npm - @thunderid/nextjs - Versions diffs - 0.2.0 → 0.2.2 - Mend

@thunderid/nextjs 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (349) hide show

package/dist/models/api.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/models/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;CACd"}

package/dist/models/config.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/models/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,mBAAmB,EAAC,MAAM,iBAAiB,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,CAAC"}

package/dist/server/ThunderIDProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ThunderIDProvider.d.ts","sourceRoot":"","sources":["../../src/server/ThunderIDProvider.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAKH,OAAO,EAAC,sBAAsB,EAAC,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAC,EAAE,EAAE,iBAAiB,EAAe,MAAM,OAAO,CAAC;AAmB1D;;GAEG;AACH,MAAM,MAAM,4BAA4B,GAAG,OAAO,CAAC,sBAAsB,CAAC,GAAG;IAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;;;;;;;;OAYG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,QAAA,MAAM,uBAAuB,EAAE,EAAE,CAAC,iBAAiB,CAAC,4BAA4B,CAAC,CA0GhF,CAAC;AAEF,eAAe,uBAAuB,CAAC"}

package/dist/server/ThunderIDProvider.js ADDED Viewed

@@ -0,0 +1,111 @@
+'use server';
+import getSessionId_default from "./actions/getSessionId.js";
+import getClient_default from "./getClient.js";
+import logger_default from "../utils/logger.js";
+import clearSession_default from "./actions/clearSession.js";
+import getSessionPayload_default from "./actions/getSessionPayload.js";
+import getUserAction_default from "./actions/getUserAction.js";
+import getUserProfileAction_default from "./actions/getUserProfileAction.js";
+import handleOAuthCallbackAction_default from "./actions/handleOAuthCallbackAction.js";
+import isSignedIn_default from "./actions/isSignedIn.js";
+import refreshToken_default from "./actions/refreshToken.js";
+import signInAction_default from "./actions/signInAction.js";
+import signOutAction_default from "./actions/signOutAction.js";
+import signUpAction_default from "./actions/signUpAction.js";
+import updateUserProfileAction_default from "./actions/updateUserProfileAction.js";
+import ThunderIDProvider_default from "../client/contexts/ThunderID/ThunderIDProvider.js";
+import { ThunderIDRuntimeError } from "@thunderid/node";
+import { Fragment, jsx } from "react/jsx-runtime";
+//#region src/server/ThunderIDProvider.tsx
+/**
+* Server-side provider component for ThunderID authentication.
+* Wraps the client-side provider and handles server-side authentication logic.
+* Uses the singleton ThunderIDNextClient instance for consistent authentication state.
+*
+* @param props - Props injected into the component.
+*
+* @example
+* ```tsx
+* <ThunderIDServerProvider config={thunderidConfig}>
+*   <YourApp />
+* </ThunderIDServerProvider>
+* ```
+*
+* @returns ThunderIDServerProvider component.
+*/
+const ThunderIDServerProvider = async ({ children, afterSignInUrl, afterSignOutUrl,..._config }) => {
+	const thunderIDClient = getClient_default();
+	let config = {};
+	try {
+		await thunderIDClient.initialize(_config);
+		logger_default.debug("[ThunderIDServerProvider] ThunderID client initialized successfully.");
+		config = await thunderIDClient.getConfiguration();
+	} catch (error) {
+		logger_default.error("[ThunderIDServerProvider] Failed to initialize ThunderID client:", error?.toString());
+		throw new ThunderIDRuntimeError(`Failed to initialize ThunderID client: ${error?.toString()}`, "next-ConfigurationError-001", "next", "An error occurred while initializing the ThunderID client. Please check your configuration.");
+	}
+	if (!thunderIDClient.isInitialized) return /* @__PURE__ */ jsx(Fragment, {});
+	const sessionPayload = await getSessionPayload_default();
+	const sessionId = sessionPayload?.sessionId || await getSessionId_default() || "";
+	const signedIn = await isSignedIn_default(sessionId);
+	let user = {};
+	let userProfile = {
+		flattenedProfile: {},
+		profile: {},
+		schemas: []
+	};
+	if (signedIn) {
+		let updatedBaseUrl = config?.baseUrl;
+		if (sessionPayload?.organizationId) {
+			updatedBaseUrl = `${config?.baseUrl}/o`;
+			config = {
+				...config,
+				baseUrl: updatedBaseUrl
+			};
+		} else if (sessionId) try {
+			if ((await thunderIDClient.getDecodedIdToken(sessionId))?.["user_org"]) {
+				updatedBaseUrl = `${config?.baseUrl}/o`;
+				config = {
+					...config,
+					baseUrl: updatedBaseUrl
+				};
+			}
+		} catch {}
+		if (config?.preferences?.user?.fetchUserProfile !== false) try {
+			const userResponse = await getUserAction_default(sessionId);
+			const userProfileResponse = await getUserProfileAction_default(sessionId);
+			user = userResponse.data?.user || {};
+			userProfile = userProfileResponse.data?.userProfile ?? userProfile;
+		} catch (error) {
+			logger_default.warn("[ThunderIDServerProvider] Failed to fetch user profile from SCIM2:", error?.toString());
+		}
+	}
+	return /* @__PURE__ */ jsx(ThunderIDProvider_default, {
+		organizationHandle: config?.organizationHandle,
+		applicationId: config?.applicationId,
+		baseUrl: config?.baseUrl,
+		signIn: signInAction_default,
+		clearSession: clearSession_default,
+		refreshToken: refreshToken_default,
+		signOut: signOutAction_default,
+		signUp: signUpAction_default,
+		handleOAuthCallback: handleOAuthCallbackAction_default,
+		signInUrl: config?.signInUrl,
+		signUpUrl: config?.signUpUrl,
+		preferences: config?.preferences,
+		clientId: config?.clientId,
+		user,
+		userProfile,
+		updateProfile: updateUserProfileAction_default,
+		isSignedIn: signedIn,
+		children
+	});
+};
+var ThunderIDProvider_default$1 = ThunderIDServerProvider;
+//#endregion
+export { ThunderIDProvider_default$1 as default };
+//# sourceMappingURL=ThunderIDProvider.js.map

