chore(): Reorganize modules (#7210)

**What**
Move all modules to the modules directory

packages/modules/auth/src/index.ts

@@ -0,0 +1,11 @@
+import {
+  moduleDefinition,
+  revertMigration,
+  runMigrations,
+} from "./module-definition"
+
+export default moduleDefinition
+export { revertMigration, runMigrations }
+
+export * from "./initialize"
+export * from "./loaders"

packages/modules/auth/src/initialize/index.ts

@@ -0,0 +1,31 @@
+import {
+  ExternalModuleDeclaration,
+  InternalModuleDeclaration,
+  MedusaModule,
+  MODULE_PACKAGE_NAMES,
+  Modules,
+} from "@medusajs/modules-sdk"
+import { IAuthModuleService, ModulesSdkTypes } from "@medusajs/types"
+
+import { InitializeModuleInjectableDependencies } from "@types"
+import { moduleDefinition } from "../module-definition"
+
+export const initialize = async (
+  options?:
+    | ModulesSdkTypes.ModuleBootstrapDeclaration
+    | ModulesSdkTypes.ModuleServiceInitializeOptions
+    | ModulesSdkTypes.ModuleServiceInitializeCustomDataLayerOptions,
+  injectedDependencies?: InitializeModuleInjectableDependencies
+): Promise<IAuthModuleService> => {
+  const loaded = await MedusaModule.bootstrap<IAuthModuleService>({
+    moduleKey: Modules.AUTH,
+    defaultPath: MODULE_PACKAGE_NAMES[Modules.AUTH],
+    declaration: options as
+      | InternalModuleDeclaration
+      | ExternalModuleDeclaration, // TODO: Add provider configuration
+    injectedDependencies,
+    moduleExports: moduleDefinition,
+  })
+
+  return loaded[Modules.AUTH]
+}

packages/modules/auth/src/joiner-config.ts

@@ -0,0 +1,31 @@
+import { AuthUser } from "@models"
+import { MapToConfig } from "@medusajs/utils"
+import { ModuleJoinerConfig } from "@medusajs/types"
+import { Modules } from "@medusajs/modules-sdk"
+
+export const LinkableKeys = {
+  auth_user_id: AuthUser.name,
+}
+
+const entityLinkableKeysMap: MapToConfig = {}
+Object.entries(LinkableKeys).forEach(([key, value]) => {
+  entityLinkableKeysMap[value] ??= []
+  entityLinkableKeysMap[value].push({
+    mapTo: key,
+    valueFrom: key.split("_").pop()!,
+  })
+})
+
+export const entityNameToLinkableKeysMap: MapToConfig = entityLinkableKeysMap
+
+export const joinerConfig: ModuleJoinerConfig = {
+  serviceName: Modules.AUTH,
+  primaryKeys: ["id"],
+  linkableKeys: LinkableKeys,
+  alias: {
+    name: ["auth_user", "auth_users"],
+    args: {
+      entity: AuthUser.name,
+    },
+  },
+}

packages/modules/auth/src/loaders/connection.ts

@@ -0,0 +1,38 @@
+import * as AuthModels from "../models"
+
+import {
+  InternalModuleDeclaration,
+  LoaderOptions,
+  Modules,
+} from "@medusajs/modules-sdk"
+
+import { EntitySchema } from "@mikro-orm/core"
+import { ModulesSdkTypes } from "@medusajs/types"
+import { ModulesSdkUtils } from "@medusajs/utils"
+
+export default async (
+  {
+    options,
+    container,
+    logger,
+  }: LoaderOptions<
+    | ModulesSdkTypes.ModuleServiceInitializeOptions
+    | ModulesSdkTypes.ModuleServiceInitializeCustomDataLayerOptions
+  >,
+  moduleDeclaration?: InternalModuleDeclaration
+): Promise<void> => {
+  const entities = Object.values(
+    AuthModels
+  ) as unknown as EntitySchema[]
+  const pathToMigrations = __dirname + "/../migrations"
+
+  await ModulesSdkUtils.mikroOrmConnectionLoader({
+    moduleName: Modules.AUTH,
+    entities,
+    container,
+    options,
+    moduleDeclaration,
+    logger,
+    pathToMigrations,
+  })
+}

