@tokenite/sdk 2.2.0 → 2.3.0

package/README.md

@@ -223,7 +223,7 @@ for await (const event of stream) {
 <!-- GEN:API -->
 ### `.getAuthorizeUrl(options?: AuthorizeOptions) => string`
 
-Build the authorization URL for a full-page redirect. Supports optional suggested budget that pre-fills the consent screen.
+Build the authorization URL for a full-page redirect.
 
 ### `.popup(options?: PopupOptions) => Promise<PopupResult>`
 
@@ -267,11 +267,43 @@ export type TokeniteConfig = {
   readonly proxyUrl?: string;
 };
 
+/**
+ * OAuth 2.0 / OIDC `prompt` parameter. Tells Tokenite whether to
+ * re-prompt the user even when they have an existing session and/or
+ * an existing grant for this app.
+ *
+ * - `'consent'` — re-show the consent screen even if the user has
+ *   already authorized this app. Use this on "Sign in with Tokenite"
+ *   buttons that follow a sign-out, so users don't silently
+ *   re-authorize without a chance to pick a different account or
+ *   cancel.
+ * - `'login'` — request that the user re-authenticate. Today this
+ *   behaves the same as `'consent'` on Tokenite (full session-cookie
+ *   clear is a TODO); the consent screen still shows.
+ * - `'select_account'` — show the account picker. Tokenite already
+ *   does this automatically when the user has multiple accounts;
+ *   passing it explicitly is a hint for future apps that always want
+ *   the picker.
+ * - `'none'` — never show UI; fail if interaction is required.
+ *   Currently treated as the default (silent reauth).
+ *
+ * The OAuth 2.0 spec allows a space-separated combination
+ * (e.g. `'login consent'`); for that, pass the raw string. The
+ * union above is just for autocomplete on the common values.
+ */
+export type OAuthPrompt = 'login' | 'consent' | 'select_account' | 'none' | (string & {});
+
 export type AuthorizeOptions = {
   /** Custom state parameter for CSRF protection. Auto-generated if not provided. */
   readonly state?: string;
   /** Suggested budget amount (user can override on consent screen) */
   readonly suggestedBudget?: number;
+  /**
+   * OAuth `prompt` parameter. Most common use: pass `'consent'` to
+   * force a fresh consent screen on sign-in (prevents silent reauth
+   * after the user signed out of the app). See {@link OAuthPrompt}.
+   */
+  readonly prompt?: OAuthPrompt;
 };
 
 export type PopupOptions = {
@@ -293,6 +325,12 @@ export type PopupOptions = {
   readonly width?: number;
   /** Modal/popup height in pixels. Default: 620 */
   readonly height?: number;
+  /**
+   * OAuth `prompt` parameter. Most common use: pass `'consent'` to
+   * force a fresh consent screen on sign-in (prevents silent reauth
+   * after the user signed out of the app). See {@link OAuthPrompt}.
+   */
+  readonly prompt?: OAuthPrompt;
 };
 
 export type PopupResult = {

package/dist/client.d.ts

@@ -40,7 +40,13 @@ import type { TokeniteConfig, AuthorizeOptions, PopupOptions, PopupResult, Token
 export declare const Tokenite: (config: TokeniteConfig) => {
     /**
      * Build the authorization URL for a full-page redirect.
-     * Supports optional suggested budget that pre-fills the consent screen.
+     *
+     * Pass `prompt: 'consent'` on "Sign in with Tokenite" buttons that
+     * follow a sign-out, so the user sees the consent screen again
+     * instead of being silently re-authorized:
+     * ```typescript
+     * res.redirect(tk.getAuthorizeUrl({ prompt: 'consent' }));
+     * ```
      */
     getAuthorizeUrl: (options?: AuthorizeOptions) => string;
     /**
@@ -64,6 +70,13 @@ export declare const Tokenite: (config: TokeniteConfig) => {
      *   body: JSON.stringify({ code }),
      * });
      * ```
+     *
+     * Pass `prompt: 'consent'` to force a fresh consent screen — use on
+     * the "Sign in with Tokenite" button shown after the user signed out
+     * of your app, so they don't silently re-authorize:
+     * ```typescript
+     * const { code } = await tk.popup({ prompt: 'consent' });
+     * ```
      */
     popup: (options?: PopupOptions) => Promise<PopupResult>;
     /**