package/dist/server/ThunderIDProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ThunderIDProvider.js","names":["ThunderIDServerProvider: FC<PropsWithChildren<ThunderIDServerProviderProps>>","getClient","config: Partial<ThunderIDNextConfig>","sessionPayload: SessionTokenPayload | undefined","getSessionPayload","sessionId: string","getSessionId","signedIn: boolean","isSignedIn","user: User","userProfile: UserProfile","updatedBaseUrl: string | undefined","userResponse: {\n data: {user: User | null};\n error: string | null;\n success: boolean;\n }","getUserAction","userProfileResponse: {\n data: {userProfile: UserProfile};\n error: string | null;\n success: boolean;\n }","getUserProfileAction","ThunderIDClientProvider","signInAction","clearSession","refreshToken","signOutAction","signUpAction","handleOAuthCallbackAction","updateUserProfileAction"],"sources":["../../src/server/ThunderIDProvider.tsx"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {ThunderIDRuntimeError, IdToken, User, UserProfile} from '@thunderid/node';\nimport {ThunderIDProviderProps} from '@thunderid/react';\nimport {FC, PropsWithChildren, ReactElement} from 'react';\nimport clearSession from './actions/clearSession';\nimport getSessionId from './actions/getSessionId';\nimport getSessionPayload from './actions/getSessionPayload';\nimport getUserAction from './actions/getUserAction';\nimport getUserProfileAction from './actions/getUserProfileAction';\nimport handleOAuthCallbackAction from './actions/handleOAuthCallbackAction';\nimport isSignedIn from './actions/isSignedIn';\nimport refreshToken from './actions/refreshToken';\nimport signInAction from './actions/signInAction';\nimport signOutAction from './actions/signOutAction';\nimport signUpAction from './actions/signUpAction';\nimport updateUserProfileAction from './actions/updateUserProfileAction';\nimport getClient from './getClient';\nimport ThunderIDClientProvider from '../client/contexts/ThunderID/ThunderIDProvider.js';\nimport {ThunderIDNextConfig} from '../models/config';\nimport logger from '../utils/logger';\nimport {SessionTokenPayload} from '../utils/SessionManager';\n\n/**\n * Props interface of {@link ThunderIDServerProvider}\n */\nexport type ThunderIDServerProviderProps = Partial<ThunderIDProviderProps> & {\n clientSecret?: string;\n /**\n * Session cookie lifetime in seconds. Determines how long the session cookie\n * remains valid in the browser after sign-in.\n *\n * Resolution order (first defined value wins):\n * 1. This prop — set here when mounting the provider.\n * 2. `THUNDERID_SESSION_COOKIE_EXPIRY_TIME` environment variable.\n * 3. Built-in default of 86400 seconds (24 hours).\n *\n * @example\n * // 8-hour session cookie\n * <ThunderIDServerProvider sessionCookieExpiryTime={28800} ... />\n */\n sessionCookieExpiryTime?: number;\n};\n\n/**\n * Server-side provider component for ThunderID authentication.\n * Wraps the client-side provider and handles server-side authentication logic.\n * Uses the singleton ThunderIDNextClient instance for consistent authentication state.\n *\n * @param props - Props injected into the component.\n *\n * @example\n * ```tsx\n * <ThunderIDServerProvider config={thunderidConfig}>\n * <YourApp />\n * </ThunderIDServerProvider>\n * ```\n *\n * @returns ThunderIDServerProvider component.\n */\nconst ThunderIDServerProvider: FC<PropsWithChildren<ThunderIDServerProviderProps>> = async ({\n children,\n afterSignInUrl,\n afterSignOutUrl,\n ..._config\n}: PropsWithChildren<ThunderIDServerProviderProps>): Promise<ReactElement> => {\n const thunderIDClient = getClient();\n let config: Partial<ThunderIDNextConfig> = {};\n\n try {\n await thunderIDClient.initialize(_config as ThunderIDNextConfig);\n\n logger.debug('[ThunderIDServerProvider] ThunderID client initialized successfully.');\n\n config = await thunderIDClient.getConfiguration();\n } catch (error) {\n logger.error('[ThunderIDServerProvider] Failed to initialize ThunderID client:', error?.toString());\n\n throw