@thunderid/nextjs 0.0.1

package/dist/types/server/middleware/thunderIDMiddleware.d.ts

@@ -0,0 +1,93 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import { ThunderIDNextConfig } from '../../models/config';
+import { SessionTokenPayload } from '../../utils/SessionManager';
+export type ThunderIDMiddlewareOptions = Partial<ThunderIDNextConfig>;
+export interface ThunderIDMiddlewareContext {
+    /** Get the session payload from JWT session if available */
+    getSession: () => Promise<SessionTokenPayload | undefined>;
+    /** Get the session ID from the current request */
+    getSessionId: () => string | undefined;
+    /** Check if the current request has a valid ThunderID session */
+    isSignedIn: () => boolean;
+    /**
+     * Protect a route by redirecting unauthenticated users.
+     * Redirect URL fallback order:
+     * 1. options.redirect
+     * 2. resolvedOptions.signInUrl
+     * 3. resolvedOptions.defaultRedirect
+     * 4. referer (if from same origin)
+     * If none are available, falls back to '/'.
+     */
+    protectRoute: (routeOptions?: {
+        redirect?: string;
+    }) => Promise<NextResponse | void>;
+}
+type ThunderIDMiddlewareHandler = (thunderid: ThunderIDMiddlewareContext, req: NextRequest) => Promise<NextResponse | void> | NextResponse | void;
+/**
+ * ThunderID middleware that integrates authentication into your Next.js application.
+ * Similar to Clerk's clerkMiddleware pattern.
+ *
+ * Proactively refreshes the access token when it is within REFRESH_BUFFER_SECONDS of
+ * expiry so that Server Components always receive a fresh session. The refresh also
+ * recovers expired tokens as long as a refresh token is present.
+ *
+ * The updated session cookie is written to:
+ *   - The response  → browser stores the new cookie for subsequent requests.
+ *   - The forwarded request headers → the same-request Server Component render sees
+ *     the fresh token immediately without waiting for the next navigation.
+ *
+ * Token refresh requires baseUrl, clientId, and clientSecret. These are resolved from
+ * the options argument first, then from the standard ThunderID environment variables
+ * (NEXT_PUBLIC_ASGARDEO_BASE_URL, NEXT_PUBLIC_ASGARDEO_CLIENT_ID,
+ * ASGARDEO_CLIENT_SECRET). If none are available the refresh step is skipped silently.
+ *
+ * @param handler - Optional handler function to customize middleware behavior
+ * @param options - Configuration options for the middleware
+ * @returns Next.js middleware function
+ *
+ * @example
+ * ```typescript
+ * // middleware.ts - Basic usage (config read from env vars automatically)
+ * import { thunderIDMiddleware } from '@thunderid/nextjs';
+ *
+ * export default thunderIDMiddleware();
+ *
+ * export const config = {
+ *   matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
+ * };
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // With route protection
+ * import { thunderIDMiddleware, createRouteMatcher } from '@thunderid/nextjs';
+ *
+ * const isProtectedRoute = createRouteMatcher(['/dashboard(.*)']);
+ *
+ * export default thunderIDMiddleware(async (thunderid, req) => {
+ *   if (isProtectedRoute(req)) {
+ *     await thunderid.protectRoute();
+ *   }
+ * });
+ * ```
+ */
+declare const thunderIDMiddleware: (handler?: ThunderIDMiddlewareHandler, options?: ThunderIDMiddlewareOptions | ((req: NextRequest) => ThunderIDMiddlewareOptions)) => ((request: NextRequest) => Promise<NextResponse>);
+export default thunderIDMiddleware;
+//# sourceMappingURL=thunderIDMiddleware.d.ts.map

