oc · docs
docs / documentation

@orangecheck/auth-client


@orangecheck/auth-client / OcSignInProps

Interface: OcSignInProps

Defined in: signin.tsx:43

Properties

PropertyTypeDescriptionDefined in
<a id="property-add"></a> add?booleanMulti-account · when true, the sign-in is performed in "add" mode: the resulting session is appended to the browser's existing roster instead of replacing it. The previously-active account stays signed in and remains a switch target on the auth host. Off by default (back-compat). The component also reads ?add=1 from the URL search params and treats it the same — so the auth host's /signin?add=1 entry point Just Works without any extra prop. The add flag is forwarded as a body field to the host's /api/auth/signin and /api/auth/email-otp/verify; if the host hasn't deployed the multi-account migration yet it silently ignores the field and the call falls back to ordinary signin.signin.tsx:140
<a id="property-audience"></a> audiencestringConsumer-site audience URL passed as expectedAudience on the BIP-322 challenge. e.g. 'https://vault.ochk.io'. Required — the challenge nonce is bound to this audience.signin.tsx:49
<a id="property-authorigin"></a> authOrigin?stringOverride the auth host. Defaults to 'https://ochk.io'. For preview / dev / staging only.signin.tsx:89
<a id="property-classname"></a> className?stringclassName for the outer container.signin.tsx:142
<a id="property-initialpath"></a> initialPath?"wallet" | "email"Initial visible tab. Defaults to 'email' (since providersFirst is on by default); resolves to 'wallet' only when providersFirst={false} and this is left unspecified.signin.tsx:95
<a id="property-linkprompt"></a> linkPrompt?booleanWhether to show the "also link my other identity" checkbox on the sign-in form. On by default. The checkbox is optional and unchecked by default; it is shown on both the wallet and email paths. If the user ticks it, the complementary identity's link ceremony (BIP-322 for a wallet, OTP for an email) runs inline immediately after a successful sign-in — before onSuccess / returnTo, so it composes with custom routing — because the sign-in just proved one credential and the link ceremony proves the second. Pass linkPrompt={false} to omit the checkbox.signin.tsx:125
<a id="property-onsuccess"></a> onSuccess?(account: OcAccount, token?: string) => voidOverride the default hard-navigation behavior. When provided, called with the account and the session JWT. The component will NOT navigate — the caller is responsible. Use for custom post-signin routing — e.g. /popup/signin postMessages { account, token } to its opener so a cross-domain integrator (different eTLD+1 from .ochk.io, which the HttpOnly cookie can't reach) can verify the session via JWKS.signin.tsx:71
<a id="property-paths"></a> paths?&#123; email?: boolean; wallet?: boolean; &#125;Disable one of the two paths. Default is both enabled. Useful for B2B-only sites that don't want to expose email-OTP.signin.tsx:113
paths.email?boolean-signin.tsx:113
paths.wallet?boolean-signin.tsx:113
<a id="property-providersfirst"></a> providersFirst?booleanRe-order the ceremony so the third-party providers (Google / GitHub) render above the wallet + email panel, and the email path is the default active tab. On by default — the family standard. A first-time, non-Bitcoiner visitor sees the most familiar on-ramp (Google / GitHub / email one-time code) first; the BIP-322 wallet path stays one tab away, reframed as the most-sovereign option. Pass providersFirst={false} for the legacy bitcoin-first ordering. Honors family rule #3 — email / OAuth is the easy bridge, the Bitcoin address remains the canonical identity it resolves to.signin.tsx:108
<a id="property-resolvereturnto"></a> resolveReturnTo?(account: OcAccount) => string | Promise&lt;string>Async post-success routing. When provided (and onSuccess is not), the component awaits resolveReturnTo(account) and hard-navigates to the result instead of the static returnTo. This is the seam that lets a site keep persona-aware routing without forking the ceremony — e.g. me.ochk.io resolves /api/me/intent and routes to /me/developer/me/operator
<a id="property-returnto"></a> returnTo?stringWhere to navigate after success. Defaults to '/'. Open-redirect-safe: a same-origin path (must start with /, NOT //) or an absolute https:// URL on ochk.io / *.ochk.io — the add-another-account flow starts on a consumer subdomain and must round-trip back to it, including through the OAuth provider hop. Anything else is ignored. When omitted, the component reads ?return_to= (or ?next=) from the page URL — so the auth host's /signin?add=1&return_to=… entry point Just Works, the same way the add prop auto-detects ?add=1.signin.tsx:61