new ThunderIDRuntimeError(\n `Failed to initialize ThunderID client: ${error?.toString()}`,\n 'next-ConfigurationError-001',\n 'next',\n 'An error occurred while initializing the ThunderID client. Please check your configuration.',\n );\n }\n\n if (!thunderIDClient.isInitialized) {\n return <></>;\n }\n\n // Try to get session information from JWT first, then fall back to legacy\n const sessionPayload: SessionTokenPayload | undefined = await getSessionPayload();\n const sessionId: string = sessionPayload?.sessionId || (await getSessionId()) || '';\n const signedIn: boolean = await isSignedIn(sessionId);\n\n let user: User = {};\n let userProfile: UserProfile = {\n flattenedProfile: {},\n profile: {},\n schemas: [],\n };\n if (signedIn) {\n let updatedBaseUrl: string | undefined = config?.baseUrl;\n\n if (sessionPayload?.organizationId) {\n updatedBaseUrl = `${config?.baseUrl}/o`;\n config = {...config, baseUrl: updatedBaseUrl};\n } else if (sessionId) {\n try {\n const idToken: IdToken = await thunderIDClient.getDecodedIdToken(sessionId);\n if (idToken?.['user_org']) {\n updatedBaseUrl = `${config?.baseUrl}/o`;\n config = {...config, baseUrl: updatedBaseUrl};\n }\n } catch {\n // Continue without organization info\n }\n }\n\n // Check if user profile fetching is enabled (default: true)\n const shouldFetchUserProfile: boolean = config?.preferences?.user?.fetchUserProfile !== false;\n\n if (shouldFetchUserProfile) {\n try {\n const userResponse: {\n data: {user: User | null};\n error: string | null;\n success: boolean;\n } = await getUserAction(sessionId);\n const userProfileResponse: {\n data: {userProfile: UserProfile};\n error: string | null;\n success: boolean;\n } = await getUserProfileAction(sessionId);\n\n user = userResponse.data?.user || {};\n userProfile = userProfileResponse.data?.userProfile ?? userProfile;\n } catch (error) {\n logger.warn('[ThunderIDServerProvider] Failed to fetch user profile from SCIM2:', error?.toString());\n }\n }\n }\n\n return (\n <ThunderIDClientProvider\n organizationHandle={config?.organizationHandle}\n applicationId={config?.applicationId}\n baseUrl={config?.baseUrl}\n signIn={signInAction}\n clearSession={clearSession}\n refreshToken={refreshToken}\n signOut={signOutAction}\n signUp={signUpAction}\n handleOAuthCallback={handleOAuthCallbackAction}\n signInUrl={config?.signInUrl}\n signUpUrl={config?.signUpUrl}\n preferences={config?.preferences}\n clientId={config?.clientId}\n user={user}\n userProfile={userProfile}\n updateProfile={updateUserProfileAction}\n isSignedIn={signedIn}\n >\n {children}\n </ThunderIDClientProvider>\n );\n};\n\nexport default ThunderIDServerProvider;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8EA,MAAMA,0BAA+E,OAAO,EAC1F,UACA,gBACA,gBACA,GAAG,cACyE;CAC5E,MAAM,kBAAkBC,mBAAW;CACnC,IAAIC,SAAuC,EAAE;AAE7C,KAAI;AACF,QAAM,gBAAgB,WAAW,QAA+B;AAEhE,iBAAO,MAAM,uEAAuE;AAEpF,WAAS,MAAM,gBAAgB,kBAAkB;UAC1C,OAAO;AACd,iBAAO,MAAM,oEAAoE,OAAO,UAAU,CAAC;AAEnG,QAAM,IAAI,sBACR,0CAA0C,OAAO,UAAU,IAC3D,+BACA,QACA,8FACD;;AAGH,KAAI,CAAC,gBAAgB,cACnB,QAAO,iCAAK;CAId,MAAMC,iBAAkD,MAAMC,2BAAmB;CACjF,MAAMC,YAAoB,gBAAgB,aAAc,MAAMC,sBAAc,IAAK;CACjF,MAAMC,WAAoB,MAAMC,mBAAW,UAAU;CAErD,IAAIC,OAAa,EAAE;CACnB,IAAIC,cAA2B;EAC7B,kBAAkB,EAAE;EACpB,SAAS,EAAE;EACX,SAAS,EAAE;EACZ;AACD,KAAI,UAAU;EACZ,IAAIC,iBAAqC,QAAQ;AAEjD,MAAI,gBAAgB,gBAAgB;AAClC,oBAAiB,GAAG,QAAQ,QAAQ;AACpC,YAAS;IAAC,GAAG;IAAQ,SAAS;IAAe;aACpC,UACT,KAAI;AAEF,QADyB,MAAM,gBAAgB,kBAAkB,UAAU,IAC7D,aAAa;AACzB,qBAAiB,GAAG,QAAQ,QAAQ;AACpC,aAAS;KAAC,GAAG;KAAQ,SAAS;KAAe;;UAEzC;AAQV,MAFwC,QAAQ,aAAa,MAAM,qBAAqB,MAGtF,KAAI;GACF,MAAMC,eAIF,MAAMC,sBAAc,UAAU;GAClC,MAAMC,sBAIF,MAAMC,6BAAqB,UAAU;AAEzC,UAAO,aAAa,MAAM,QAAQ,EAAE;AACpC,iBAAc,oBAAoB,MAAM,eAAe;WAChD,OAAO;AACd,kBAAO,KAAK,sEAAsE,OAAO,UAAU,CAAC;;;AAK1G,QACE,oBAACC;EACC,oBAAoB,QAAQ;EAC5B,eAAe,QAAQ;EACvB,SAAS,QAAQ;EACjB,QAAQC;EACR,cAAcC;EACd,cAAcC;EACd,SAASC;EACT,QAAQC;EACR,qBAAqBC;EACrB,WAAW,QAAQ;EACnB,WAAW,QAAQ;EACnB,aAAa,QAAQ;EACrB,UAAU,QAAQ;EACZ;EACO;EACb,eAAeC;EACf,YAAY;EAEX;GACuB;;AAI9B,kCAAe"}