packages/modules/auth/src/loaders/container.ts

@@ -0,0 +1,10 @@
+import { ModulesSdkUtils } from "@medusajs/utils"
+import * as ModuleModels from "@models"
+import * as ModuleRepositories from "@repositories"
+import * as ModuleServices from "@services"
+
+export default ModulesSdkUtils.moduleContainerLoaderFactory({
+  moduleModels: ModuleModels,
+  moduleRepositories: ModuleRepositories,
+  moduleServices: ModuleServices,
+})

packages/modules/auth/src/loaders/index.ts

@@ -0,0 +1,3 @@
+export * from "./connection"
+export * from "./container"
+export * from "./providers"

packages/modules/auth/src/loaders/providers.ts

@@ -0,0 +1,72 @@
+import * as defaultProviders from "@providers"
+
+import {
+  AuthModuleProviderConfig,
+  AuthProviderScope,
+  LoaderOptions,
+  ModulesSdkTypes,
+} from "@medusajs/types"
+import {
+  AwilixContainer,
+  ClassOrFunctionReturning,
+  Constructor,
+  Resolver,
+  asClass,
+} from "awilix"
+
+type AuthModuleProviders = {
+  providers: AuthModuleProviderConfig[]
+}
+
+export default async ({
+  container,
+  options,
+}: LoaderOptions<
+  (
+    | ModulesSdkTypes.ModuleServiceInitializeOptions
+    | ModulesSdkTypes.ModuleServiceInitializeCustomDataLayerOptions
+  ) &
+    AuthModuleProviders
+>): Promise<void> => {
+  const providerMap = new Map(
+    options?.providers?.map((provider) => [provider.name, provider.scopes]) ??
+      []
+  )
+
+  // if(options?.providers?.length) {
+  // TODO: implement plugin provider registration
+  // }
+
+  const providersToLoad = Object.values(defaultProviders)
+
+  for (const provider of providersToLoad) {
+    container.register({
+      [`auth_provider_${provider.PROVIDER}`]: asClass(
+        provider as Constructor<any>
+      )
+        .singleton()
+        .inject(() => ({ scopes: providerMap.get(provider.PROVIDER) ?? {} })),
+    })
+  }
+
+  container.register({
+    [`auth_providers`]: asArray(providersToLoad, providerMap),
+  })
+}
+
+function asArray(
+  resolvers: (ClassOrFunctionReturning<unknown> | Resolver<unknown>)[],
+  providerScopeMap: Map<string, Record<string, AuthProviderScope>>
+): { resolve: (container: AwilixContainer) => unknown[] } {
+  return {
+    resolve: (container: AwilixContainer) =>
+      resolvers.map((resolver) =>
+        asClass(resolver as Constructor<any>)
+          .inject(() => ({
+            // @ts-ignore
+            scopes: providerScopeMap.get(resolver.PROVIDER) ?? {},
+          }))
+          .resolve(container)
+      ),
+  }
+}

packages/modules/auth/src/migrations/.snapshot-medusa-auth.json

@@ -0,0 +1,101 @@
+{
+  "namespaces": [
+    "public"
+  ],
+  "name": "public",
+  "tables": [
+    {
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": false,
+          "mappedType": "text"
+        },
+        "entity_id": {
+          "name": "entity_id",
+          "type": "text",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": false,
+          "mappedType": "text"
+        },
+        "provider": {
+          "name": "provider",
+          "type": "text",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": false,
+          "mappedType": "text"
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": false,
+          "mappedType": "text"
+        },
+        "user_metadata": {
+          "name": "user_metadata",
+          "type": "jsonb",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": true,
+          "mappedType": "json"
+        },
+        "app_metadata": {
+          "name": "app_metadata",
+          "type": "jsonb",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": false,
+          "mappedType": "json"
+        },
+        "provider_metadata": {
+          "name": "provider_metadata",
+          "type": "jsonb",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": true,
+          "mappedType": "json"
+        }
+      },
+      "name": "auth_user",
+      "schema": "public",
+      "indexes": [
+        {
+          "keyName": "IDX_auth_user_provider_scope_entity_id",
+          "columnNames": [
+            "provider",
+            "scope",
+            "entity_id"
+          ],
+          "composite": true,
+          "primary": false,
+          "unique": true
+        },
+        {
+          "keyName": "auth_user_pkey",
+          "columnNames": [
+            "id"
+          ],
+          "composite": false,
+          "primary": true,
+          "unique": true
+        }
+      ],
+      "checks": [],
+      "foreignKeys": {}
+    }
+  ]
+}

