https://github.com/alyldas/uniauth-authjs-bridge
Auth.js bridge helpers for UniAuth provider sign-in assertions.
https://github.com/alyldas/uniauth-authjs-bridge
auth authentication authjs bridge oauth typescript uniauth
Last synced: 2 days ago
JSON representation
Auth.js bridge helpers for UniAuth provider sign-in assertions.
- Host: GitHub
- URL: https://github.com/alyldas/uniauth-authjs-bridge
- Owner: alyldas
- License: other
- Created: 2026-05-26T15:13:13.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-05-27T18:07:57.000Z (about 1 month ago)
- Last Synced: 2026-05-27T18:16:48.725Z (about 1 month ago)
- Topics: auth, authentication, authjs, bridge, oauth, typescript, uniauth
- Language: TypeScript
- Homepage: https://github.com/alyldas/uniauth-authjs-bridge#readme
- Size: 42 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Security: SECURITY.md
- Notice: NOTICE
- Agents: AGENTS.md
Awesome Lists containing this project
README
# UniAuth Auth.js Bridge
[](https://github.com/users/alyldas/packages/npm/package/uniauth-authjs-bridge)
`@alyldas/uniauth-authjs-bridge` maps Auth.js OAuth/OIDC account and profile data into a UniAuth
`ProviderIdentityAssertion`.
## Runtime Boundary
This package does not own Auth.js setup, routes, callbacks, cookies, framework sessions, token
storage, token refresh, or provider SDK runtime. Use it only after Auth.js has already validated the
provider response.
## Install
Configure the GitHub Packages registry for the package scope before installing:
```ini
@alyldas:registry=https://npm.pkg.github.com
```
GitHub Packages can require authentication for package reads. Use a token with `read:packages` in local npm config or CI secrets; do not commit tokens.
```bash
npm install @alyldas/uniauth-core @alyldas/uniauth-authjs-bridge
```
## Usage
```ts
import { mapAuthJsOAuthToAssertion } from '@alyldas/uniauth-authjs-bridge'
const assertion = mapAuthJsOAuthToAssertion({
providerId: 'google-workspace',
account: {
provider: account.provider,
providerAccountId: account.providerAccountId,
type: account.type,
},
profile: profile
? {
sub: profile.sub,
id: profile.id,
name: profile.name,
email: profile.email,
email_verified: profile.email_verified,
phone_number: profile.phone_number,
phone_number_verified: profile.phone_number_verified,
preferred_username: profile.preferred_username,
picture: profile.picture,
locale: profile.locale,
}
: undefined,
user: user
? {
name: user.name ?? undefined,
email: user.email ?? undefined,
image: user.image ?? undefined,
}
: undefined,
metadata: {
tenantId,
},
})
await auth.public.provider.signIn({ assertion })
```
`providerAccountId` is treated as the exact provider identity key. If the profile subject disagrees
with it, the helper rejects the input.
Pass `providerId` when the UniAuth provider namespace should differ from the Auth.js provider id.
The original Auth.js provider id is then kept as `metadata.frameworkProviderId`.
## Security Notes
- Do not pass raw Auth.js account, profile, token, request, or session objects as metadata.
- Access tokens, refresh tokens, and ID tokens are never copied by this bridge.
- Token storage remains application-owned.
- UniAuth policy invariants still apply after mapping.
## Local Checks
```bash
npm run check
```