kinde-oss · DanielRivers · Jan 7, 2025 · Dec 20, 2024 · Dec 20, 2024 · Dec 20, 2024
diff --git a/lib/main.test.ts b/lib/main.test.ts
@@ -29,6 +29,7 @@ describe("index exports", () => {
     const expectedExports = [
       // types
       "IssuerRouteTypes",
+      "PromptTypes",
       "Scopes",
       "StorageKeys",
 

diff --git a/lib/types.ts b/lib/types.ts
@@ -5,6 +5,12 @@ export enum Scopes {
   offline_access = "offline",
 }
 
+export enum PromptTypes {
+  none = "none",
+  create = "create",
+  login = "login",
+}
+
 export type LoginMethodParams = Pick<
   LoginOptions,
   | "audience"
@@ -72,12 +78,12 @@ export type LoginOptions = {
    * Prompt to use for the login
    *
    * This can be one of the following:
-   * - login
-   * - create
-   * - none
+   * - login (force user re-authentication)
+   * - create (show registration screen)
+   * - none (silently authenticate user without prompting for action)
    *
    */
-  prompt: string;
+  prompt?: PromptTypes;
   /**
    * Redirect URL to use for the login
    */
@@ -95,7 +101,7 @@ export type LoginOptions = {
    * - email
    * - profile
    * - openid
-   * - offline_access
+   * - offline
    */
   scope?: Scopes[];
   /**

diff --git a/lib/utils/generateAuthUrl.test.ts b/lib/utils/generateAuthUrl.test.ts
@@ -1,5 +1,5 @@
 import { describe, it, expect } from "vitest";
-import { IssuerRouteTypes, LoginOptions, Scopes } from "../types";
+import { IssuerRouteTypes, LoginOptions, PromptTypes, Scopes } from "../types";
 import { generateAuthUrl } from "./generateAuthUrl";
 import { MemoryStorage, StorageKeys } from "../sessionManager";
 import { setActiveStorage } from "./token";
@@ -16,11 +16,10 @@ describe("generateAuthUrl", () => {
       connectionId: "conn123",
       redirectURL: "https://example.com",
       audience: "audience123",
-      prompt: "login",
       state: "state123",
     };
     const expectedUrl =
-      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&start_page=login&login_hint=user%40example.com&is_create_org=true&connection_id=conn123&redirect_uri=https%3A%2F%2Fexample.com&audience=audience123&scope=openid+profile&prompt=login&state=state123&code_challenge_method=S256";
+      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&login_hint=user%40example.com&is_create_org=true&connection_id=conn123&redirect_uri=https%3A%2F%2Fexample.com&audience=audience123&scope=openid+profile&state=state123&code_challenge_method=S256";
 
     const result = await generateAuthUrl(
       domain,
@@ -37,6 +36,33 @@ describe("generateAuthUrl", () => {
     expect(result.url.toString()).toBe(expectedUrl);
   });
 
+  it("should generate the register URL when type is 'registration'", async () => {
+    const domain = "https://auth.example.com";
+    const options: LoginOptions = {
+      clientId: "client123",
+      responseType: "code",
+      scope: [Scopes.openid, Scopes.profile],
+      state: "state123",
+      codeChallenge: "challenge123",
+      codeChallengeMethod: "S256",
+      redirectURL: "https://example2.com",
+    };
+    const expectedUrl =
+      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&redirect_uri=https%3A%2F%2Fexample2.com&audience=&scope=openid+profile&state=state123&code_challenge=challenge123&code_challenge_method=S256&prompt=create";
+
+    const result = await generateAuthUrl(
+      domain,
+      IssuerRouteTypes.register,
+      options,
+    );
+    const nonce = result.url.searchParams.get("nonce");
+    expect(nonce).not.toBeNull();
+    expect(nonce!.length).toBe(16);
+    result.url.searchParams.delete("nonce");
+
+    expect(result.url.toString()).toBe(expectedUrl);
+  });
+
   it("should include optional parameters if provided", async () => {
     const domain = "https://auth.example.com";
     const options: LoginOptions = {
@@ -47,10 +73,10 @@ describe("generateAuthUrl", () => {
       codeChallenge: "challenge123",
       codeChallengeMethod: "S256",
       redirectURL: "https://example2.com",
-      prompt: "create",
+      prompt: PromptTypes.login,
     };
     const expectedUrl =
-      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&start_page=login&redirect_uri=https%3A%2F%2Fexample2.com&audience=&scope=openid+profile&prompt=create&state=state123&code_challenge=challenge123&code_challenge_method=S256";
+      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&redirect_uri=https%3A%2F%2Fexample2.com&audience=&scope=openid+profile&prompt=login&state=state123&code_challenge=challenge123&code_challenge_method=S256";
 