packages/modules/auth/src/migrations/Migration20240205025924.ts

@@ -0,0 +1,16 @@
+import { Migration } from "@mikro-orm/migrations"
+
+export class Migration20240205025924 extends Migration {
+  async up(): Promise<void> {
+    this.addSql(
+      'create table if not exists "auth_user" ("id" text not null, "entity_id" text not null, "provider" text not null, "scope" text not null, "user_metadata" jsonb null, "app_metadata" jsonb not null, "provider_metadata" jsonb null, constraint "auth_user_pkey" primary key ("id"));'
+    )
+    this.addSql(
+      'alter table "auth_user" add constraint "IDX_auth_user_provider_scope_entity_id" unique ("provider", "scope", "entity_id");'
+    )
+  }
+
+  async down(): Promise<void> {
+    this.addSql('drop table if exists "auth_user" cascade;')
+  }
+}

packages/modules/auth/src/models/auth-user.ts

@@ -0,0 +1,53 @@
+import {
+  BeforeCreate,
+  Entity,
+  OnInit,
+  OptionalProps,
+  PrimaryKey,
+  Property,
+  Unique,
+} from "@mikro-orm/core"
+
+import { generateEntityId } from "@medusajs/utils"
+
+type OptionalFields = "provider_metadata" | "app_metadata" | "user_metadata"
+
+@Entity()
+@Unique({
+  properties: ["provider", "scope", "entity_id"],
+  name: "IDX_auth_user_provider_scope_entity_id",
+})
+export default class AuthUser {
+  [OptionalProps]: OptionalFields
+
+  @PrimaryKey({ columnType: "text" })
+  id!: string
+
+  @Property({ columnType: "text" })
+  entity_id: string
+
+  @Property({ columnType: "text" })
+  provider: string
+
+  @Property({ columnType: "text" })
+  scope: string
+
+  @Property({ columnType: "jsonb", nullable: true })
+  user_metadata: Record<string, unknown> | null
+
+  @Property({ columnType: "jsonb" })
+  app_metadata: Record<string, unknown> = {}
+
+  @Property({ columnType: "jsonb", nullable: true })
+  provider_metadata: Record<string, unknown> | null = null
+
+  @BeforeCreate()
+  onCreate() {
+    this.id = generateEntityId(this.id, "authusr")
+  }
+
+  @OnInit()
+  onInit() {
+    this.id = generateEntityId(this.id, "authusr")
+  }
+}

packages/modules/auth/src/models/index.ts

@@ -0,0 +1 @@
+export { default as AuthUser } from "./auth-user"

packages/modules/auth/src/module-definition.ts

@@ -0,0 +1,32 @@
+import * as Models from "@models"
+
+import { AuthModuleService } from "@services"
+import { ModuleExports } from "@medusajs/types"
+import { Modules } from "@medusajs/modules-sdk"
+import { ModulesSdkUtils } from "@medusajs/utils"
+import loadConnection from "./loaders/connection"
+import loadContainer from "./loaders/container"
+import loadProviders from "./loaders/providers"
+
+const migrationScriptOptions = {
+  moduleName: Modules.AUTH,
+  models: Models,
+  pathToMigrations: __dirname + "/migrations",
+}
+
+export const runMigrations = ModulesSdkUtils.buildMigrationScript(
+  migrationScriptOptions
+)
+export const revertMigration = ModulesSdkUtils.buildRevertMigrationScript(
+  migrationScriptOptions
+)
+
+const service = AuthModuleService
+const loaders = [loadContainer, loadConnection, loadProviders] as any
+
+export const moduleDefinition: ModuleExports = {
+  service,
+  loaders,
+  runMigrations,
+  revertMigration,
+}

