starti.app
API Reference

Auth

Authenticate users with third-party identity providers (Google, Apple, Microsoft, MitID, and custom providers).

Access: startiapp.Auth

For step-by-step guides to setting up authentication — see Sign in with Google and Sign in with Apple.

Methods

signIn(providerName, options?): Promise<AuthenticationOutcome>

Starts the sign-in flow for the given provider. Returns the authentication result when the flow completes.

Parameters:

ParameterTypeRequiredDescription
providerNameAuthenticationProviderYesThe provider to sign in with
optionsSignInOptionsNoAdditional sign-in options

Returns: Promise<AuthenticationOutcome<TProviderName>> —Either an AuthenticationResult (or AuthenticationResultApple for Apple) on success, or an AuthenticationFailure on failure.

Example:

// Basic sign in with Google
const result = await startiapp.Auth.signIn("google");

if (result.isSuccess) {
  console.log("Authorization code:", result.authorizationCode);
  console.log("Redirect URI:", result.redirectUri);
} else {
  console.error("Sign in failed:", result.errorMessage);
}
// Sign in with Apple (includes identity info)
const result = await startiapp.Auth.signIn("apple");

if (result.isSuccess) {
  console.log("User ID:", result.identity.userId);
  console.log("Email:", result.identity.email);
  console.log("ID Token:", result.identity.idToken);
  // Name is only available on the first sign-in
  console.log("Name:", result.identity.name);
}
// Sign in with MitID and request SSN
const result = await startiapp.Auth.signIn("signaturgruppenmitid", {
  scope: "openid mitid ssn ssn.details_name",
});

if (result.isSuccess) {
  console.log("Claims:", result.additionalClaims);
}

signOut(): Promise<boolean>

Signs out the current user.

Returns: Promise<boolean>true if sign out was successful.

Example:

const success = await startiapp.Auth.signOut();
console.log("Signed out:", success);

getCurrentSession(): Promise<AuthenticationResult | null>

Returns the current authentication session, or null if the user is not authenticated.

Returns: Promise<AuthenticationResult | null>

Example:

const session = await startiapp.Auth.getCurrentSession();

if (session) {
  console.log("Logged in as provider:", session.providerName);
} else {
  console.log("Not authenticated");
}

isAuthenticated(): Promise<boolean>

Checks whether a user is currently authenticated.

Returns: Promise<boolean>true if authenticated.

Example:

const loggedIn = await startiapp.Auth.isAuthenticated();

if (loggedIn) {
  console.log("User is logged in");
}

Types

AuthenticationProvider

The built-in provider names, or any custom string.

type AuthenticationProvider =
  | "apple"
  | "google"
  | "microsoft"
  | "signaturgruppenmitid"
  | (string & {});

SignInOptions

interface SignInOptions {
  scope?: string;
}

AuthenticationOutcome

A discriminated union — either a success result or a failure.

type AuthenticationOutcome<T extends AuthenticationProvider = string> =
  | AuthenticationResult<T>   // generic success
  | AuthenticationResultApple // when T is "apple"
  | AuthenticationFailure<T>;

Check isSuccess to discriminate:

const result = await startiapp.Auth.signIn("google");

if (result.isSuccess) {
  // result is AuthenticationResult
} else {
  // result is AuthenticationFailure
}

AuthenticationSuccessBase

Base interface shared by all successful authentication results.

interface AuthenticationSuccessBase<T extends AuthenticationProvider = string> {
  isSuccess: true;
  providerName: T;
  additionalClaims: Record<string, string>;
}

AuthenticationResult

The standard success result for most providers.

interface AuthenticationResult<T extends AuthenticationProvider = string>
  extends AuthenticationSuccessBase<T> {
  authorizationCode: string;
  codeVerifier: string;
  redirectUri: string;
}

AuthenticationResultApple

The success result specific to Apple sign-in. Includes an identity object with user details.

interface AuthenticationResultApple
  extends AuthenticationSuccessBase<"apple"> {
  authorizationCode: string;
  redirectUri: string;
  identity: {
    userId: string;
    email: string;
    /** Only available on the first sign-in. */
    name: string | null;
    idToken: string;
  };
}

AuthenticationFailure

Returned when sign-in fails or is cancelled.

interface AuthenticationFailure<T extends AuthenticationProvider = string> {
  isSuccess: false;
  providerName: T;
  errorMessage: string;
}

App

Control core app behavior including navigation, UI chrome, domain routing, device info, and screen options.

Biometrics

Authenticate users with device biometrics (Face ID, Touch ID, fingerprint) and securely store credentials or arbitrary data in the device keychain.

On this page

MethodssignIn(providerName, options?): Promise<AuthenticationOutcome>signOut(): Promise<boolean>getCurrentSession(): Promise<AuthenticationResult | null>isAuthenticated(): Promise<boolean>TypesAuthenticationProviderSignInOptionsAuthenticationOutcomeAuthenticationSuccessBaseAuthenticationResultAuthenticationResultAppleAuthenticationFailure