100644
index 00000000..401c258a
--- /dev/null
+++ b/packages/core/src/providers/descope.ts
@@ -0,0 +1,111 @@
+/**
+ * <div style={{display: "flex", justifyContent: "space-between", alignItems: "center"}}>
+ * <span style={{fontSize: "1.35rem" }}>
+ *  Built-in sign in with <b>Descope</b> integration.
+ * </span>
+ * <a href="https://descope.com" style={{backgroundColor: "#000000", padding: "12px", borderRadius: "100%" }}>
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/descope.svg" width="24"/>
+ * </a>
+ * </div>
+ *
+ * @module providers/descope
+ */
+
+import type { OIDCConfig, OIDCUserConfig } from "./index.js"
+
+/** The returned user profile from Descope when using the profile callback. */
+export interface DescopeProfile {
+  /** The user Descope ID */
+  sub: string
+  name: string
+  email: string
+  email_verified: boolean
+  phone_number: string
+  phone_number_verified: boolean
+  picture: string
+  /** Custom user's attributes */
+  [claim: string]: unknown
+}
+
+/**
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ * ```
+ * https://example.com/api/auth/callback/descope
+ * ```
+ *
+ * #### Configuration
+ *
+ * Import the provider and configure it in your **Auth.js** initialization file:
+ *
+ * ```ts title="pages/api/auth/[...nextauth].ts"
+ * import NextAuth from "next-auth"
+ * import DescopeProvider from "next-auth/providers/descope";
+ *
+ * export default NextAuth({
+ *  providers: [
+ *    DescopeProvider({
+ *      clientId: process.env.DESCOPE_ID,
+ *      clientSecret: process.env.DESCOPE_SECRET,
+ *    }),
+ *  ],
+ * })
+ * ```
+ *
+ * ### Configuring Descope
+ *
+ * Follow these steps:
+ *
+ * 1. Log into the [Descope console](https://app.descope.com)
+ * 2. Follow the [OIDC instructions](https://docs.descope.com/customize/auth/oidc)
+ *
+ * Then, create a `.env.local` file in the project root add the following entries:
+ *
+ * Get the following from the Descope's console:
+ * ```
+ * DESCOPE_ID="<Descope Issuer's last url segment>" # Descope's Issuer can be found in "Authentication Methods > SSO > Identity Provider" (Can also be taken from "Project > Project ID")
+ * DESCOPE_SECRET="<Descope Access Key>" # Manage > Access Keys
+ * ```
+ *
+ * ### Resources
+ *
+ * - [Descope OIDC](https://docs.descope.com/customize/auth/oidc)
+ * - [Descope Flows](https://docs.descope.com/customize/flows)
+ *
+ * ### Notes
+ *
+ * The Descope provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/descope.ts). To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/providers/custom-provider#override-default-options).
+ *
+ * :::info
+ * By default, Auth.js assumes that the Descope provider is based on the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) spec
+ * :::
+ *
+ * ## Help
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ */
+export default function Descope(
+  config: OIDCUserConfig<DescopeProfile>
+): OIDCConfig<DescopeProfile> {
+  return {
+    id: "descope",
+    name: "Descope",
+    type: "oidc",
+    clientId: `https://api.descope.com/${config.clientId}`,
+    style: {
+      logo: "/descope.svg",
+      logoDark: "/descope.svg",
+      bg: "#1C1C23",
+      text: "#ffffff",
+      bgDark: "#1C1C23",
+      textDark: "#ffffff",
+    },
+    options: config,
+  }
+}