authjs-divar
v1.0.0
Published
Custom Divar OAuth provider for Auth.js
Readme
Auth.js Divar Provider
A TypeScript-first OAuth provider for integrating Divar authentication with Auth.js.
This package enables secure sign-in with Divar, handles the required OAuth flow, and normalizes the user profile returned by the Divar API.
✨ Features
- 🔐 Secure OAuth2 authentication with Divar
- ⚡ Native compatibility with Auth.js / NextAuth
- 📦 Strong TypeScript typings for configuration and profile data
- 👤 Automatic normalization of user fields
- 🧩 Built-in support for the required
x-api-keyheader flow - 🔄 Support for refresh-token scopes such as
offline_access - 🛡️ Designed for server-side use only
📦 Installation
npm install authjs-divaror
pnpm add authjs-divar🚀 Usage
Auth.js configuration
import { Divar } from "authjs-divar";
export const authOptions = {
providers: [
Divar({
clientId: process.env.AUTH_DIVAR_ID!,
clientSecret: process.env.AUTH_DIVAR_SECRET!,
}),
],
};You can also import the exported scope constants when you want to customize the requested permissions explicitly:
import { Divar, DIVAR_SCOPES } from "authjs-divar";
Divar({
clientId: process.env.AUTH_DIVAR_ID!,
clientSecret: process.env.AUTH_DIVAR_SECRET!,
scope: [
DIVAR_SCOPES.OFFLINE_ACCESS,
DIVAR_SCOPES.USER_ID,
DIVAR_SCOPES.USER_PHONE,
].join(" "),
});🔐 Environment Variables
Create a .env.local file and configure the following values:
AUTH_DIVAR_ID=
AUTH_DIVAR_SECRET=
DIVAR_BACKEND_API_KEY=Optional overrides are also supported for custom endpoint configuration:
AUTH_DIVAR_AUTHORIZATION=
AUTH_DIVAR_TOKEN=
AUTH_DIVAR_USERINFO=📖 Environment Variable Reference
| Variable | Description |
| --- | --- |
| AUTH_DIVAR_ID | OAuth client ID provided by Divar |
| AUTH_DIVAR_SECRET | OAuth client secret provided by Divar |
| DIVAR_BACKEND_API_KEY | API key used for Divar user profile requests |
| AUTH_DIVAR_AUTHORIZATION | Optional override for the authorization URL |
| AUTH_DIVAR_TOKEN | Optional override for the token URL |
| AUTH_DIVAR_USERINFO | Optional override for the user info URL |
🔄 Authentication Flow
The provider follows this flow:
- The user is redirected to the Divar sign-in page.
- The user grants the requested permissions.
- Divar redirects back with an authorization code.
- Auth.js exchanges the code for an access token.
- The provider fetches the normalized profile from Divar.
- The authenticated user is attached to the session.
User → Divar OAuth → Authorization Code → Access Token → User Profile → Auth.js Session👤 Returned User Profile
The provider normalizes Divar responses into a consistent shape:
{
id: string;
phoneNumber: string;
}🧠 Scope Configuration
The default scope set is:
offline_access USER_ID USER_PHONE NOTIFICATION_ACCESS_REVOCATIONYou can override this behavior by passing a custom scope value to the provider.
⚙️ Provider Options
Divar({
clientId: string;
clientSecret: string;
scope?: string;
})🔒 Security Notes
- The provider should only be used in server-side code.
- Do not expose API keys or secrets to the client.
- Access tokens are handled by Auth.js.
- Never expose
x-api-keyin browser-side code.
🧪 TypeScript Support
The package is fully typed and includes strict TypeScript support.
If you want to extend the user shape in your application, you can augment the Auth.js user type like this:
declare module "@auth/core/types" {
interface User {
phoneNumber?: string;
}
}🧱 Tech Stack
- Auth.js
- OAuth2
- TypeScript
- Fetch API
📁 Project Structure
src/
├── provider.ts # Core OAuth provider
├── index.ts # Public exports
├── types.ts # Type definitions
└── constants.ts # OAuth endpoints and scope definitions🤝 Contributing
Contributions are welcome.
Please see CONTRIBUTING.md for development setup and contribution guidelines.
We also recommend reviewing the project's CODE_OF_CONDUCT.
📄 License
This project is licensed under the MIT License.
⭐ Motivation
This package was created to make Divar authentication easier to integrate into modern applications that already rely on Auth.js.