package/dist/types/server/middleware/thunderIDMiddleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"thunderIDMiddleware.d.ts","sourceRoot":"","sources":["../../../../src/server/middleware/thunderIDMiddleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,WAAW,EAAE,YAAY,EAAC,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAC,mBAAmB,EAAC,MAAM,qBAAqB,CAAC;AAGxD,OAAuB,EAAC,mBAAmB,EAAC,MAAM,4BAA4B,CAAC;AAG/E,MAAM,MAAM,0BAA0B,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAEtE,MAAM,WAAW,0BAA0B;IACzC,4DAA4D;IAC5D,UAAU,EAAE,MAAM,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC,CAAC;IAC3D,kDAAkD;IAClD,YAAY,EAAE,MAAM,MAAM,GAAG,SAAS,CAAC;IACvC,iEAAiE;IACjE,UAAU,EAAE,MAAM,OAAO,CAAC;IAC1B;;;;;;;;OAQG;IACH,YAAY,EAAE,CAAC,YAAY,CAAC,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;CACpF;AAED,KAAK,0BAA0B,GAAG,CAChC,SAAS,EAAE,0BAA0B,EACrC,GAAG,EAAE,WAAW,KACb,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,YAAY,GAAG,IAAI,CAAC;AA4CxD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AACH,QAAA,MAAM,mBAAmB,GAErB,UAAU,0BAA0B,EACpC,UAAU,0BAA0B,GAAG,CAAC,CAAC,GAAG,EAAE,WAAW,KAAK,0BAA0B,CAAC,KACxF,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAqMlD,CAAC;AAEJ,eAAe,mBAAmB,CAAC"}

package/dist/types/server/thunderid.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { TokenExchangeRequestConfig, TokenResponse } from '@thunderid/node';
+import { ThunderIDNextConfig } from '../models/config';
+declare const thunderid: () => Promise<{
+    exchangeToken: (config: TokenExchangeRequestConfig, sessionId: string) => Promise<TokenResponse | Response>;
+    getAccessToken: (sessionId: string) => Promise<string>;
+    getSessionId: () => Promise<string | undefined>;
+    reInitialize: (config: Partial<ThunderIDNextConfig>) => Promise<boolean>;
+}>;
+export default thunderid;
+//# sourceMappingURL=thunderid.d.ts.map

package/dist/types/server/thunderid.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"thunderid.d.ts","sourceRoot":"","sources":["../../../src/server/thunderid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,0BAA0B,EAAE,aAAa,EAAC,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAC,mBAAmB,EAAC,MAAM,kBAAkB,CAAC;AAGrD,QAAA,MAAM,SAAS,QAAa,OAAO,CAAC;IAClC,aAAa,EAAE,CAAC,MAAM,EAAE,0BAA0B,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;IAC5G,cAAc,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACvD,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IAChD,YAAY,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1E,CA2BA,CAAC;AAEF,eAAe,SAAS,CAAC"}

package/dist/types/utils/SessionManager.d.ts

@@ -0,0 +1,115 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { JWTPayload } from 'jose';
+/**
+ * Session token payload interface
+ */
+export interface SessionTokenPayload extends JWTPayload {
+    /** Expiration timestamp — doubles as the access token expiry (JWT exp == access token exp) */
+    exp: number;
+    /** Issued at timestamp */
+    iat: number;
+    /** Organization ID if applicable */
+    organizationId?: string;
+    /** The refresh token; empty string if not provided by the auth server */
+    refreshToken: string;
+    /** OAuth scopes */
+    scopes: string[];
+    /** Session ID */
+    sessionId: string;
+    /** User ID */
+    sub: string;
+    /** Token type discriminant — must be 'session' for access-session JWTs */
+    type: 'session';
+}
+/**
+ * Session management utility class for JWT-based session cookies
+ */
+declare class SessionManager {
+    /**
+     * Get the signing secret from environment variable
+     * Throws error in production if not set
+     */
+    private static getSecret;
+    /**
+     * Create a temporary session cookie for login initiation
+     */
+    static createTempSession(sessionId: string): Promise<string>;
+    /**
+     * Resolve the session cookie expiry time in seconds.
+     *
+     * Resolution order (first defined value wins):
+     *   1. `configuredExpiry` — value from `ThunderIDNodeConfig.sessionCookieExpiryTime`
+     *   2. `ASGARDEO_SESSION_COOKIE_EXPIRY_TIME` environment variable
+     *   3. `DEFAULT_SESSION_COOKIE_EXPIRY_TIME` (24 hours)
+     */
+    static resolveSessionCookieExpiry(configuredExpiry?: number): number;
+    static createSessionToken(accessToken: string, userId: string, sessionId: string, scopes: string, accessTokenTtlSeconds: number, refreshToken: string, organizationId?: string): Promise<string>;
+    /**
+     * Verify and decode a session token
+     */
+    static verifySessionToken(token: string): Promise<SessionTokenPayload>;
+    /**
+     * Verify a session token for refresh. Validates the HMAC signature and the
+     * `type === 'session'` discriminant but intentionally skips the `exp` check
+     * so an expired access token can still be exchanged for a new one.
+     *
+     * Session lifetime is still bounded — the cookie's `maxAge` is set from
+     * `sessionCookieExpiryTime`, so the browser drops an over-age session regardless
+     * of the access-token exp embedded in the JWT.
+     *
+     * Never use the returned payload for authorization.
+     */
+    static verifySessionTokenForRefresh(token: string): Promise<SessionTokenPayload>;
+    /**
+     * Verify and decode a temporary session token
+     */
+    static verifyTempSession(token: string): Promise<{
+        sessionId: string;
+    }>;
+    /**
+     * Get session cookie options
+     */
+    static getSessionCookieOptions(maxAge: number): {
+        httpOnly: boolean;
+        maxAge: number;
+        path: string;
+        sameSite: 'lax';
+        secure: boolean;
+    };
+    /**
+     * Get temporary session cookie options
+     */
+    static getTempSessionCookieOptions(): {
+        httpOnly: boolean;
+        maxAge: number;
+        path: string;
+        sameSite: 'lax';
+        secure: boolean;
+    };
+    /**
+     * Get session cookie name
+     */
+    static getSessionCookieName(): string;
+    /**
+     * Get temporary session cookie name
+     */
+    static getTempSessionCookieName(): string;
+}
+export default SessionManager;
+//# sourceMappingURL=SessionManager.d.ts.map