package/dist/server/actions/clearSession.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"clearSession.d.ts","sourceRoot":"","sources":["../../../src/server/actions/clearSession.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAUH;;;;;;;;;;;;;;;;;;;GAmBG;AACH,QAAA,MAAM,YAAY,QAAa,OAAO,CAAC,IAAI,CAK1C,CAAC;AAEF,eAAe,YAAY,CAAC"}

package/dist/server/actions/clearSession.js ADDED Viewed

@@ -0,0 +1,39 @@
+'use server';
+import SessionManager_default from "../../utils/SessionManager.js";
+import logger_default from "../../utils/logger.js";
+import { cookies } from "next/headers";
+//#region src/server/actions/clearSession.ts
+/**
+* Deletes all ThunderID session cookies from the browser without contacting the
+* identity server.
+*
+* Use this for error-recovery scenarios where the local session must be wiped
+* immediately: refresh token failures, corrupt sessions, or forced local sign-out
+* when the identity server is unreachable.
+*
+* For a complete sign-out that also revokes the server-side session and obtains the
+* after-sign-out redirect URL, use `signOutAction` instead.
+*
+* @example
+* ```typescript
+* import { clearSession } from '@thunderid/nextjs/server';
+*
+* // Inside a Server Action or Route Handler:
+* await clearSession();
+* redirect('/sign-in');
+* ```
+*/
+const clearSession = async () => {
+	const cookieStore = await cookies();
+	cookieStore.delete(SessionManager_default.getSessionCookieName());
+	cookieStore.delete(SessionManager_default.getTempSessionCookieName());
+	logger_default.debug("[clearSession] Session cookies cleared.");
+};
+var clearSession_default = clearSession;
+//#endregion
+export { clearSession_default as default };
+//# sourceMappingURL=clearSession.js.map

package/dist/server/actions/clearSession.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"clearSession.js","names":["cookieStore: RequestCookies","SessionManager"],"sources":["../../../src/server/actions/clearSession.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport logger from '../../utils/logger';\nimport SessionManager from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Deletes all ThunderID session cookies from the browser without contacting the\n * identity server.\n *\n * Use this for error-recovery scenarios where the local session must be wiped\n * immediately: refresh token failures, corrupt sessions, or forced local sign-out\n * when the identity server is unreachable.\n *\n * For a complete sign-out that also revokes the server-side session and obtains the\n * after-sign-out redirect URL, use `signOutAction` instead.\n *\n * @example\n * ```typescript\n * import { clearSession } from '@thunderid/nextjs/server';\n *\n * // Inside a Server Action or Route Handler:\n * await clearSession();\n * redirect('/sign-in');\n * ```\n */\nconst clearSession = async (): Promise<void> => {\n const cookieStore: RequestCookies = await cookies();\n cookieStore.delete(SessionManager.getSessionCookieName());\n cookieStore.delete(SessionManager.getTempSessionCookieName());\n logger.debug('[clearSession] Session cookies cleared.');\n};\n\nexport default clearSession;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,MAAM,eAAe,YAA2B;CAC9C,MAAMA,cAA8B,MAAM,SAAS;AACnD,aAAY,OAAOC,uBAAe,sBAAsB,CAAC;AACzD,aAAY,OAAOA,uBAAe,0BAA0B,CAAC;AAC7D,gBAAO,MAAM,0CAA0C;;AAGzD,2BAAe"}

package/dist/server/actions/getAccessToken.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"getAccessToken.d.ts","sourceRoot":"","sources":["../../../src/server/actions/getAccessToken.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AASH;;;;GAIG;AACH,QAAA,MAAM,cAAc,QAAa,OAAO,CAAC,MAAM,GAAG,SAAS,CAgB1D,CAAC;AAEF,eAAe,cAAc,CAAC"}

package/dist/{getAccessToken-DCP_zasP.js → server/actions/getAccessToken.js} RENAMED Viewed

