@asgardeo/nextjs 0.1.9 → 0.1.11

package/dist/utils/SessionManager.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { JWTPayload } from 'jose';
+/**
+ * Session token payload interface
+ */
+export interface SessionTokenPayload extends JWTPayload {
+    /** User ID */
+    sub: string;
+    /** Session ID */
+    sessionId: string;
+    /** OAuth scopes */
+    scopes: string[];
+    /** Organization ID if applicable */
+    organizationId?: string;
+    /** Issued at timestamp */
+    iat: number;
+    /** Expiration timestamp */
+    exp: number;
+}
+/**
+ * Session management utility class for JWT-based session cookies
+ */
+declare class SessionManager {
+    private static readonly SESSION_COOKIE_NAME;
+    private static readonly TEMP_SESSION_COOKIE_NAME;
+    private static readonly DEFAULT_EXPIRY_SECONDS;
+    /**
+     * Get the signing secret from environment variable
+     * Throws error in production if not set
+     */
+    private static getSecret;
+    /**
+     * Create a temporary session cookie for login initiation
+     */
+    static createTempSession(sessionId: string): Promise<string>;
+    /**
+     * Create a session cookie with user information
+     */
+    static createSessionToken(userId: string, sessionId: string, scopes: string[], organizationId?: string, expirySeconds?: number): Promise<string>;
+    /**
+     * Verify and decode a session token
+     */
+    static verifySessionToken(token: string): Promise<SessionTokenPayload>;
+    /**
+     * Verify and decode a temporary session token
+     */
+    static verifyTempSession(token: string): Promise<{
+        sessionId: string;
+    }>;
+    /**
+     * Get session cookie options
+     */
+    static getSessionCookieOptions(): {
+        httpOnly: boolean;
+        secure: boolean;
+        sameSite: "lax";
+        path: string;
+        maxAge: number;
+    };
+    /**
+     * Get temporary session cookie options
+     */
+    static getTempSessionCookieOptions(): {
+        httpOnly: boolean;
+        secure: boolean;
+        sameSite: "lax";
+        path: string;
+        maxAge: number;
+    };
+    /**
+     * Get session cookie name
+     */
+    static getSessionCookieName(): string;
+    /**
+     * Get temporary session cookie name
+     */
+    static getTempSessionCookieName(): string;
+}
+export default SessionManager;