packages/modules/auth/src/providers/email-password.ts

@@ -0,0 +1,106 @@
+import { AuthenticationInput, AuthenticationResponse } from "@medusajs/types"
+import {
+  AbstractAuthModuleProvider,
+  MedusaError,
+  isString,
+} from "@medusajs/utils"
+
+import { AuthUserService } from "@services"
+import Scrypt from "scrypt-kdf"
+
+class EmailPasswordProvider extends AbstractAuthModuleProvider {
+  public static PROVIDER = "emailpass"
+  public static DISPLAY_NAME = "Email/Password Authentication"
+
+  protected readonly authUserSerivce_: AuthUserService
+
+  constructor({ authUserService }: { authUserService: AuthUserService }) {
+    super(arguments[0], {
+      provider: EmailPasswordProvider.PROVIDER,
+      displayName: EmailPasswordProvider.DISPLAY_NAME,
+    })
+
+    this.authUserSerivce_ = authUserService
+  }
+
+  private getHashConfig() {
+    const scopeConfig = this.scopeConfig_.hashConfig as
+      | Scrypt.ScryptParams
+      | undefined
+
+    const defaultHashConfig = { logN: 15, r: 8, p: 1 }
+
+    // Return custom defined hash config or default hash parameters
+    return scopeConfig ?? defaultHashConfig
+  }
+
+  async authenticate(
+    userData: AuthenticationInput
+  ): Promise<AuthenticationResponse> {
+    const { email, password } = userData.body
+
+    if (!password || !isString(password)) {
+      return {
+        success: false,
+        error: "Password should be a string",
+      }
+    }
+
+    if (!email || !isString(email)) {
+      return {
+        success: false,
+        error: "Email should be a string",
+      }
+    }
+    let authUser
+
+    try {
+      authUser = await this.authUserSerivce_.retrieveByProviderAndEntityId(
+        email,
+        EmailPasswordProvider.PROVIDER
+      )
+    } catch (error) {
+      if (error.type === MedusaError.Types.NOT_FOUND) {
+        const password_hash = await Scrypt.kdf(password, this.getHashConfig())
+
+        const [createdAuthUser] = await this.authUserSerivce_.create([
+          {
+            entity_id: email,
+            provider: EmailPasswordProvider.PROVIDER,
+            scope: this.scope_,
+            provider_metadata: {
+              password: password_hash.toString("base64"),
+            },
+          },
+        ])
+
+        return {
+          success: true,
+          authUser: JSON.parse(JSON.stringify(createdAuthUser)),
+        }
+      }
+      return { success: false, error: error.message }
+    }
+
+    const password_hash = authUser.provider_metadata?.password
+
+    if (isString(password_hash)) {
+      const buf = Buffer.from(password_hash as string, "base64")
+
+      const success = await Scrypt.verify(buf, password)
+
+      if (success) {
+        delete authUser.provider_metadata!.password
+
+        return { success, authUser: JSON.parse(JSON.stringify(authUser)) }
+      }
+    }
+
+    return {
+      success: false,
+      error: "Invalid email or password",
+    }
+  }
+}
+
+export default EmailPasswordProvider