package/dist/client.js

@@ -92,12 +92,20 @@ export const Tokenite = (config) => {
             params.set('suggested_budget', String(options.suggestedBudget));
         if (options?.mode)
             params.set('mode', options.mode);
+        if (options?.prompt)
+            params.set('prompt', options.prompt);
         return `${baseUrl}/oauth/authorize?${params}`;
     };
     return {
         /**
          * Build the authorization URL for a full-page redirect.
-         * Supports optional suggested budget that pre-fills the consent screen.
+         *
+         * Pass `prompt: 'consent'` on "Sign in with Tokenite" buttons that
+         * follow a sign-out, so the user sees the consent screen again
+         * instead of being silently re-authorized:
+         * ```typescript
+         * res.redirect(tk.getAuthorizeUrl({ prompt: 'consent' }));
+         * ```
          */
         getAuthorizeUrl: (options) => buildAuthorizeUrl(options),
         /**
@@ -121,6 +129,13 @@ export const Tokenite = (config) => {
          *   body: JSON.stringify({ code }),
          * });
          * ```
+         *
+         * Pass `prompt: 'consent'` to force a fresh consent screen — use on
+         * the "Sign in with Tokenite" button shown after the user signed out
+         * of your app, so they don't silently re-authorize:
+         * ```typescript
+         * const { code } = await tk.popup({ prompt: 'consent' });
+         * ```
          */
         popup: (options) => {
             const mode = options?.mode ?? 'iframe';
@@ -133,6 +148,7 @@ export const Tokenite = (config) => {
             const url = buildAuthorizeUrl({
                 suggestedBudget: options?.suggestedBudget,
                 mode: mode === 'window' ? 'popup' : 'iframe',
+                prompt: options?.prompt,
             });
             return mode === 'window'
                 ? openWindowPopup(url, width, height, baseUrl, config.redirectUri)

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { Tokenite } from './client.js';
-export type { TokeniteConfig, AuthorizeOptions, PopupOptions, PopupResult, TokenResponse, Provider, ProxyCallOptions, ProxyUsage, ProxySuccess, ProxyError, ProxyResponse, ErrorSource, ProviderInfo, AppInfo, UserInfo, AccessContext, TopUpOptions, TopUpResult, CallWithRecoveryOptions, } from './types.js';
+export type { TokeniteConfig, AuthorizeOptions, OAuthPrompt, PopupOptions, PopupResult, TokenResponse, Provider, ProxyCallOptions, ProxyUsage, ProxySuccess, ProxyError, ProxyResponse, ErrorSource, ProviderInfo, AppInfo, UserInfo, AccessContext, TopUpOptions, TopUpResult, CallWithRecoveryOptions, } from './types.js';
 export { isProxyError, isProxySuccess } from './types.js';
 export { parseCallback } from './parse-callback.js';
 export type { CallbackResult, CallbackSuccess, CallbackError, CallbackReason, ParseCallbackOptions, } from './parse-callback.js';

package/dist/types.d.ts

@@ -10,11 +10,42 @@ export type TokeniteConfig = {
     /** Tokenite proxy URL. Default: https://api.tokenite.ai */
     readonly proxyUrl?: string;
 };
+/**
+ * OAuth 2.0 / OIDC `prompt` parameter. Tells Tokenite whether to
+ * re-prompt the user even when they have an existing session and/or
+ * an existing grant for this app.
+ *
+ * - `'consent'` — re-show the consent screen even if the user has
+ *   already authorized this app. Use this on "Sign in with Tokenite"
+ *   buttons that follow a sign-out, so users don't silently
+ *   re-authorize without a chance to pick a different account or
+ *   cancel.
+ * - `'login'` — request that the user re-authenticate. Today this
+ *   behaves the same as `'consent'` on Tokenite (full session-cookie
+ *   clear is a TODO); the consent screen still shows.
+ * - `'select_account'` — show the account picker. Tokenite already
+ *   does this automatically when the user has multiple accounts;
+ *   passing it explicitly is a hint for future apps that always want
+ *   the picker.
+ * - `'none'` — never show UI; fail if interaction is required.
+ *   Currently treated as the default (silent reauth).
+ *
+ * The OAuth 2.0 spec allows a space-separated combination
+ * (e.g. `'login consent'`); for that, pass the raw string. The
+ * union above is just for autocomplete on the common values.
+ */
+export type OAuthPrompt = 'login' | 'consent' | 'select_account' | 'none' | (string & {});
 export type AuthorizeOptions = {
     /** Custom state parameter for CSRF protection. Auto-generated if not provided. */
     readonly state?: string;
     /** Suggested budget amount (user can override on consent screen) */
     readonly suggestedBudget?: number;
+    /**
+     * OAuth `prompt` parameter. Most common use: pass `'consent'` to
+     * force a fresh consent screen on sign-in (prevents silent reauth
+     * after the user signed out of the app). See {@link OAuthPrompt}.
+     */
+    readonly prompt?: OAuthPrompt;
 };
 export type PopupOptions = {
     /** Suggested budget amount (user can override on consent screen) */
@@ -35,6 +66,12 @@ export type PopupOptions = {
     readonly width?: number;
     /** Modal/popup height in pixels. Default: 620 */
     readonly height?: number;
+    /**
+     * OAuth `prompt` parameter. Most common use: pass `'consent'` to
+     * force a fresh consent screen on sign-in (prevents silent reauth
+     * after the user signed out of the app). See {@link OAuthPrompt}.
+     */
+    readonly prompt?: OAuthPrompt;
 };
 export type PopupResult = {
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tokenite/sdk",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "SDK for integrating \"Login with Tokenite\" into your app. Your users bring their own AI tokens — you pay nothing.",
   "type": "module",
   "exports": {