Fix prompt behaviour

[DaveOrDead]

Explain your changes

start_page was a Kinde implementation to allow the register page to be requested as part of the auth url, prior to the spec adding create as an option for the prompt parameter.

This change removes start_page in favour of using prompt (this shouldn't cause breaking changes as it is already the way that the PKCE SDK operates)

The inclusion of either start_page=login or prompt=login will always force Kinde to show the Login screen which often is not desired behaviour. Most of the time founders just wish the SSO session to continue. This PR removes the prompt being added by default and only adds when requested or if the a register auth url link has been requested.

Also fixed a small typo in one of the types

Types and Tests updated

Checklist

• I have read the “Pull requests” section in the contributing guidelines.
• I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

[coderabbitai]

Walkthrough

The pull request introduces a new PromptTypes enum in the types.ts file, defining authentication prompt types (none, create, login). This enum is integrated into the LoginOptions type, modifying the prompt property to be optional and of type PromptTypes. The generateAuthUrl function is updated to handle these new prompt types, particularly for registration scenarios, and the start_page parameter is removed from the URL generation logic. Additionally, test cases are refined to align with these changes, ensuring accurate validation of the new functionality.

Changes

File	Changes
lib/types.ts	- Added PromptTypes enum with none, create, and login values - Modified LoginOptions.prompt from string to optional PromptTypes - Updated scope from offline_access to offline
lib/main.test.ts	- Added PromptTypes to the module exports test
lib/utils/generateAuthUrl.ts	- Imported PromptTypes from ../types - Added conditional logic to set prompt parameter for registration type - Removed start_page parameter
lib/utils/generateAuthUrl.test.ts	- Updated test cases to reflect new URL generation logic - Removed prompt parameter from some expected URLs - Added test for registration URL generation
lib/utils/mapLoginMethodParamsForUrl.test.ts	- Added PromptTypes import - Updated prompt property in test cases from string literal to PromptTypes.login

Sequence Diagram

sequenceDiagram
    participant Client
    participant AuthService
    participant GenerateAuthUrl

    Client->>GenerateAuthUrl: Request Auth URL
    alt Registration Type
        GenerateAuthUrl-->>AuthService: Set prompt=create
    else Login Type
        GenerateAuthUrl-->>AuthService: Set prompt=login
    else Default
        GenerateAuthUrl-->>AuthService: Set prompt=none
    end
    AuthService-->>Client: Return Authentication URL

Loading

The sequence diagram illustrates how the generateAuthUrl function now dynamically sets the prompt parameter based on the authentication type, providing more flexible authentication flow control.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4fc6367 and fc1d1ad.

📒 Files selected for processing (1)

• lib/utils/mapLoginMethodParamsForUrl.test.ts (2 hunks)

🔇 Additional comments (2)

lib/utils/mapLoginMethodParamsForUrl.test.ts (2)

4-4: LGTM! Clean import addition.

The addition of PromptTypes to the imports aligns with the PR's goal of using enums for prompt types.

---

15-15: LGTM! Good type-safety improvement.

The change from string literal to enum value improves type safety. The test correctly verifies that the enum value is mapped to the expected string in the URL parameters.

Let's verify the mapping implementation:

✅ Verification successful

Type-safe implementation verified successfully

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that mapLoginMethodParamsForUrl correctly handles all PromptTypes enum values

# Find the implementation file
echo "Searching for mapLoginMethodParamsForUrl implementation..."
rg -l "export.*mapLoginMethodParamsForUrl"

# Check the mapping logic for all enum values
echo "Checking mapping logic for PromptTypes..."
ast-grep --pattern 'enum PromptTypes {
  $$$
}'

Length of output: 517

---

Script:

#!/bin/bash
# Check the implementation of mapLoginMethodParamsForUrl
echo "Checking mapLoginMethodParamsForUrl implementation..."
cat lib/utils/mapLoginMethodParamsForUrl.ts

# Find all test cases for prompt parameter
echo -e "\nChecking test cases..."
cat lib/utils/mapLoginMethodParamsForUrl.test.ts

Length of output: 4756

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (2)

lib/types.ts (1)

Breaking Change: The offline_access scope value has been changed to offline

The verification confirms this is a breaking change:

• The enum value in lib/types.ts shows offline_access = "offline", meaning the enum key is offline_access but the actual value sent to the server is "offline"
• Test files in lib/utils/generateAuthUrl.test.ts use Scopes.offline_access in their test cases
• The mapLoginMethodParamsForUrl.ts includes offline in the default scope string: "email profile openid offline"

This inconsistency between the enum key (offline_access) and its value (offline) could cause confusion and potential issues:

• Code using string literals expecting "offline_access" will break
• The enum key suggests a different value than what's actually being sent
• The default scope in mapLoginMethodParamsForUrl.ts uses "offline" while the enum key is "offline_access"

🔗 Analysis chain

Line range hint 4-4: Breaking Change: Scope value modified from "offline_access" to "offline"

This change modifies an enum value which could break existing integrations that rely on the "offline_access" scope.