packages/modules/auth/src/providers/google.ts

@@ -0,0 +1,223 @@
+import { AuthenticationInput, AuthenticationResponse } from "@medusajs/types"
+import { AbstractAuthModuleProvider, MedusaError } from "@medusajs/utils"
+import { AuthUserService } from "@services"
+import jwt, { JwtPayload } from "jsonwebtoken"
+
+import { AuthorizationCode } from "simple-oauth2"
+import url from "url"
+
+type InjectedDependencies = {
+  authUserService: AuthUserService
+}
+
+type ProviderConfig = {
+  clientID: string
+  clientSecret: string
+  callbackURL: string
+  successRedirectUrl?: string
+}
+
+class GoogleProvider extends AbstractAuthModuleProvider {
+  public static PROVIDER = "google"
+  public static DISPLAY_NAME = "Google Authentication"
+
+  protected readonly authUserService_: AuthUserService
+
+  constructor({ authUserService }: InjectedDependencies) {
+    super(arguments[0], {
+      provider: GoogleProvider.PROVIDER,
+      displayName: GoogleProvider.DISPLAY_NAME,
+    })
+
+    this.authUserService_ = authUserService
+  }
+
+  async authenticate(
+    req: AuthenticationInput
+  ): Promise<AuthenticationResponse> {
+    if (req.query?.error) {
+      return {
+        success: false,
+        error: `${req.query.error_description}, read more at: ${req.query.error_uri}`,
+      }
+    }
+
+    let config: ProviderConfig
+
+    try {
+      config = await this.getProviderConfig(req)
+    } catch (error) {
+      return { success: false, error: error.message }
+    }
+
+    return this.getRedirect(config)
+  }
+
+  async validateCallback(
+    req: AuthenticationInput
+  ): Promise<AuthenticationResponse> {
+    if (req.query && req.query.error) {
+      return {
+        success: false,
+        error: `${req.query.error_description}, read more at: ${req.query.error_uri}`,
+      }
+    }
+
+    let config: ProviderConfig
+
+    try {
+      config = await this.getProviderConfig(req)
+    } catch (error) {
+      return { success: false, error: error.message }
+    }
+
+    const code = req.query?.code ?? req.body?.code
+
+    return await this.validateCallbackToken(code, config)
+  }
+
+  // abstractable
+  async verify_(refreshToken: string) {
+    const jwtData = jwt.decode(refreshToken, {
+      complete: true,
+    }) as JwtPayload
+    const entity_id = jwtData.payload.email
+
+    let authUser
+
+    try {
+      authUser = await this.authUserService_.retrieveByProviderAndEntityId(
+        entity_id,
+        GoogleProvider.PROVIDER
+      )
+    } catch (error) {
+      if (error.type === MedusaError.Types.NOT_FOUND) {
+        const [createdAuthUser] = await this.authUserService_.create([
+          {
+            entity_id,
+            provider: GoogleProvider.PROVIDER,
+            user_metadata: jwtData!.payload,
+            scope: this.scope_,
+          },
+        ])
+        authUser = createdAuthUser
+      } else {
+        return { success: false, error: error.message }
+      }
+    }
+
+    return {
+      success: true,
+      authUser,
+    }
+  }
+
+  // abstractable
+  private async validateCallbackToken(
+    code: string,
+    { clientID, callbackURL, clientSecret }: ProviderConfig
+  ) {
+    const client = this.getAuthorizationCodeHandler({ clientID, clientSecret })
+
+    const tokenParams = {
+      code,
+      redirect_uri: callbackURL,
+    }
+
+    try {
+      const accessToken = await client.getToken(tokenParams)
+
+      const { authUser, success } = await this.verify_(
+        accessToken.token.id_token
+      )
+
+      const { successRedirectUrl } = this.getConfigFromScope()
+
+      return {
+        success,
+        authUser,
+        successRedirectUrl,
+      }
+    } catch (error) {
+      return { success: false, error: error.message }
+    }
+  }
+
+  private getConfigFromScope(): ProviderConfig {
+    const config: Partial<ProviderConfig> = { ...this.scopeConfig_ }
+
+    if (!config.clientID) {
+      throw new Error("Google clientID is required")
+    }
+
+    if (!config.clientSecret) {
+      throw new Error("Google clientSecret is required")
+    }
+
+    if (!config.callbackURL) {
+      throw new Error("Google callbackUrl is required")
+    }
+
+    return config as ProviderConfig
+  }
+
+  private originalURL(req: AuthenticationInput) {
+    const host = req.headers.host
+    const protocol = req.protocol
+    const path = req.url || ""
+
+    return protocol + "://" + host + path
+  }
+
+  private async getProviderConfig(
+    req: AuthenticationInput
+  ): Promise<ProviderConfig> {
+    const config = this.getConfigFromScope()
+
+    const callbackURL = config.callbackURL
+
+    const parsedCallbackUrl = !url.parse(callbackURL).protocol
+      ? url.resolve(this.originalURL(req), callbackURL)
+      : callbackURL
+
+    return { ...config, callbackURL: parsedCallbackUrl }
+  }
+
+  // Abstractable
+  private getRedirect({ clientID, callbackURL, clientSecret }: ProviderConfig) {
+    const client = this.getAuthorizationCodeHandler({ clientID, clientSecret })
+
+    const location = client.authorizeURL({
+      redirect_uri: callbackURL,
+      scope: "email profile",
+    })
+
+    return { success: true, location }
+  }
+
+  private getAuthorizationCodeHandler({
+    clientID,
+    clientSecret,
+  }: {
+    clientID: string
+    clientSecret: string
+  }) {
+    const config = {
+      client: {
+        id: clientID,
+        secret: clientSecret,
+      },
+      auth: {
+        // TODO: abstract to not be google specific
+        authorizeHost: "https://accounts.google.com",
+        authorizePath: "/o/oauth2/v2/auth",
+        tokenHost: "https://www.googleapis.com",
+        tokenPath: "/oauth2/v4/token",
+      },
+    }
+
+    return new AuthorizationCode(config)
+  }
+}
+
+export default GoogleProvider