package/dist/types/utils/SessionManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionManager.d.ts","sourceRoot":"","sources":["../../../src/utils/SessionManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAoC,UAAU,EAAC,MAAM,MAAM,CAAC;AAGnE;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,UAAU;IACrD,8FAA8F;IAC9F,GAAG,EAAE,MAAM,CAAC;IACZ,0BAA0B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,oCAAoC;IACpC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,0EAA0E;IAC1E,IAAI,EAAE,SAAS,CAAC;CACjB;AAED;;GAEG;AACH,cAAM,cAAc;IAClB;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAqBxB;;OAEG;WACU,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAelE;;;;;;;OAOG;IACH,MAAM,CAAC,0BAA0B,CAAC,gBAAgB,CAAC,EAAE,MAAM,GAAG,MAAM;WAkBvD,kBAAkB,CAC7B,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,qBAAqB,EAAE,MAAM,EAC7B,YAAY,EAAE,MAAM,EACpB,cAAc,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,MAAM,CAAC;IAoBlB;;OAEG;WACU,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAoB5E;;;;;;;;;;OAUG;WACU,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAqBtF;;OAEG;WACU,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAC,CAAC;IAoB3E;;OAEG;IACH,MAAM,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG;QAC9C,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,KAAK,CAAC;QAChB,MAAM,EAAE,OAAO,CAAC;KACjB;IAUD;;OAEG;IACH,MAAM,CAAC,2BAA2B,IAAI;QACpC,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,KAAK,CAAC;QAChB,MAAM,EAAE,OAAO,CAAC;KACjB;IAUD;;OAEG;IACH,MAAM,CAAC,oBAAoB,IAAI,MAAM;IAIrC;;OAEG;IACH,MAAM,CAAC,wBAAwB,IAAI,MAAM;CAG1C;AAED,eAAe,cAAc,CAAC"}

package/dist/types/utils/createRouteMatcher.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { NextRequest } from 'next/server';
+/**
+ * Creates a route matcher function that tests if a request matches any of the given patterns.
+ *
+ * @param patterns - Array of route patterns to match. Supports glob-like patterns.
+ * @returns Function that tests if a request matches any of the patterns
+ *
+ * @example
+ * ```typescript
+ * const isProtectedRoute = createRouteMatcher([
+ *   '/dashboard(.*)',
+ *   '/admin(.*)',
+ *   '/profile'
+ * ]);
+ *
+ * if (isProtectedRoute(req)) {
+ *   // Route is protected
+ * }
+ * ```
+ */
+export declare const createRouteMatcher: (patterns: string[]) => ((req: NextRequest) => boolean);
+//# sourceMappingURL=createRouteMatcher.d.ts.map