@@ -1,15 +1,17 @@
-import { v as __toESM } from "./dynamic-rendering-CkPpk5pF.js";
-import { n as require_headers, t as SessionManager_default } from "./SessionManager-BPpyyzfa.js";
+'use server';
+import SessionManager_default from "../../utils/SessionManager.js";
+import { cookies } from "next/headers";
 //#region src/server/actions/getAccessToken.ts
-var import_headers = /* @__PURE__ */ __toESM(require_headers(), 1);
 /**
 * Get the access token from the session cookie.
 *
 * @returns The access token if it exists, undefined otherwise
 */
 const getAccessToken = async () => {
-	const sessionToken = (await (0, import_headers.cookies)()).get(SessionManager_default.getSessionCookieName())?.value;
+	const sessionToken = (await cookies()).get(SessionManager_default.getSessionCookieName())?.value;
 	if (sessionToken) try {
 		return (await SessionManager_default.verifySessionToken(sessionToken))["accessToken"];
 	} catch (error) {
@@ -19,4 +21,5 @@ const getAccessToken = async () => {
 var getAccessToken_default = getAccessToken;
 //#endregion
-export { getAccessToken_default as default };
+export { getAccessToken_default as default };
+//# sourceMappingURL=getAccessToken.js.map

package/dist/server/actions/getAccessToken.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getAccessToken.js","names":["sessionToken: string | undefined","SessionManager"],"sources":["../../../src/server/actions/getAccessToken.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Get the access token from the session cookie.\n *\n * @returns The access token if it exists, undefined otherwise\n */\nconst getAccessToken = async (): Promise<string | undefined> => {\n const cookieStore: RequestCookies = await cookies();\n\n const sessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n\n if (sessionToken) {\n try {\n const sessionPayload: SessionTokenPayload = await SessionManager.verifySessionToken(sessionToken);\n\n return sessionPayload['accessToken'] as string;\n } catch (error) {\n return undefined;\n }\n }\n\n return undefined;\n};\n\nexport default getAccessToken;\n"],"mappings":";;;;;;;;;;;;AA8BA,MAAM,iBAAiB,YAAyC;CAG9D,MAAMA,gBAF8B,MAAM,SAAS,EAEE,IAAIC,uBAAe,sBAAsB,CAAC,EAAE;AAEjG,KAAI,aACF,KAAI;AAGF,UAF4C,MAAMA,uBAAe,mBAAmB,aAAa,EAE3E;UACf,OAAO;AACd;;;AAON,6BAAe"}

package/dist/server/actions/getClientOrigin.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"getClientOrigin.d.ts","sourceRoot":"","sources":["../../../src/server/actions/getClientOrigin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAOH,QAAA,MAAM,eAAe,QAAa,OAAO,CAAC,MAAM,CAK/C,CAAC;AAEF,eAAe,eAAe,CAAC"}

package/dist/server/actions/getClientOrigin.js ADDED Viewed

@@ -0,0 +1,16 @@
+'use server';
+import { headers } from "next/headers";
+//#region src/server/actions/getClientOrigin.ts
+const getClientOrigin = async () => {
+	const headersList = await headers();
+	const host = headersList.get("host");
+	return `${headersList.get("x-forwarded-proto") ?? "http"}://${host}`;
+};
+var getClientOrigin_default = getClientOrigin;
+//#endregion
+export { getClientOrigin_default as default };
+//# sourceMappingURL=getClientOrigin.js.map

package/dist/server/actions/getClientOrigin.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getClientOrigin.js","names":["headersList: ReadonlyHeaders","host: string | null"],"sources":["../../../src/server/actions/getClientOrigin.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {ReadonlyHeaders} from 'next/dist/server/web/spec-extension/adapters/headers';\nimport {headers} from 'next/headers';\n\nconst getClientOrigin = async (): Promise<string> => {\n const headersList: ReadonlyHeaders = await headers();\n const host: string | null = headersList.get('host');\n const protocol: string = headersList.get('x-forwarded-proto') ?? 'http';\n return `${protocol}://${host}`;\n};\n\nexport default getClientOrigin;\n"],"mappings":";;;;;;AAuBA,MAAM,kBAAkB,YAA6B;CACnD,MAAMA,cAA+B,MAAM,SAAS;CACpD,MAAMC,OAAsB,YAAY,IAAI,OAAO;AAEnD,QAAO,GADkB,YAAY,IAAI,oBAAoB,IAAI,OAC9C,KAAK;;AAG1B,8BAAe"}

package/dist/server/actions/getSessionId.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"getSessionId.d.ts","sourceRoot":"","sources":["../../../src/server/actions/getSessionId.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AASH;;;;;GAKG;AACH,QAAA,MAAM,YAAY,QAAa,OAAO,CAAC,MAAM,GAAG,SAAS,CAgBxD,CAAC;AAEF,eAAe,YAAY,CAAC"}

package/dist/{getSessionId-Ctmvpfgp.js → server/actions/getSessionId.js} RENAMED Viewed