packages/modules/auth/src/providers/index.ts

@@ -0,0 +1,2 @@
+export { default as EmailPasswordProvider } from "./email-password"
+export { default as GoogleProvider } from "./google"

packages/modules/auth/src/repositories/index.ts

@@ -0,0 +1 @@
+export { MikroOrmBaseRepository as BaseRepository } from "@medusajs/utils"

packages/modules/auth/src/scripts/bin/run-seed.ts

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+
+import { EOL } from "os"
+import { run } from "../seed"
+
+const args = process.argv
+const path = args.pop() as string
+
+export default (async () => {
+  const { config } = await import("dotenv")
+  config()
+  if (!path) {
+    throw new Error(
+      `filePath is required.${EOL}Example: medusa-auth-seed <filePath>`
+    )
+  }
+
+  await run({ path })
+})()

packages/modules/auth/src/scripts/seed.ts

@@ -0,0 +1,65 @@
+import * as AuthModels from "@models"
+
+import { DALUtils, ModulesSdkUtils } from "@medusajs/utils"
+import { LoaderOptions, Logger, ModulesSdkTypes } from "@medusajs/types"
+
+import { EOL } from "os"
+import { EntitySchema } from "@mikro-orm/core"
+import { Modules } from "@medusajs/modules-sdk"
+import { resolve } from "path"
+
+export async function run({
+  options,
+  logger,
+  path,
+}: Partial<
+  Pick<
+    LoaderOptions<ModulesSdkTypes.ModuleServiceInitializeOptions>,
+    "options" | "logger"
+  >
+> & {
+  path: string
+}) {
+  logger ??= console as unknown as Logger
+
+  logger.info(`Loading seed data from ${path}...`)
+
+  const { authenticationData } = await import(
+    resolve(process.cwd(), path)
+  ).catch((e) => {
+    logger?.error(
+      `Failed to load seed data from ${path}. Please, provide a relative path and check that you export the following: authenticationData.${EOL}${e}`
+    )
+    throw e
+  })
+
+  const dbData = ModulesSdkUtils.loadDatabaseConfig(
+    Modules.AUTH,
+    options
+  )!
+  const entities = Object.values(
+    AuthModels
+  ) as unknown as EntitySchema[]
+  const pathToMigrations = __dirname + "/../migrations"
+
+  const orm = await DALUtils.mikroOrmCreateConnection(
+    dbData,
+    entities,
+    pathToMigrations
+  )
+
+  const manager = orm.em.fork()
+
+  try {
+    logger.info("Seeding authentication data..")
+
+    // TODO: implement authentication seed data
+    // await createAuthUsers(manager, authUsersData)
+  } catch (e) {
+    logger.error(
+      `Failed to insert the seed data in the PostgreSQL database ${dbData.clientUrl}.${EOL}${e}`
+    )
+  }
+
+  await orm.close(true)
+}