package/dist/utils/SessionManager.js

@@ -0,0 +1,143 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { SignJWT, jwtVerify } from 'jose';
+import { AsgardeoRuntimeError } from '@asgardeo/node';
+/**
+ * Session management utility class for JWT-based session cookies
+ */
+class SessionManager {
+    static SESSION_COOKIE_NAME = 'asgardeo_session';
+    static TEMP_SESSION_COOKIE_NAME = 'asgardeo_temp_session';
+    static DEFAULT_EXPIRY_SECONDS = 3600; // 1 hour
+    /**
+     * Get the signing secret from environment variable
+     * Throws error in production if not set
+     */
+    static getSecret() {
+        const secret = process.env['ASGARDEO_SECRET'];
+        if (!secret) {
+            if (process.env['NODE_ENV'] === 'production') {
+                throw new AsgardeoRuntimeError('ASGARDEO_SECRET environment variable is required in production', 'session-secret-required', 'nextjs', 'Set the ASGARDEO_SECRET environment variable with a secure random string');
+            }
+            // Use a default secret for development (not secure)
+            console.warn('⚠️  Using default secret for development. Set ASGARDEO_SECRET for production!');
+            return new TextEncoder().encode('development-secret-not-for-production');
+        }
+        return new TextEncoder().encode(secret);
+    }
+    /**
+     * Create a temporary session cookie for login initiation
+     */
+    static async createTempSession(sessionId) {
+        const secret = this.getSecret();
+        const jwt = await new SignJWT({
+            sessionId,
+            type: 'temp',
+        })
+            .setProtectedHeader({ alg: 'HS256' })
+            .setIssuedAt()
+            .setExpirationTime('15m') // Temporary sessions expire in 15 minutes
+            .sign(secret);
+        return jwt;
+    }
+    /**
+     * Create a session cookie with user information
+     */
+    static async createSessionToken(userId, sessionId, scopes, organizationId, expirySeconds = this.DEFAULT_EXPIRY_SECONDS) {
+        const secret = this.getSecret();
+        const jwt = await new SignJWT({
+            sessionId,
+            scopes,
+            organizationId,
+            type: 'session',
+        })
+            .setProtectedHeader({ alg: 'HS256' })
+            .setSubject(userId)
+            .setIssuedAt()
+            .setExpirationTime(Date.now() / 1000 + expirySeconds)
+            .sign(secret);
+        return jwt;
+    }
+    /**
+     * Verify and decode a session token
+     */
+    static async verifySessionToken(token) {
+        try {
+            const secret = this.getSecret();
+            const { payload } = await jwtVerify(token, secret);
+            return payload;
+        }
+        catch (error) {
+            throw new AsgardeoRuntimeError(`Invalid session token: ${error instanceof Error ? error.message : 'Unknown error'}`, 'invalid-session-token', 'nextjs', 'Session token verification failed');
+        }
+    }
+    /**
+     * Verify and decode a temporary session token
+     */
+    static async verifyTempSession(token) {
+        try {
+            const secret = this.getSecret();
+            const { payload } = await jwtVerify(token, secret);
+            if (payload['type'] !== 'temp') {
+                throw new Error('Invalid token type');
+            }
+            return { sessionId: payload['sessionId'] };
+        }
+        catch (error) {
+            throw new AsgardeoRuntimeError(`Invalid temporary session token: ${error instanceof Error ? error.message : 'Unknown error'}`, 'invalid-temp-session-token', 'nextjs', 'Temporary session token verification failed');
+        }
+    }
+    /**
+     * Get session cookie options
+     */
+    static getSessionCookieOptions() {
+        return {
+            httpOnly: true,
+            secure: process.env['NODE_ENV'] === 'production',
+            sameSite: 'lax',
+            path: '/',
+            maxAge: this.DEFAULT_EXPIRY_SECONDS,
+        };
+    }
+    /**
+     * Get temporary session cookie options
+     */
+    static getTempSessionCookieOptions() {
+        return {
+            httpOnly: true,
+            secure: process.env['NODE_ENV'] === 'production',
+            sameSite: 'lax',
+            path: '/',
+            maxAge: 15 * 60, // 15 minutes
+        };
+    }
+    /**
+     * Get session cookie name
+     */
+    static getSessionCookieName() {
+        return this.SESSION_COOKIE_NAME;
+    }
+    /**
+     * Get temporary session cookie name
+     */
+    static getTempSessionCookieName() {
+        return this.TEMP_SESSION_COOKIE_NAME;
+    }
+}
+export default SessionManager;
+//# sourceMappingURL=SessionManager.js.map