Let's verify the impact:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for usages of offline_access scope
rg -i "offline_access" --type ts

Length of output: 281

---

Script:

#!/bin/bash
# Let's check the actual content of lib/types.ts to understand the enum definition
cat lib/types.ts

Length of output: 2944

---

Script:

#!/bin/bash
# Let's check the test file to understand the usage context
cat lib/utils/generateAuthUrl.test.ts

Length of output: 6990

---

Script:

#!/bin/bash
# Let's check the implementation of generateAuthUrl to see how the scope is used
cat lib/utils/generateAuthUrl.ts

Length of output: 2534

---

Script:

#!/bin/bash
# Let's check how the scope is mapped in the URL parameters
cat lib/utils/mapLoginMethodParamsForUrl.ts

Length of output: 1036

lib/utils/generateAuthUrl.test.ts (1)

Line range hint 95-150: Fix duplicate test descriptions.

There are two test cases with identical descriptions: "should handle default responseType if not provided". This makes it unclear what specific scenario each test is validating. Consider updating the descriptions to clearly differentiate between the test cases, for example:

-it("should handle default responseType if not provided", async () => {
+it("should handle default responseType with state parameter", async () => {

and

-it("should handle default responseType if not provided", async () => {
+it("should handle default responseType without state parameter", async () => {

🧹 Nitpick comments (1)

lib/utils/generateAuthUrl.test.ts (1)

39-64: Consider grouping related test scenarios.

While the test case correctly validates the registration flow, consider organizing related test cases using describe blocks. For example:

describe('generateAuthUrl', () => {
  describe('authentication types', () => {
    it('should generate login URL...', async () => {
      // existing login test
    });
    
    it('should generate register URL...', async () => {
      // your new registration test
    });
  });
});

This organization would make the test structure more maintainable as you add more authentication type scenarios.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1b3a667 and 014734f.

📒 Files selected for processing (4)

• lib/main.test.ts (1 hunks)
• lib/types.ts (3 hunks)
• lib/utils/generateAuthUrl.test.ts (5 hunks)
• lib/utils/generateAuthUrl.ts (3 hunks)

🔇 Additional comments (8)

lib/types.ts (3)

8-12: Well-structured enum following OAuth 2.0 standards

The PromptTypes enum values align with standard OAuth 2.0 prompt parameter values, providing type safety for authentication flows.

---

81-86: Improved type safety for prompt parameter

Good improvements:

• Clear documentation for each prompt value
• Making the property optional aligns with OAuth 2.0 spec
• Type safety through enum usage prevents invalid values

---

104-104: Documentation updated to reflect scope change

Documentation correctly reflects the new "offline" scope value, but please note this is related to the breaking change mentioned above.

lib/utils/generateAuthUrl.ts (2)

2-2: LGTM: Required import for prompt type handling

---

61-63: Good default prompt handling for registration

The logic appropriately sets prompt=create for registration flows when not explicitly provided. Consider adding a test case to verify this behavior.

Let's check if there's a test case for this:

✅ Verification successful

Test coverage exists for registration prompt behavior

The test file already includes a test case "should generate the register URL when type is 'registration'" that verifies the prompt=create parameter is correctly set for registration flows. The test explicitly checks that the generated URL includes prompt=create in the expected URL string when IssuerRouteTypes.register is used, even when no prompt is provided in the options.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for related test cases
rg -A 5 "IssuerRouteTypes.register.*generateAuthUrl" --type ts

Length of output: 64

---

Script:

#!/bin/bash
# Let's search for test files related to generateAuthUrl
fd ".*\.test\.ts$" | xargs rg -l "generateAuthUrl"

# Also search for any test files containing IssuerRouteTypes.register
fd ".*\.test\.ts$" | xargs rg -l "IssuerRouteTypes.register"

# Let's also check the implementation to understand the test coverage needs
rg -A 5 "function generateAuthUrl" --type ts

Length of output: 243

---

Script:

#!/bin/bash
# Let's examine the test file content to check for registration prompt testing
cat lib/utils/generateAuthUrl.test.ts

Length of output: 6990

lib/main.test.ts (1)

32-32: LGTM: Export test updated correctly

The PromptTypes enum is correctly added to the expected exports list, maintaining alphabetical order.

lib/utils/generateAuthUrl.test.ts (2)

22-22: LGTM! Expected URL updated correctly.