packages/modules/auth/src/services/auth-module.ts

@@ -0,0 +1,156 @@
+import {
+  AuthenticationInput,
+  AuthenticationResponse,
+  AuthTypes,
+  AuthUserDTO,
+  Context,
+  CreateAuthUserDTO,
+  DAL,
+  InternalModuleDeclaration,
+  ModuleJoinerConfig,
+  ModulesSdkTypes,
+  UpdateAuthUserDTO,
+} from "@medusajs/types"
+
+import { AuthUser } from "@models"
+
+import { entityNameToLinkableKeysMap, joinerConfig } from "../joiner-config"
+
+import {
+  AbstractAuthModuleProvider,
+  InjectManager,
+  MedusaContext,
+  MedusaError,
+  ModulesSdkUtils,
+} from "@medusajs/utils"
+
+type InjectedDependencies = {
+  baseRepository: DAL.RepositoryService
+  authUserService: ModulesSdkTypes.InternalModuleService<any>
+}
+
+const generateMethodForModels = [AuthUser]
+
+export default class AuthModuleService<TAuthUser extends AuthUser = AuthUser>
+  extends ModulesSdkUtils.abstractModuleServiceFactory<
+    InjectedDependencies,
+    AuthTypes.AuthUserDTO,
+    {
+      AuthUser: { dto: AuthUserDTO }
+    }
+  >(AuthUser, generateMethodForModels, entityNameToLinkableKeysMap)
+  implements AuthTypes.IAuthModuleService
+{
+  protected baseRepository_: DAL.RepositoryService
+  protected authUserService_: ModulesSdkTypes.InternalModuleService<TAuthUser>
+
+  constructor(
+    { authUserService, baseRepository }: InjectedDependencies,
+    protected readonly moduleDeclaration: InternalModuleDeclaration
+  ) {
+    // @ts-ignore
+    super(...arguments)
+
+    this.baseRepository_ = baseRepository
+    this.authUserService_ = authUserService
+  }
+
+  __joinerConfig(): ModuleJoinerConfig {
+    return joinerConfig
+  }
+
+  create(
+    data: CreateAuthUserDTO[],
+    sharedContext?: Context
+  ): Promise<AuthUserDTO[]>
+
+  create(data: CreateAuthUserDTO, sharedContext?: Context): Promise<AuthUserDTO>
+
+  @InjectManager("baseRepository_")
+  async create(
+    data: CreateAuthUserDTO[] | CreateAuthUserDTO,
+    @MedusaContext() sharedContext: Context = {}
+  ): Promise<AuthTypes.AuthUserDTO | AuthTypes.AuthUserDTO[]> {
+    const authUsers = await this.authUserService_.create(data, sharedContext)
+
+    return await this.baseRepository_.serialize<AuthTypes.AuthUserDTO[]>(
+      authUsers,
+      {
+        populate: true,
+      }
+    )
+  }
+
+  update(
+    data: UpdateAuthUserDTO[],
+    sharedContext?: Context
+  ): Promise<AuthUserDTO[]>
+
+  update(data: UpdateAuthUserDTO, sharedContext?: Context): Promise<AuthUserDTO>
+
+  // TODO: should be pluralized, see convention about the methods naming or the abstract module service interface definition @engineering
+  @InjectManager("baseRepository_")
+  async update(
+    data: UpdateAuthUserDTO | UpdateAuthUserDTO[],
+    @MedusaContext() sharedContext: Context = {}
+  ): Promise<AuthTypes.AuthUserDTO | AuthTypes.AuthUserDTO[]> {
+    const updatedUsers = await this.authUserService_.update(data, sharedContext)
+
+    const serializedUsers = await this.baseRepository_.serialize<
+      AuthTypes.AuthUserDTO[]
+    >(updatedUsers, {
+      populate: true,
+    })
+
+    return Array.isArray(data) ? serializedUsers : serializedUsers[0]
+  }
+
+  protected getRegisteredAuthenticationProvider(
+    provider: string,
+    { authScope }: AuthenticationInput
+  ): AbstractAuthModuleProvider {
+    let containerProvider: AbstractAuthModuleProvider
+    try {
+      containerProvider = this.__container__[`auth_provider_${provider}`]
+    } catch (error) {
+      throw new MedusaError(
+        MedusaError.Types.NOT_FOUND,
+        `AuthenticationProvider: ${provider} wasn't registered in the module. Have you configured your options correctly?`
+      )
+    }
+
+    return containerProvider.withScope(authScope)
+  }
+
+  async authenticate(
+    provider: string,
+    authenticationData: AuthenticationInput
+  ): Promise<AuthenticationResponse> {
+    try {
+      const registeredProvider = this.getRegisteredAuthenticationProvider(
+        provider,
+        authenticationData
+      )
+
+      return await registeredProvider.authenticate(authenticationData)
+    } catch (error) {
+      return { success: false, error: error.message }
+    }
+  }
+
+  async validateCallback(
+    provider: string,
+    authenticationData: AuthenticationInput
+  ): Promise<AuthenticationResponse> {
+    try {
+      const registeredProvider = this.getRegisteredAuthenticationProvider(
+        provider,
+        authenticationData
+      )
+
+      return await registeredProvider.validateCallback(authenticationData)
+    } catch (error) {
+      return { success: false, error: error.message }
+    }
+  }
+}