@@ -1,8 +1,10 @@
-import { v as __toESM } from "./dynamic-rendering-CkPpk5pF.js";
-import { n as require_headers, t as SessionManager_default } from "./SessionManager-BPpyyzfa.js";
+'use server';
+import SessionManager_default from "../../utils/SessionManager.js";
+import { cookies } from "next/headers";
 //#region src/server/actions/getSessionId.ts
-var import_headers = /* @__PURE__ */ __toESM(require_headers(), 1);
 /**
 * Get the session ID from cookies.
 * Tries JWT session first, then falls back to legacy session ID.
@@ -10,7 +12,7 @@ var import_headers = /* @__PURE__ */ __toESM(require_headers(), 1);
 * @returns The session ID if it exists, undefined otherwise
 */
 const getSessionId = async () => {
-	const sessionToken = (await (0, import_headers.cookies)()).get(SessionManager_default.getSessionCookieName())?.value;
+	const sessionToken = (await cookies()).get(SessionManager_default.getSessionCookieName())?.value;
 	if (sessionToken) try {
 		return (await SessionManager_default.verifySessionToken(sessionToken)).sessionId;
 	} catch (error) {
@@ -20,4 +22,5 @@ const getSessionId = async () => {
 var getSessionId_default = getSessionId;
 //#endregion
-export { getSessionId_default as t };
+export { getSessionId_default as default };
+//# sourceMappingURL=getSessionId.js.map

package/dist/server/actions/getSessionId.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getSessionId.js","names":["sessionToken: string | undefined","SessionManager"],"sources":["../../../src/server/actions/getSessionId.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Get the session ID from cookies.\n * Tries JWT session first, then falls back to legacy session ID.\n *\n * @returns The session ID if it exists, undefined otherwise\n */\nconst getSessionId = async (): Promise<string | undefined> => {\n const cookieStore: RequestCookies = await cookies();\n\n const sessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n\n if (sessionToken) {\n try {\n const sessionPayload: SessionTokenPayload = await SessionManager.verifySessionToken(sessionToken);\n\n return sessionPayload.sessionId;\n } catch (error) {\n return undefined;\n }\n }\n\n return undefined;\n};\n\nexport default getSessionId;\n"],"mappings":";;;;;;;;;;;;;AA+BA,MAAM,eAAe,YAAyC;CAG5D,MAAMA,gBAF8B,MAAM,SAAS,EAEE,IAAIC,uBAAe,sBAAsB,CAAC,EAAE;AAEjG,KAAI,aACF,KAAI;AAGF,UAF4C,MAAMA,uBAAe,mBAAmB,aAAa,EAE3E;UACf,OAAO;AACd;;;AAON,2BAAe"}

package/dist/server/actions/getSessionPayload.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"getSessionPayload.d.ts","sourceRoot":"","sources":["../../../src/server/actions/getSessionPayload.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAKH,OAAuB,EAAC,mBAAmB,EAAC,MAAM,4BAA4B,CAAC;AAI/E;;;;;GAKG;AACH,QAAA,MAAM,iBAAiB,QAAa,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAa1E,CAAC;AAEF,eAAe,iBAAiB,CAAC"}

package/dist/server/actions/getSessionPayload.js ADDED Viewed

@@ -0,0 +1,27 @@
+'use server';
+import SessionManager_default from "../../utils/SessionManager.js";
+import { cookies } from "next/headers";
+//#region src/server/actions/getSessionPayload.ts
+/**
+* Get the session payload from JWT session cookie.
+* This includes user ID, session ID, scopes, and organization ID.
+*
+* @returns The session payload if valid JWT session exists, undefined otherwise
+*/
+const getSessionPayload = async () => {
+	const sessionToken = (await cookies()).get(SessionManager_default.getSessionCookieName())?.value;
+	if (!sessionToken) return;
+	try {
+		return await SessionManager_default.verifySessionToken(sessionToken);
+	} catch {
+		return;
+	}
+};
+var getSessionPayload_default = getSessionPayload;
+//#endregion
+export { getSessionPayload_default as default };
+//# sourceMappingURL=getSessionPayload.js.map

package/dist/server/actions/getSessionPayload.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getSessionPayload.js","names":["sessionToken: string | undefined","SessionManager"],"sources":["../../../src/server/actions/getSessionPayload.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Get the session payload from JWT session cookie.\n * This includes user ID, session ID, scopes, and organization ID.\n *\n * @returns The session payload if valid JWT session exists, undefined otherwise\n */\nconst getSessionPayload = async (): Promise<SessionTokenPayload | undefined> => {\n const cookieStore: RequestCookies = await cookies();\n\n const sessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n if (!sessionToken) {\n return undefined;\n }\n\n try {\n return await SessionManager.verifySessionToken(sessionToken);\n } catch {\n return undefined;\n }\n};\n\nexport default getSessionPayload;\n"],"mappings":";;;;;;;;;;;;;AA+BA,MAAM,oBAAoB,YAAsD;CAG9E,MAAMA,gBAF8B,MAAM,SAAS,EAEE,IAAIC,uBAAe,sBAAsB,CAAC,EAAE;AACjG,KAAI,CAAC,aACH;AAGF,KAAI;AACF,SAAO,MAAMA,uBAAe,mBAAmB,aAAa;SACtD;AACN;;;AAIJ,gCAAe"}

