From ce617ce3f50ecaa7386c37b0e3d103ee9993c62d Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Tue, 7 May 2024 15:27:39 +0200
Subject: [PATCH] Add `Ory` provider

Ory supports two ways to run IAM - self-hosted or as a managed service. This PR adds a provider for the managed service and separates the managed provider and the self-hosted provider.
---
 packages/core/src/providers/ory-hydra.ts |  10 ++-
 packages/core/src/providers/ory.ts       | 100 +++++++++++++++++++++++
 2 files changed, 107 insertions(+), 3 deletions(-)
 create mode 100644 packages/core/src/providers/ory.ts

diff --git a/packages/core/src/providers/ory-hydra.ts b/packages/core/src/providers/ory-hydra.ts
index 25cb69a3bd..06ebc93213 100644
--- a/packages/core/src/providers/ory-hydra.ts
+++ b/packages/core/src/providers/ory-hydra.ts
@@ -23,7 +23,7 @@ export interface OryHydraProfile extends Record<string, any> {
 }
 
 /**
- * Add Ory Hydra login to your page.
+ * Add login with self-hosted Ory Hydra to your app.
  *
  * ### Setup
  *
@@ -55,8 +55,12 @@ export interface OryHydraProfile extends Record<string, any> {
  *
  * ### Notes
  *
- * Ory Hydra can be setup using the default Ory Network setup or self hosted on your own
+ * Ory Hydra can be setup using the default Ory Network setup or self-hosted on your own
  * infrastructure.
+ *
+ * This provider is best for self-hosted Ory Hydra instances. For the Ory Network, use the
+ * `Ory` provider.
+ *
  * By default, Auth.js assumes that the Ory Hydra provider is
  * based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
  *
@@ -82,7 +86,7 @@ export default function OryHydra<P extends OryHydraProfile>(
 ): OIDCConfig<P> {
   return {
     id: "hydra",
-    name: "Hydra",
+    name: "Ory Hydra",
     type: "oidc",
     style: {
       bg: "#fff",
diff --git a/packages/core/src/providers/ory.ts b/packages/core/src/providers/ory.ts
new file mode 100644
index 0000000000..ef8bfb66a9
--- /dev/null
+++ b/packages/core/src/providers/ory.ts
@@ -0,0 +1,100 @@
+/**
+ * <div style={{backgroundColor: "#000", display: "flex", justifyContent: "space-between", color: "#fff", padding: 16}}>
+ * <span>Built-in <b>Ory</b> integration.</span>
+ * <a href="https://www.ory.sh/">
+ *   <img style={{display: "block"}} src="https://authjs.dev/img/providers/ory.svg" height="48" />
+ * </a>
+ * </div>
+ *
+ * @module providers/ory
+ */
+import type { OIDCConfig, OIDCUserConfig } from "./index.js"
+
+export interface DefaultOryProfile extends Record<string, any> {
+  iss: string
+  ver: string
+  sub: string
+  aud: string
+  iat: string
+  exp: string
+  jti: string
+  amr: string
+  email?: string
+  email_verified?: boolean
+  preferred_username?: string
+  website?: string
+  given_name?: string
+  family_name?: string
+  name?: string
+  updated_at?: Date
+}
+
+/**
+ * Add login with Ory to your app.
+ *
+ * ### Setup
+ *
+ * #### Callback URL
+ *
+ * ```
+ * https://example.com/api/auth/callback/ory
+ * ```
+ *
+ * #### Configuration
+ *```js
+ * import Auth from "@auth/core"
+ * import Ory from "@auth/core/providers/ory"
+ *
+ * const request = new Request(origin)
+ * const response = await Auth(request, {
+ *   providers: [Ory({
+ *     clientId: ORY_CLIENT_ID,
+ *     clientSecret: ORY_CLIENT_SECRET,
+ *     issuer: ORY_SDK_URL // https://ory.yourdomain.com
+ *   })],
+ * })
+ * ```
+ *
+ * ### Resources
+ *
+ *  - [Ory + Auth.js integration](https://www.ory.sh/docs/getting-started/integrate-auth/auth-js)
+ *  - [Ory Documentation](https://www.ory.sh/docs)
+ *
+ * ### Notes
+ *
+ * This set up is optimized for Ory Network, a managed service by Ory. To use Auth.js with self-hosted Ory Hydra, use the `OryHydra` provider.
+ *
+ * The Ory integration is based on the [Open ID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification.
+ *
+ * :::tip
+ *
+ * The Ory provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/ory.ts).
+ * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers).
+ *
+ * :::
+ *
+ * :::info **Disclaimer**
+ *
+ * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue).
+ *
+ * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from
+ * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec,
+ * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions).
+ *
+ * :::
+ */
+export default function Ory<P extends DefaultOryProfile>(
+  options: OIDCUserConfig<P>
+): OIDCConfig<P> {
+  return {
+    id: "ory",
+    name: "Ory",
+    type: 'oidc',
+    checks: ["pkce", "state", "nonce"],
+    style: {
+      bg: "#fff",
+      text: "#0F172A",
+    },
+    options,
+  }
+}