package/dist/types/utils/createRouteMatcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createRouteMatcher.d.ts","sourceRoot":"","sources":["../../../src/utils/createRouteMatcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,WAAW,EAAC,MAAM,aAAa,CAAC;AAExC;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,kBAAkB,GAAI,UAAU,MAAM,EAAE,KAAG,CAAC,CAAC,GAAG,EAAE,WAAW,KAAK,OAAO,CAerF,CAAC"}

package/dist/types/utils/decorateConfigWithNextEnv.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { ThunderIDNextConfig } from '../models/config';
+declare const decorateConfigWithNextEnv: (config: ThunderIDNextConfig) => ThunderIDNextConfig;
+export default decorateConfigWithNextEnv;
+//# sourceMappingURL=decorateConfigWithNextEnv.d.ts.map

package/dist/types/utils/decorateConfigWithNextEnv.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decorateConfigWithNextEnv.d.ts","sourceRoot":"","sources":["../../../src/utils/decorateConfigWithNextEnv.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,mBAAmB,EAAC,MAAM,kBAAkB,CAAC;AAErD,QAAA,MAAM,yBAAyB,GAAI,QAAQ,mBAAmB,KAAG,mBAkChE,CAAC;AAEF,eAAe,yBAAyB,CAAC"}

package/dist/types/utils/handleRefreshToken.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import type { TokenResponse } from '@thunderid/node';
+import { SessionTokenPayload } from './SessionManager';
+/**
+ * Config required to call the token endpoint.
+ */
+export interface HandleRefreshTokenConfig {
+    baseUrl: string;
+    clientId: string;
+    clientSecret: string;
+    sessionCookieExpiryTime?: number;
+}
+/**
+ * Result returned by handleRefreshToken.
+ * Callers are responsible for persisting newSessionToken in the appropriate cookie context.
+ */
+export interface HandleRefreshTokenResult {
+    newSessionToken: string;
+    sessionCookieExpiryTime: number;
+    tokenResponse: TokenResponse;
+}
+/**
+ * Handles the OAuth refresh_token grant and builds a new session JWT string.
+ *
+ * Intentionally decoupled from cookie APIs so it can be called from both the Edge
+ * Runtime (Next.js middleware) and the Node.js Runtime (server actions).
+ * Cookie persistence is the caller's responsibility.
+ */
+declare const handleRefreshToken: (sessionPayload: SessionTokenPayload, config: HandleRefreshTokenConfig) => Promise<HandleRefreshTokenResult>;
+export default handleRefreshToken;
+//# sourceMappingURL=handleRefreshToken.d.ts.map

package/dist/types/utils/handleRefreshToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handleRefreshToken.d.ts","sourceRoot":"","sources":["../../../src/utils/handleRefreshToken.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,iBAAiB,CAAC;AACnD,OAAuB,EAAC,mBAAmB,EAAC,MAAM,kBAAkB,CAAC;AAErE;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC;AAED;;;GAGG;AACH,MAAM,WAAW,wBAAwB;IACvC,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,aAAa,EAAE,aAAa,CAAC;CAC9B;AAED;;;;;;GAMG;AACH,QAAA,MAAM,kBAAkB,GACtB,gBAAgB,mBAAmB,EACnC,QAAQ,wBAAwB,KAC/B,OAAO,CAAC,wBAAwB,CA2ElC,CAAC;AAEF,eAAe,kBAAkB,CAAC"}

package/dist/types/utils/logger.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+declare const logger: any;
+export default logger;
+//# sourceMappingURL=logger.d.ts.map