package/dist/server/actions/getUserAction.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getUserAction.d.ts","sourceRoot":"","sources":["../../../src/server/actions/getUserAction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAC,IAAI,EAAC,MAAM,iBAAiB,CAAC;AAGrC;;;GAGG;AACH,QAAA,MAAM,aAAa,GACjB,WAAW,MAAM,KAChB,OAAO,CAAC;IAAC,IAAI,EAAE;QAAC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;KAAC,CAAC;IAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAC,CAQ7E,CAAC;AAEF,eAAe,aAAa,CAAC"}

package/dist/server/actions/getUserAction.js ADDED Viewed

@@ -0,0 +1,30 @@
+'use server';
+import getClient_default from "../getClient.js";
+//#region src/server/actions/getUserAction.ts
+/**
+* Server action to get the current user.
+* Returns the user profile if signed in.
+*/
+const getUserAction = async (sessionId) => {
+	try {
+		return {
+			data: { user: await getClient_default().getUser(sessionId) },
+			error: null,
+			success: true
+		};
+	} catch (error) {
+		return {
+			data: { user: null },
+			error: "Failed to get user",
+			success: false
+		};
+	}
+};
+var getUserAction_default = getUserAction;
+//#endregion
+export { getUserAction_default as default };
+//# sourceMappingURL=getUserAction.js.map

package/dist/server/actions/getUserAction.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getUserAction.js","names":["getClient"],"sources":["../../../src/server/actions/getUserAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {User} from '@thunderid/node';\nimport getClient from '../getClient';\n\n/**\n * Server action to get the current user.\n * Returns the user profile if signed in.\n */\nconst getUserAction = async (\n sessionId: string,\n): Promise<{data: {user: User | null}; error: string | null; success: boolean}> => {\n try {\n const client = getClient();\n const user: User = await client.getUser(sessionId);\n return {data: {user}, error: null, success: true};\n } catch (error) {\n return {data: {user: null}, error: 'Failed to get user', success: false};\n }\n};\n\nexport default getUserAction;\n"],"mappings":";;;;;;;;;;AA2BA,MAAM,gBAAgB,OACpB,cACiF;AACjF,KAAI;AAGF,SAAO;GAAC,MAAM,EAAC,MADI,MADJA,mBAAW,CACM,QAAQ,UAAU,EAC9B;GAAE,OAAO;GAAM,SAAS;GAAK;UAC1C,OAAO;AACd,SAAO;GAAC,MAAM,EAAC,MAAM,MAAK;GAAE,OAAO;GAAsB,SAAS;GAAM;;;AAI5E,4BAAe"}

package/dist/server/actions/getUserProfileAction.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getUserProfileAction.d.ts","sourceRoot":"","sources":["../../../src/server/actions/getUserProfileAction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAC,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAG5C;;;GAGG;AACH,QAAA,MAAM,oBAAoB,GACxB,WAAW,MAAM,KAChB,OAAO,CAAC;IAAC,IAAI,EAAE;QAAC,WAAW,EAAE,WAAW,CAAA;KAAC,CAAC;IAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAC,CAkBpF,CAAC;AAEF,eAAe,oBAAoB,CAAC"}

package/dist/server/actions/getUserProfileAction.js ADDED Viewed

@@ -0,0 +1,34 @@
+'use server';
+import getClient_default from "../getClient.js";
+//#region src/server/actions/getUserProfileAction.ts
+/**
+* Server action to get the current user.
+* Returns the user profile if signed in.
+*/
+const getUserProfileAction = async (sessionId) => {
+	try {
+		return {
+			data: { userProfile: await getClient_default().getUserProfile(sessionId) },
+			error: null,
+			success: true
+		};
+	} catch (error) {
+		return {
+			data: { userProfile: {
+				flattenedProfile: {},
+				profile: {},
+				schemas: []
+			} },
+			error: "Failed to get user profile",
+			success: false
+		};
+	}
+};
+var getUserProfileAction_default = getUserProfileAction;
+//#endregion
+export { getUserProfileAction_default as default };
+//# sourceMappingURL=getUserProfileAction.js.map

package/dist/server/actions/getUserProfileAction.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getUserProfileAction.js","names":["getClient"],"sources":["../../../src/server/actions/getUserProfileAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {UserProfile} from '@thunderid/node';\nimport getClient from '../getClient';\n\n/**\n * Server action to get the current user.\n * Returns the user profile if signed in.\n */\nconst getUserProfileAction = async (\n sessionId: string,\n): Promise<{data: {userProfile: UserProfile}; error: string | null; success: boolean}> => {\n try {\n const client = getClient();\n const updatedProfile: UserProfile = await client.getUserProfile(sessionId);\n return {data: {userProfile: updatedProfile}, error: null, success: true};\n } catch (error) {\n return {\n data: {\n userProfile: {\n flattenedProfile: {},\n profile: {},\n schemas: [],\n },\n },\n error: 'Failed to get user profile',\n success: false,\n };\n }\n};\n\nexport default getUserProfileAction;\n"],"mappings":";;;;;;;;;;AA2BA,MAAM,uBAAuB,OAC3B,cACwF;AACxF,KAAI;AAGF,SAAO;GAAC,MAAM,EAAC,aADqB,MADrBA,mBAAW,CACuB,eAAe,UAAU,EAC/B;GAAE,OAAO;GAAM,SAAS;GAAK;UACjE,OAAO;AACd,SAAO;GACL,MAAM,EACJ,aAAa;IACX,kBAAkB,EAAE;IACpB,SAAS,EAAE;IACX,SAAS,EAAE;IACZ,EACF;GACD,OAAO;GACP,SAAS;GACV;;;AAIL,mCAAe"}

