Pure OAuth 2.0 for any JavaScript runtime.
No framework lock-in. No middleware. Just a clean 3-step OAuth flow that works on Deno, Node.js, and Bun.
Every provider follows the same 3-step flow:
// 1. Generate the authorization URL and redirect the user
const url = await oauth.getAuthRequestUri({ state: "random_state" });
// 2. Exchange the authorization code for an access token
const token = await oauth.getAccessTokenResponse(code);
// 3. Fetch the user profile
const user = await oauth.getUserProfile(token.accessToken);For OIDC providers (e.g. Google), you can skip the extra HTTP request and extract the profile directly from the
id_token:
const user = await oauth.getUserProfileFromIdToken(token.idToken);The token's signature (via JWKS), issuer, audience, and expiration are all verified.
| Provider | OIDC |
|---|---|
| Discord | not supported |
| ✓ | |
| GitHub | not supported |
| GitLab | ✓ |
| ✓ | |
| Kakao | ✓ |
| LINE | ✓ |
| Naver | not supported |
Click a provider to see its detailed usage guide. The OIDC column marks providers that support
getUserProfileFromIdToken — verifying a signed id_token instead of calling the userinfo endpoint.