The removal of the prompt parameter from the expected URL aligns with the new prompt behavior.

Also applies to: 27-27

---

76-76: Verify prompt type value against PromptTypes enum.

The test correctly uses "login" as the prompt value. However, let's verify that this matches the PromptTypes enum definition.

Also applies to: 79-79, 84-84

✅ Verification successful

The prompt value "login" is correctly aligned with PromptTypes enum

The test uses "login" which matches exactly with the PromptTypes.login enum value defined in lib/types.ts.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for PromptTypes enum definition to verify the value
ast-grep --pattern 'enum PromptTypes {
  $$$
}'

Length of output: 212

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (2)

lib/utils/generateAuthUrl.test.ts (2)

Line range hint 92-150: Refactor duplicate test cases.

There are two test cases with identical names testing similar behavior. Consider combining them or giving them more specific names to clarify their distinct purposes.

Suggestions:

1. Rename the first test to indicate it validates state parameter
2. Rename the second test to indicate it tests auto-generated state
3. Or combine them into a single test case with multiple assertions

---

Line range hint 173-175: Fix incorrect storage key usage for code verifier.

There's a bug in the test where codeVerifier is being retrieved using StorageKeys.state instead of the correct storage key.

Apply this change:

-    const codeVerifier = await store.getSessionItem(StorageKeys.state);
+    const codeVerifier = await store.getSessionItem(StorageKeys.codeVerifier);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 014734f and 04ffbf7.

📒 Files selected for processing (2)

• lib/utils/generateAuthUrl.test.ts (5 hunks)
• lib/utils/generateAuthUrl.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• lib/utils/generateAuthUrl.ts

🧰 Additional context used

🪛 GitHub Check: main (20.x)

lib/utils/generateAuthUrl.test.ts

[failure] 76-76:
Type '"login"' is not assignable to type 'PromptTypes | undefined'.

🔇 Additional comments (2)

lib/utils/generateAuthUrl.test.ts (2)

22-22: LGTM! URL structure aligns with PR objectives.

The expected URL correctly excludes the start_page parameter while maintaining all required security parameters.

---

39-64: Well-structured test case for registration flow.

The test case correctly validates that:

1. Registration URLs include prompt=create
2. Security parameters (nonce, code_challenge) are properly handled
3. The URL structure aligns with the new registration flow

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

lib/utils/generateAuthUrl.test.ts (1)

Line range hint 39-179: Consider adding test coverage for PromptTypes.none

While the tests cover PromptTypes.login and PromptTypes.create, consider adding a test case for PromptTypes.none to ensure complete enum coverage.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 04ffbf7 and 4fc6367.

📒 Files selected for processing (1)

• lib/utils/generateAuthUrl.test.ts (7 hunks)

🔇 Additional comments (6)

lib/utils/generateAuthUrl.test.ts (6)

2-2: LGTM: Import changes align with new PromptTypes implementation

The addition of PromptTypes to the imports is consistent with the PR's objective to use the prompt parameter instead of start_page.

---

22-22: LGTM: URL expectation correctly updated

The expected URL has been updated to remove the start_page parameter, which aligns with the PR's objective to deprecate this parameter.

---

39-64: LGTM: Well-structured test for registration flow

The new test case properly validates the registration URL generation with the correct prompt parameter, following the established testing patterns and verifying essential security parameters.

---

76-76: Type error resolved: Using PromptTypes enum

The change from string literal to PromptTypes.login resolves the previously identified type error.

---

100-100: LGTM: Consistent usage of PromptTypes enum

The test cases have been properly updated to use PromptTypes.create, maintaining consistency with the new prompt parameter implementation.

Also applies to: 129-129

---

167-167: LGTM: State management test properly updated

The test case has been updated to use PromptTypes.login while maintaining the essential state management validation logic.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.58%. Comparing base (1b3a667) to head (fc1d1ad).
Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #58      +/-   ##
==========================================
+ Coverage   85.48%   85.58%   +0.09%     
==========================================
  Files          32       32              
  Lines         875      881       +6     
  Branches      166      168       +2     
==========================================
+ Hits          748      754       +6     
  Misses        127      127              

Files with missing lines	Coverage Δ
lib/types.ts	100.00% <100.00%> (ø)
lib/utils/generateAuthUrl.ts	100.00% <100.00%> (ø)