package/dist/utils/SessionManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionManager.js","sourceRoot":"","sources":["../../src/utils/SessionManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,OAAO,EAAE,SAAS,EAAa,MAAM,MAAM,CAAC;AACpD,OAAO,EAAC,oBAAoB,EAAC,MAAM,gBAAgB,CAAC;AAoBpD;;GAEG;AACH,MAAM,cAAc;IACV,MAAM,CAAU,mBAAmB,GAAG,kBAAkB,CAAC;IACzD,MAAM,CAAU,wBAAwB,GAAG,uBAAuB,CAAC;IACnE,MAAM,CAAU,sBAAsB,GAAG,IAAI,CAAC,CAAC,SAAS;IAEhE;;;OAGG;IACK,MAAM,CAAC,SAAS;QACtB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAE9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;gBAC7C,MAAM,IAAI,oBAAoB,CAC5B,gEAAgE,EAChE,yBAAyB,EACzB,QAAQ,EACR,0EAA0E,CAC3E,CAAC;YACJ,CAAC;YACD,oDAAoD;YACpD,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;YAC9F,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,uCAAuC,CAAC,CAAC;QAC3E,CAAC;QAED,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,SAAiB;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAEhC,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,SAAS;YACT,IAAI,EAAE,MAAM;SACb,CAAC;aACC,kBAAkB,CAAC,EAAC,GAAG,EAAE,OAAO,EAAC,CAAC;aAClC,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC,CAAC,0CAA0C;aACnE,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAC7B,MAAc,EACd,SAAiB,EACjB,MAAgB,EAChB,cAAuB,EACvB,gBAAwB,IAAI,CAAC,sBAAsB;QAEnD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAEhC,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,SAAS;YACT,MAAM;YACN,cAAc;YACd,IAAI,EAAE,SAAS;SACoC,CAAC;aACnD,kBAAkB,CAAC,EAAC,GAAG,EAAE,OAAO,EAAC,CAAC;aAClC,UAAU,CAAC,MAAM,CAAC;aAClB,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,aAAa,CAAC;aACpD,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,KAAa;QAC3C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAEjD,OAAO,OAA8B,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,oBAAoB,CAC5B,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,EACpF,uBAAuB,EACvB,QAAQ,EACR,mCAAmC,CACpC,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAa;QAC1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAEjD,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,MAAM,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACxC,CAAC;YAED,OAAO,EAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAW,EAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,oBAAoB,CAC5B,oCAAoC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,EAC9F,4BAA4B,EAC5B,QAAQ,EACR,6CAA6C,CAC9C,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,uBAAuB;QAC5B,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY;YAChD,QAAQ,EAAE,KAAc;YACxB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI,CAAC,sBAAsB;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,2BAA2B;QAChC,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY;YAChD,QAAQ,EAAE,KAAc;YACxB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,aAAa;SAC/B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,oBAAoB;QACzB,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,wBAAwB;QAC7B,OAAO,IAAI,CAAC,wBAAwB,CAAC;IACvC,CAAC;;AAGH,eAAe,cAAc,CAAC"}

package/dist/utils/createRouteMatcher.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { NextRequest } from 'next/server';
+/**
+ * Creates a route matcher function that tests if a request matches any of the given patterns.
+ *
+ * @param patterns - Array of route patterns to match. Supports glob-like patterns.
+ * @returns Function that tests if a request matches any of the patterns
+ *
+ * @example
+ * ```typescript
+ * const isProtectedRoute = createRouteMatcher([
+ *   '/dashboard(.*)',
+ *   '/admin(.*)',
+ *   '/profile'
+ * ]);
+ *
+ * if (isProtectedRoute(req)) {
+ *   // Route is protected
+ * }
+ * ```
+ */
+export declare const createRouteMatcher: (patterns: string[]) => (req: NextRequest) => boolean;

package/dist/utils/createRouteMatcher.js

@@ -0,0 +1,51 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/**
+ * Creates a route matcher function that tests if a request matches any of the given patterns.
+ *
+ * @param patterns - Array of route patterns to match. Supports glob-like patterns.
+ * @returns Function that tests if a request matches any of the patterns
+ *
+ * @example
+ * ```typescript
+ * const isProtectedRoute = createRouteMatcher([
+ *   '/dashboard(.*)',
+ *   '/admin(.*)',
+ *   '/profile'
+ * ]);
+ *
+ * if (isProtectedRoute(req)) {
+ *   // Route is protected
+ * }
+ * ```
+ */
+export const createRouteMatcher = (patterns) => {
+    const regexPatterns = patterns.map(pattern => {
+        // Convert glob-like patterns to regex
+        const regexPattern = pattern
+            .replace(/\./g, '\\.') // Escape dots
+            .replace(/\*/g, '.*') // Convert * to .*
+            .replace(/\(\.\*\)/g, '(.*)'); // Handle explicit (.*) patterns
+        return new RegExp(`^${regexPattern}$`);
+    });
+    return (req) => {
+        const pathname = req.nextUrl.pathname;
+        return regexPatterns.some(regex => regex.test(pathname));
+    };
+};
+//# sourceMappingURL=createRouteMatcher.js.map