packages/modules/auth/src/services/auth-user.ts

@@ -0,0 +1,61 @@
+import {
+  AuthTypes,
+  Context,
+  DAL,
+  FindConfig,
+  RepositoryService,
+} from "@medusajs/types"
+import {
+  InjectManager,
+  MedusaContext,
+  MedusaError,
+  ModulesSdkUtils,
+} from "@medusajs/utils"
+import { AuthUser } from "@models"
+
+type InjectedDependencies = {
+  baseRepository: DAL.RepositoryService
+  authUserRepository: DAL.RepositoryService
+}
+
+export default class AuthUserService<
+  TEntity extends AuthUser = AuthUser
+> extends ModulesSdkUtils.internalModuleServiceFactory<InjectedDependencies>(
+  AuthUser
+)<TEntity> {
+  protected readonly authUserRepository_: RepositoryService<TEntity>
+  protected baseRepository_: DAL.RepositoryService
+
+  constructor(container: InjectedDependencies) {
+    // @ts-ignore
+    super(...arguments)
+    this.authUserRepository_ = container.authUserRepository
+    this.baseRepository_ = container.baseRepository
+  }
+
+  @InjectManager("authUserRepository_")
+  async retrieveByProviderAndEntityId<TEntityMethod = AuthTypes.AuthUserDTO>(
+    entityId: string,
+    provider: string,
+    config: FindConfig<TEntityMethod> = {},
+    @MedusaContext() sharedContext: Context = {}
+  ): Promise<AuthTypes.AuthUserDTO> {
+    const queryConfig = ModulesSdkUtils.buildQuery<TEntity>(
+      { entity_id: entityId, provider },
+      { ...config, take: 1 }
+    )
+    const [result] = await this.authUserRepository_.find(
+      queryConfig,
+      sharedContext
+    )
+
+    if (!result) {
+      throw new MedusaError(
+        MedusaError.Types.NOT_FOUND,
+        `AuthUser with entity_id: "${entityId}" and provider: "${provider}" not found`
+      )
+    }
+
+    return await this.baseRepository_.serialize<AuthTypes.AuthUserDTO>(result)
+  }
+}

packages/modules/auth/src/services/index.ts

@@ -0,0 +1,2 @@
+export { default as AuthModuleService } from "./auth-module"
+export { default as AuthUserService } from "./auth-user"

packages/modules/auth/src/types/index.ts

@@ -0,0 +1,8 @@
+import { Logger } from "@medusajs/types"
+
+export type InitializeModuleInjectableDependencies = {
+  logger?: Logger
+}
+
+export * as RepositoryTypes from "./repositories"
+export * as ServiceTypes from "./services"

packages/modules/auth/src/types/repositories/auth-user.ts

@@ -0,0 +1,19 @@
+import { AuthUser } from "@models"
+
+export type CreateAuthUserDTO = {
+  provider_id: string
+  entity_id: string
+  provider_metadata?: Record<string, unknown>
+  user_metadata?: Record<string, unknown>
+  app_metadata?: Record<string, unknown>
+}
+
+export type UpdateAuthUserDTO = {
+  update: {
+    id: string
+    provider_metadata?: Record<string, unknown>
+    user_metadata?: Record<string, unknown>
+    app_metadata?: Record<string, unknown>
+  }
+  user: AuthUser
+}

packages/modules/auth/src/types/repositories/index.ts

@@ -0,0 +1 @@
+export * from "./auth-user"

packages/modules/auth/src/types/services/auth-user.ts

@@ -0,0 +1,28 @@
+export type AuthUserDTO = {
+  id: string
+  provider_id: string
+  entity_id: string
+  scope: string
+  provider: string
+  provider_metadata?: Record<string, unknown>
+  user_metadata: Record<string, unknown>
+  app_metadata: Record<string, unknown>
+}
+
+export type CreateAuthUserDTO = {
+  entity_id: string
+  provider: string
+  scope: string
+  provider_metadata?: Record<string, unknown>
+  user_metadata?: Record<string, unknown>
+  app_metadata?: Record<string, unknown>
+}
+
+export type UpdateAuthUserDTO = {
+  id: string
+  provider_metadata?: Record<string, unknown>
+  user_metadata?: Record<string, unknown>
+  app_metadata?: Record<string, unknown>
+}
+
+export type FilterableAuthUserProps = {}

packages/modules/auth/src/types/services/index.ts

@@ -0,0 +1 @@
+export * from "./auth-user"