feat: add social-provider Gitlab (#386)

docs/components/sidebar-content.tsx

@@ -548,6 +548,23 @@ export const contents: Content[] = [
 					</svg>
 				),
 			},
+			{
+				title: "Gitlab",
+				href: "/docs/authentication/gitlab",
+				icon: () => (
+					<svg
+						xmlns="http://www.w3.org/2000/svg"
+						width="1.2em"
+						height="1.2em"
+						viewBox="0 0 32 32"
+					>
+						<path
+							fill="currentColor"
+							d="m28.568 12.893l-.037-.094l-3.539-9.235a.92.92 0 0 0-.364-.439a.95.95 0 0 0-1.083.058a.95.95 0 0 0-.314.477l-2.39 7.31h-9.675l-2.39-7.31a.93.93 0 0 0-.313-.478a.95.95 0 0 0-1.083-.058a.93.93 0 0 0-.365.438L3.47 12.794l-.035.093a6.57 6.57 0 0 0 2.18 7.595l.011.01l.033.022l5.39 4.037l2.668 2.019l1.624 1.226c.39.297.931.297 1.322 0l1.624-1.226l2.667-2.019l5.424-4.061l.013-.01a6.574 6.574 0 0 0 2.177-7.588Z"
+						/>
+					</svg>
+				),
+			},
 		],
 	},
 	{

docs/content/docs/authentication/gitlab.mdx

@@ -0,0 +1,48 @@
+---
+title: Gitlab
+description: Gitlab Provider
+---
+
+<Steps>
+    <Step> 
+        ### Get your Gitlab credentials
+        To use Gitlab sign in, you need a client ID and client secret. [GitLab OAuth documentation](https://docs.gitlab.com/ee/api/oauth2.html).
+
+        Make sure to set the redirect URL to `http://localhost:3000/api/auth/callback/gitlab` for local development. For production, you should set it to the URL of your application. If you change the base path of the auth routes, you should update the redirect URL accordingly.
+    </Step>
+
+  <Step>
+        ### Configure the provider
+        To configure the provider, you need to import the provider and pass it to the `socialProviders` option of the auth instance.
+
+        ```ts title="auth.ts"
+        import { betterAuth } from "better-auth"
+        
+        export const auth = betterAuth({
+            socialProviders: { // [!code highlight]
+                gitlab: { // [!code highlight]
+                    clientId: process.env.GITLAB_CLIENT_ID as string, // [!code highlight]
+                    clientSecret: process.env.GITLAB_CLIENT_SECRET as string, // [!code highlight]
+                    issuer: process.env.GITLAB_ISSUER as string, // [!code highlight]
+                }, // [!code highlight]
+            }, // [!code highlight]
+        })
+        ```
+    </Step>
+       <Step>
+        ### Signin with Gitlab
+        To signin with Gitlab, you can use the `signIn.social` function provided by the client. The `signIn` function takes an object with the following properties:
+        - `provider`: The provider to use. It should be set to `gitlab`.
+
+        ```ts title="client.ts"  
+        import { createAuthClient } from "better-auth/client"
+        const client = createAuthClient()
+        
+        const signin = async () => {
+            const data = await client.signIn.social({
+                provider: "gitlab"
+            })
+        }
+        ```
+    </Step>
+</Steps>

packages/better-auth/src/social-providers/gitlab.ts

@@ -0,0 +1,124 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
+
+export interface GitlabProfile extends Record<string, any> {
+	id: number;
+	username: string;
+	email: string;
+	name: string;
+	state: string;
+	avatar_url: string;
+	web_url: string;
+	created_at: string;
+	bio: string;
+	location?: string;
+	public_email: string;
+	skype: string;
+	linkedin: string;
+	twitter: string;
+	website_url: string;
+	organization: string;
+	job_title: string;
+	pronouns: string;
+	bot: boolean;
+	work_information?: string;
+	followers: number;
+	following: number;
+	local_time: string;
+	last_sign_in_at: string;
+	confirmed_at: string;
+	theme_id: number;
+	last_activity_on: string;
+	color_scheme_id: number;
+	projects_limit: number;
+	current_sign_in_at: string;
+	identities: Array<{
+		provider: string;
+		extern_uid: string;
+	}>;
+	can_create_group: boolean;
+	can_create_project: boolean;
+	two_factor_enabled: boolean;
+	external: boolean;
+	private_profile: boolean;
+	commit_email: string;
+	shared_runners_minutes_limit: number;
+	extra_shared_runners_minutes_limit: number;
+}
+
+export interface GitlabOptions extends ProviderOptions {
+	issuer?: string;
+}
+
+const cleanDoubleSlashes = (input: string = "") => {
+	return input
+		.split("://")
+		.map((str) => str.replace(/\/{2,}/g, "/"))
+		.join("://");
+};
+
+const issuerToEndpoints = (issuer?: string) => {
+	let baseUrl = issuer || "https://gitlab.com";
+	return {
+		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
+		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
+		userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`),
+	};
+};
+
+export const gitlab = (options: GitlabOptions) => {
+	const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } =
+		issuerToEndpoints(options.issuer);
+	const issuerId = "gitlab";
+	const issuerName = "Gitlab";
+	return {
+		id: issuerId,
+		name: issuerName,
+		createAuthorizationURL: async ({
+			state,
+			scopes,
+			codeVerifier,
+			redirectURI,
+		}) => {
+			const _scopes = scopes || ["read_user"];
+			options.scope && _scopes.push(...options.scope);
+			return await createAuthorizationURL({
+				id: issuerId,
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier,
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				options,
+				tokenEndpoint,
+			});
+		},
+		async getUserInfo(token) {
+			const { data: profile, error } = await betterFetch<GitlabProfile>(
+				userinfoEndpoint,
+				{ headers: { authorization: `Bearer ${token.accessToken}` } },
+			);
+			if (error || profile.state !== "active" || profile.locked) {
+				return null;
+			}
+			return {
+				user: {
+					id: profile.id.toString(),
+					name: profile.name ?? profile.username,
+					email: profile.email,
+					image: profile.avatar_url,
+					emailVerified: true,
+				},
+				data: profile,
+			};
+		},
+	} satisfies OAuthProvider<GitlabProfile>;
+};

packages/better-auth/src/social-providers/index.ts

@@ -10,6 +10,7 @@ import { twitch } from "./twitch";
 import { twitter } from "./twitter";
 import { dropbox } from "./dropbox";
 import { linkedin } from "./linkedin";
+import { gitlab } from "./gitlab";
 
 export const socialProviders = {
 	apple,
@@ -23,6 +24,7 @@ export const socialProviders = {
 	twitter,
 	dropbox,
 	linkedin,
+	gitlab,
 };
 
 export const socialProviderList = Object.keys(socialProviders) as [
@@ -49,5 +51,6 @@ export * from "./facebook";
 export * from "./twitter";
 export * from "./dropbox";
 export * from "./linkedin";
+export * from "./gitlab";
 
 export type SocialProviderList = typeof socialProviderList;