package/dist/utils/createRouteMatcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createRouteMatcher.js","sourceRoot":"","sources":["../../src/utils/createRouteMatcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,QAAkB,EAAE,EAAE;IACvD,MAAM,aAAa,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;QAC3C,sCAAsC;QACtC,MAAM,YAAY,GAAG,OAAO;aACzB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,cAAc;aACpC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,kBAAkB;aACvC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,gCAAgC;QAEjE,OAAO,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,GAAgB,EAAW,EAAE;QACnC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;QACtC,OAAO,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/utils/sessionUtils.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { NextRequest } from 'next/server';
+import { SessionTokenPayload } from './SessionManager';
+/**
+ * Checks if a request has a valid session cookie (JWT).
+ * This verifies the JWT signature and expiration.
+ *
+ * @param request - The Next.js request object
+ * @returns True if a valid session exists, false otherwise
+ */
+export declare const hasValidSession: (request: NextRequest) => Promise<boolean>;
+/**
+ * Gets the session payload from the request cookies.
+ * This includes user ID, session ID, and scopes.
+ *
+ * @param request - The Next.js request object
+ * @returns The session payload if valid, undefined otherwise
+ */
+export declare const getSessionFromRequest: (request: NextRequest) => Promise<SessionTokenPayload | undefined>;
+/**
+ * Gets the session ID from the request cookies (legacy support).
+ * First tries to get from JWT session, then falls back to legacy session ID cookie.
+ *
+ * @param request - The Next.js request object
+ * @returns The session ID if it exists, undefined otherwise
+ */
+export declare const getSessionIdFromRequest: (request: NextRequest) => Promise<string | undefined>;
+/**
+ * Gets the temporary session ID from request cookies.
+ *
+ * @param request - The Next.js request object
+ * @returns The temporary session ID if valid, undefined otherwise
+ */
+export declare const getTempSessionFromRequest: (request: NextRequest) => Promise<string | undefined>;
+/**
+ * Legacy function for backward compatibility.
+ * Checks if a request has a valid session ID in cookies.
+ *
+ * @deprecated Use hasValidSession instead for JWT-based sessions
+ * @param request - The Next.js request object
+ * @returns True if a session ID exists, false otherwise
+ */
+export declare const hasValidSessionLegacy: (request: NextRequest) => boolean;

package/dist/utils/sessionUtils.js

@@ -0,0 +1,112 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import SessionManager from './SessionManager';
+import { CookieConfig } from '@asgardeo/node';
+/**
+ * Checks if a request has a valid session cookie (JWT).
+ * This verifies the JWT signature and expiration.
+ *
+ * @param request - The Next.js request object
+ * @returns True if a valid session exists, false otherwise
+ */
+export const hasValidSession = async (request) => {
+    try {
+        const sessionToken = request.cookies.get(SessionManager.getSessionCookieName())?.value;
+        if (!sessionToken) {
+            return false;
+        }
+        await SessionManager.verifySessionToken(sessionToken);
+        return true;
+    }
+    catch {
+        return false;
+    }
+};
+/**
+ * Gets the session payload from the request cookies.
+ * This includes user ID, session ID, and scopes.
+ *
+ * @param request - The Next.js request object
+ * @returns The session payload if valid, undefined otherwise
+ */
+export const getSessionFromRequest = async (request) => {
+    try {
+        const sessionToken = request.cookies.get(SessionManager.getSessionCookieName())?.value;
+        if (!sessionToken) {
+            return undefined;
+        }
+        return await SessionManager.verifySessionToken(sessionToken);
+    }
+    catch {
+        return undefined;
+    }
+};
+/**
+ * Gets the session ID from the request cookies (legacy support).
+ * First tries to get from JWT session, then falls back to legacy session ID cookie.
+ *
+ * @param request - The Next.js request object
+ * @returns The session ID if it exists, undefined otherwise
+ */
+export const getSessionIdFromRequest = async (request) => {
+    try {
+        // Try JWT session first
+        const sessionPayload = await getSessionFromRequest(request);
+        if (sessionPayload) {
+            return sessionPayload.sessionId;
+        }
+        // Fall back to legacy session ID cookie for backward compatibility
+        return request.cookies.get(CookieConfig.SESSION_COOKIE_NAME)?.value;
+    }
+    catch {
+        // Fall back to legacy session ID cookie
+        return request.cookies.get(CookieConfig.SESSION_COOKIE_NAME)?.value;
+    }
+};
+/**
+ * Gets the temporary session ID from request cookies.
+ *
+ * @param request - The Next.js request object
+ * @returns The temporary session ID if valid, undefined otherwise
+ */
+export const getTempSessionFromRequest = async (request) => {
+    try {
+        const tempToken = request.cookies.get(SessionManager.getTempSessionCookieName())?.value;
+        if (!tempToken) {
+            return undefined;
+        }
+        const tempSession = await SessionManager.verifyTempSession(tempToken);
+        return tempSession.sessionId;
+    }
+    catch {
+        return undefined;
+    }
+};
+/**
+ * Legacy function for backward compatibility.
+ * Checks if a request has a valid session ID in cookies.
+ *
+ * @deprecated Use hasValidSession instead for JWT-based sessions
+ * @param request - The Next.js request object
+ * @returns True if a session ID exists, false otherwise
+ */
+export const hasValidSessionLegacy = (request) => {
+    const sessionId = request.cookies.get(CookieConfig.SESSION_COOKIE_NAME)?.value;
+    return Boolean(sessionId && sessionId.trim().length > 0);
+};
+//# sourceMappingURL=sessionUtils.js.map