     const result = await generateAuthUrl(
       domain,
@@ -71,11 +97,11 @@ describe("generateAuthUrl", () => {
       clientId: "client123",
       scope: [Scopes.openid, Scopes.profile, Scopes.offline_access],
       redirectURL: "https://example2.com",
-      prompt: "create",
+      prompt: PromptTypes.create,
       state: "state123",
     };
     const expectedUrl =
-      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&start_page=login&redirect_uri=https%3A%2F%2Fexample2.com&audience=&scope=openid+profile+offline&prompt=create&state=state123&code_challenge_method=S256";
+      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&redirect_uri=https%3A%2F%2Fexample2.com&audience=&scope=openid+profile+offline&prompt=create&state=state123&code_challenge_method=S256";
 
     const result = await generateAuthUrl(
       domain,
@@ -100,10 +126,10 @@ describe("generateAuthUrl", () => {
       clientId: "client123",
       scope: [Scopes.openid, Scopes.profile, Scopes.offline_access],
       redirectURL: "https://example2.com",
-      prompt: "create",
+      prompt: PromptTypes.create,
     };
     const expectedUrl =
-      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&start_page=login&redirect_uri=https%3A%2F%2Fexample2.com&audience=&scope=openid+profile+offline&prompt=create&code_challenge_method=S256";
+      "https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&redirect_uri=https%3A%2F%2Fexample2.com&audience=&scope=openid+profile+offline&prompt=create&code_challenge_method=S256";
 
     const result = await generateAuthUrl(
       domain,
@@ -138,7 +164,7 @@ describe("generateAuthUrl", () => {
       connectionId: "conn123",
       redirectURL: "https://example.com",
       audience: "audience123",
-      prompt: "login",
+      prompt: PromptTypes.login,
     };
 
     await generateAuthUrl(domain, IssuerRouteTypes.login, options);

diff --git a/lib/utils/generateAuthUrl.ts b/lib/utils/generateAuthUrl.ts
@@ -1,5 +1,5 @@
 import { base64UrlEncode, getInsecureStorage, StorageKeys } from "../main";
-import { IssuerRouteTypes, LoginOptions } from "../types";
+import { IssuerRouteTypes, LoginOptions, PromptTypes } from "../types";
 import { generateRandomString } from "./generateRandomString";
 import { mapLoginMethodParamsForUrl } from "./mapLoginMethodParamsForUrl";
 
@@ -24,7 +24,6 @@ export const generateAuthUrl = async (
   const searchParams: Record<string, string> = {
     client_id: options.clientId,
     response_type: options.responseType || "code",
-    start_page: type,
     ...mapLoginMethodParamsForUrl(options),
   };
 
@@ -59,6 +58,10 @@ export const generateAuthUrl = async (
     searchParams["code_challenge_method"] = options.codeChallengeMethod;
   }
 
+  if (!options.prompt && type === IssuerRouteTypes.register) {
+    searchParams["prompt"] = PromptTypes.create;
+  }
+
   authUrl.search = new URLSearchParams(searchParams).toString();
   return {
     url: authUrl,

diff --git a/lib/utils/mapLoginMethodParamsForUrl.test.ts b/lib/utils/mapLoginMethodParamsForUrl.test.ts
@@ -1,7 +1,7 @@
 // mapLoginMethodParamsForUrl.test.ts
 import { describe, expect, it } from "vitest";
 import { mapLoginMethodParamsForUrl } from "./mapLoginMethodParamsForUrl";
-import { LoginMethodParams, Scopes } from "../types";
+import { LoginMethodParams, PromptTypes, Scopes } from "../types";
 
 describe("mapLoginMethodParamsForUrl", () => {
   it("should map login method params to URL parameters", () => {
@@ -12,7 +12,7 @@ describe("mapLoginMethodParamsForUrl", () => {
       redirectURL: "https://example.com",
       audience: "audience123",
       scope: [Scopes.openid, Scopes.profile],
-      prompt: "login",
+      prompt: PromptTypes.login,
       lang: "en",
       orgCode: "org123",
       orgName: "Example Org",