package/dist/types/utils/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,QAAA,MAAM,MAAM,EAAE,GAEZ,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/dist/types/utils/sessionUtils.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { NextRequest } from 'next/server';
+import { SessionTokenPayload } from './SessionManager';
+/**
+ * Checks if a request has a valid session cookie (JWT).
+ * This verifies the JWT signature and expiration.
+ *
+ * @param request - The Next.js request object
+ * @returns True if a valid session exists, false otherwise
+ */
+export declare const hasValidSession: (request: NextRequest) => Promise<boolean>;
+/**
+ * Gets the session payload from the request cookies.
+ * This includes user ID, session ID, and scopes.
+ *
+ * @param request - The Next.js request object
+ * @returns The session payload if valid, undefined otherwise
+ */
+export declare const getSessionFromRequest: (request: NextRequest) => Promise<SessionTokenPayload | undefined>;
+/**
+ * Gets the session ID from the request cookies (legacy support).
+ * First tries to get from JWT session, then falls back to legacy session ID cookie.
+ *
+ * @param request - The Next.js request object
+ * @returns The session ID if it exists, undefined otherwise
+ */
+export declare const getSessionIdFromRequest: (request: NextRequest) => Promise<string | undefined>;
+/**
+ * Gets the temporary session ID from request cookies.
+ *
+ * @param request - The Next.js request object
+ * @returns The temporary session ID if valid, undefined otherwise
+ */
+export declare const getTempSessionFromRequest: (request: NextRequest) => Promise<string | undefined>;
+//# sourceMappingURL=sessionUtils.d.ts.map

package/dist/types/utils/sessionUtils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessionUtils.d.ts","sourceRoot":"","sources":["../../../src/utils/sessionUtils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,WAAW,EAAC,MAAM,aAAa,CAAC;AACxC,OAAuB,EAAC,mBAAmB,EAAC,MAAM,kBAAkB,CAAC;AAErE;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAU,SAAS,WAAW,KAAG,OAAO,CAAC,OAAO,CAY3E,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,GAAU,SAAS,WAAW,KAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAWzG,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,GAAU,SAAS,WAAW,KAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAY9F,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB,GAAU,SAAS,WAAW,KAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAYhG,CAAC"}

package/package.json

@@ -0,0 +1,85 @@
+{
+  "name": "@thunderid/nextjs",
+  "version": "0.0.1",
+  "description": "Next.js SDK for ThunderID",
+  "keywords": [
+    "thunderid",
+    "next.js",
+    "react",
+    "ssr"
+  ],
+  "homepage": "https://github.com/thunder-id/thunderid/tree/main/packages/next#readme",
+  "bugs": {
+    "url": "https://github.com/thunder-id/thunderid/issues"
+  },
+  "author": "WSO2",
+  "license": "Apache-2.0",
+  "type": "module",
+  "main": "dist/cjs/index.cjs",
+  "module": "dist/index.js",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/cjs/index.cjs"
+    },
+    "./server": {
+      "types": "./dist/server/index.d.ts",
+      "import": "./dist/server/index.js",
+      "require": "./dist/cjs/server/index.cjs"
+    },
+    "./middleware": {
+      "types": "./dist/middleware.d.ts",
+      "edge-light": "./dist/middleware.js",
+      "import": "./dist/middleware.js",
+      "require": "./dist/cjs/middleware.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "types": "dist/index.d.ts",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/thunder-id/thunderid",
+    "directory": "packages/next"
+  },
+  "dependencies": {
+    "@types/react": "19.2.14",
+    "jose": "5.2.0",
+    "tslib": "2.8.1",
+    "@thunderid/node": "^0.0.0",
+    "@thunderid/react": "^0.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "24.7.2",
+    "eslint": "9.39.4",
+    "next": "15.5.18",
+    "prettier": "3.6.2",
+    "react": "19.2.3",
+    "rimraf": "6.1.3",
+    "rolldown": "1.0.0-beta.45",
+    "typescript": "5.9.3",
+    "vitest": "4.1.3",
+    "@thunderid/eslint-plugin": "^0.0.0",
+    "@thunderid/prettier-config": "^0.0.0"
+  },
+  "peerDependencies": {
+    "next": ">=15.5.18",
+    "react": ">=16.8.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "pnpm clean && rolldown -c rolldown.config.js && tsc -p tsconfig.lib.json --emitDeclarationOnly --outDir dist",
+    "clean": "rimraf dist",
+    "format:check": "prettier --check --cache .",
+    "format:fix": "prettier --write --cache .",
+    "lint": "eslint . --ext .js,.jsx,.ts,.tsx,.cjs,.mjs",
+    "lint:fix": "eslint . --fix --ext .js,.jsx,.ts,.tsx,.cjs,.mjs",
+    "test": "vitest"
+  }
+}