package/dist/utils/sessionUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessionUtils.js","sourceRoot":"","sources":["../../src/utils/sessionUtils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,cAAqC,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAC,YAAY,EAAC,MAAM,gBAAgB,CAAC;AAE5C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,OAAoB,EAAoB,EAAE;IAC9E,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,oBAAoB,EAAE,CAAC,EAAE,KAAK,CAAC;QACvF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,cAAc,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EAAE,OAAoB,EAA4C,EAAE;IAC5G,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,oBAAoB,EAAE,CAAC,EAAE,KAAK,CAAC;QACvF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,MAAM,cAAc,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,KAAK,EAAE,OAAoB,EAA+B,EAAE;IACjG,IAAI,CAAC;QACH,wBAAwB;QACxB,MAAM,cAAc,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC5D,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,cAAc,CAAC,SAAS,CAAC;QAClC,CAAC;QAED,mEAAmE;QACnE,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,mBAAmB,CAAC,EAAE,KAAK,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,wCAAwC;QACxC,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,mBAAmB,CAAC,EAAE,KAAK,CAAC;IACtE,CAAC;AACH,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,EAAE,OAAoB,EAA+B,EAAE;IACnG,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,EAAE,CAAC,EAAE,KAAK,CAAC;QACxF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QACtE,OAAO,WAAW,CAAC,SAAS,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,OAAoB,EAAW,EAAE;IACrE,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,mBAAmB,CAAC,EAAE,KAAK,CAAC;IAC/E,OAAO,OAAO,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@asgardeo/nextjs",
-  "version": "0.1.9",
+  "version": "0.1.11",
   "description": "Next.js implementation of Asgardeo JavaScript SDK.",
   "keywords": [
     "asgardeo",
@@ -37,9 +37,10 @@
   },
   "dependencies": {
     "@types/react": "^19.1.4",
+    "jose": "^5.10.0",
     "tslib": "^2.8.1",
-    "@asgardeo/node": "^0.0.8",
-    "@asgardeo/react": "^0.5.10"
+    "@asgardeo/node": "^0.0.9",
+    "@asgardeo/react": "^0.5.11"
   },
   "devDependencies": {
     "@types/node": "^22.15.3",
@@ -50,8 +51,8 @@
     "eslint": "8.57.0",
     "next": "^15.3.2",
     "prettier": "^2.6.2",
-    "rimraf": "^6.0.1",
     "react": "^19.1.0",
+    "rimraf": "^6.0.1",
     "typescript": "~5.7.2",
     "vitest": "^3.1.3"
   },