Return the authenticationUrl in the case where connection ID matches …

…the application ID.

CHANGELOG.md

@@ -4,6 +4,7 @@ This is the changelog for [Authress Login](readme.md).
 ## 2.4 ##
 * Prevent silent returns from `authenticate` when a different connectionId is used to have the user log in.
 * Throw error on invalid application specified from inside the SDK for improved debugging.
+* Support returning the `authenticationUrl` via the `authenticate` response for implementations that don't require a redirect.
 
 ## 2.3 ##
 * Add MFA device methods.

index.d.ts

@@ -11,6 +11,11 @@ export interface Settings {
   applicationId: string;
 }
 
+export interface AuthenticateResponse {
+  /** The second step of the authentication flow requires the user to log in with their selected provider. Redirect the user to this location. If you are using a Service Client (sc_clientId) to support a legacy authentication flow as described in https://authress.io/knowledge-base/docs/authentication/connecting-providers-idp/oauth-setup-guide-part-3, this url should match your existing application, and allows following the next step in that guide. If you are not following that guide and just logging the user in, you can ignore this property. */
+  authenticationUrl?: string;
+}
+
 export interface AuthenticationParameters {
   /** Specify which provider connection that user would like to use to log in - see https://authress.io/app/#/manage?focus=connections */
   connectionId?: string;
@@ -191,9 +196,9 @@ export class LoginClient {
   /**
    * @description Logs a user in, if the user is not logged in, will redirect the user to their selected connection/provider and then redirect back to the {@link redirectUrl}. If neither the {@link connectionId} nor the {@link tenantLookupIdentifier} is specified the user will be directed to the Authress hosted login page to select their preferred login method.
    * @param {AuthenticationParameters} [settings] Parameters for controlling how and when users should be authenticated for the app.
-   * @return {Promise<boolean>} Is there a valid existing session.
+   * @return {Promise<void | AuthenticateResponse>} Automatically redirects the user to the appropriate location, unless the connectionId matches a legacy authentication flow.
    */
-  authenticate(settings?: AuthenticationParameters): Promise<boolean>;
+  authenticate(settings?: AuthenticationParameters): Promise<void | AuthenticateResponse>;
 
   /**
    * @description Ensures the user's bearer token exists. To be used in the Authorization header as a Bearer token. This method blocks on a valid user session being created, and expects {@link authenticate} to have been called first. Additionally, if the application configuration specifies that tokens should be secured from javascript, the token will be a hidden cookie only visible to service APIs and will not be returned. If the token is expired and the session is still valid, then it will automatically generate a new token directly from Authress.

src/index.js

@@ -32,7 +32,7 @@ class LoginClient {
     }
 
     this.applicationId = settingsWithDefault.applicationId;
-    if (!this.applicationId || this.applicationId.match(/^(sc_|ext_)/)) {
+    if (!this.applicationId || this.applicationId.match(/^(ext_)/)) {
       const error = Error("You have incorrectly specified an Authress Service Client or Extension as the applicationId instead of a valid application. The applicationId is your application that your users will log into, usually hosted on your domain https://example.yourdomain.com. Users cannot log *into* a Service Client, but they can log in *with* one. Users can use a Service Client to log in, by setting the connection ID in the *authenticate({ connectionId })* method to be the Authress Service Client.\n(1) If you are building an Custom Login Portal, then the application ID should correspond to this login portal.\n(2) If you are replacing or extending an Authress connection, then specify the Service Client as the connectionId and the end user application as the applicationId.\n(3) If you are building a platform or plugin marketplace, where users will log into third party extensions or apps, then distribute in your SDK a wrapper for the Authress Extension Client using: import { extensionClient } from '@authress/login' found within this SDK.\n(4) If you aren't sure what to do here to fix the problem, the fastest and usually correct solution is go to https://authress.io/app/#/settings?focus=applications create a new application, specify your site in the application url property and then update the value here.");
       error.code = 'InvalidApplication';
       throw error;
@@ -580,7 +580,7 @@ class LoginClient {
    * @param {Boolean} [force=false] Force getting new credentials.
    * @param {Boolean} [multiAccount=false] Enable multi-account login. The user will be prompted to login with their other account, if they are not logged in already.
    * @param {Boolean} [clearUserDataBeforeLogin=true] Remove all cookies, LocalStorage, and SessionStorage related data before logging in. In most cases, this helps prevent corrupted browser state from affecting your user's experience.
-   * @return {Promise<Boolean>} Is there a valid existing session.
+   * @return {Promise<void | AuthenticateResponse>} The authentication response.
    */
   async authenticate(options = {}) {
     const { connectionId, tenantLookupIdentifier, inviteId, redirectUrl, force, responseLocation, flowType, connectionProperties, openType, multiAccount, clearUserDataBeforeLogin } = (options || {});
@@ -627,6 +627,14 @@ class LoginClient {
         nonce: authResponse.data.authenticationRequestId, codeVerifier, lastConnectionId: connectionId, tenantLookupIdentifier, redirectUrl: selectedRedirectUrl,
         enableCredentials: authResponse.data.enableCredentials, multiAccount
       }));
+
+      // If the current application is actually the same as the connection then just return the authentication data filtered by the properties which are actually usable
+      if (this.applicationId === connectionId) {
+        return {
+          authenticationUrl: authResponse.data.authenticationUrl
+        };
+      }
+
       if (openType === 'tab') {
         const result = windowManager.open(authResponse.data.authenticationUrl, '_blank');
         if (!result || result.closed || typeof result.closed === 'undefined') {