package/dist/server/actions/handleOAuthCallbackAction.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handleOAuthCallbackAction.d.ts","sourceRoot":"","sources":["../../../src/server/actions/handleOAuthCallbackAction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAaH;;;;;;;;;GASG;AACH,QAAA,MAAM,yBAAyB,GAC7B,MAAM,MAAM,EACZ,OAAO,MAAM,EACb,eAAe,MAAM,KACpB,OAAO,CAAC;IACT,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;CAClB,CAyHA,CAAC;AAEF,eAAe,yBAAyB,CAAC"}

package/dist/server/actions/handleOAuthCallbackAction.js ADDED Viewed

@@ -0,0 +1,87 @@
+'use server';
+import SessionManager_default from "../../utils/SessionManager.js";
+import getClient_default from "../getClient.js";
+import logger_default from "../../utils/logger.js";
+import { cookies } from "next/headers";
+//#region src/server/actions/handleOAuthCallbackAction.ts
+/**
+* Server action to handle OAuth callback with authorization code.
+* This action processes the authorization code received from the OAuth provider
+* and exchanges it for tokens to complete the authentication flow.
+*
+* @param code - Authorization code from OAuth provider
+* @param state - State parameter from OAuth provider for CSRF protection
+* @param sessionState - Session state parameter from OAuth provider
+* @returns Promise that resolves with success status and optional error message
+*/
+const handleOAuthCallbackAction = async (code, state, sessionState) => {
+	try {
+		if (!code || !state) return {
+			error: "Missing required OAuth parameters: code and state are required",
+			success: false
+		};
+		const thunderIDClient = getClient_default();
+		if (!thunderIDClient.isInitialized) return {
+			error: "ThunderID client is not initialized",
+			success: false
+		};
+		const cookieStore = await cookies();
+		let sessionId;
+		const tempSessionToken = cookieStore.get(SessionManager_default.getTempSessionCookieName())?.value;
+		if (tempSessionToken) try {
+			sessionId = (await SessionManager_default.verifyTempSession(tempSessionToken)).sessionId;
+		} catch {
+			logger_default.error("[handleOAuthCallbackAction] Invalid temporary session token, falling back to session ID from cookies.");
+		}
+		if (!sessionId) {
+			logger_default.error("[handleOAuthCallbackAction] No session ID found in cookies or temporary session token.");
+			return {
+				error: "No session found. Please start the authentication flow again.",
+				success: false
+			};
+		}
+		const signInResult = await thunderIDClient.signIn({
+			code,
+			session_state: sessionState,
+			state
+		}, {}, sessionId);
+		const config = await thunderIDClient.getConfiguration();
+		if (signInResult) try {
+			const idToken = await thunderIDClient.getDecodedIdToken(sessionId, signInResult["id_token"] || signInResult["idToken"]);
+			const accessToken = signInResult["accessToken"] || signInResult["access_token"];
+			const refreshToken = signInResult["refreshToken"] ?? "";
+			const userIdFromToken = idToken.sub || signInResult["sub"] || sessionId;
+			const scopes = signInResult["scope"];
+			const organizationId = idToken["user_org"] || idToken["organization_id"];
+			const expiresIn = signInResult["expiresIn"];
+			const sessionCookieExpiryTime = SessionManager_default.resolveSessionCookieExpiry(config.sessionCookie?.expiryTime);
+			const sessionToken = await SessionManager_default.createSessionToken(accessToken, userIdFromToken, sessionId, scopes, expiresIn, refreshToken, organizationId);
+			cookieStore.set(SessionManager_default.getSessionCookieName(), sessionToken, SessionManager_default.getSessionCookieOptions(sessionCookieExpiryTime));
+			cookieStore.delete(SessionManager_default.getTempSessionCookieName());
+		} catch (error) {
+			logger_default.error(`[handleOAuthCallbackAction] Failed to create JWT session, continuing with legacy session:
+          ${typeof error === "string" ? error : JSON.stringify(error)}`);
+		}
+		return {
+			redirectUrl: config.afterSignInUrl || "/",
+			success: true
+		};
+	} catch (error) {
+		let errorMessage = "Authentication failed";
+		if (error instanceof Error) errorMessage = error.message;
+		else if (error && typeof error === "object" && "message" in error) errorMessage = String(error.message);
+		else if (typeof error === "string") errorMessage = error;
+		return {
+			error: errorMessage,
+			success: false
+		};
+	}
+};
+var handleOAuthCallbackAction_default = handleOAuthCallbackAction;
+//#endregion
+export { handleOAuthCallbackAction_default as default };
+//# sourceMappingURL=handleOAuthCallbackAction.js.map

package/dist/server/actions/handleOAuthCallbackAction.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handleOAuthCallbackAction.js","names":["getClient","cookieStore: RequestCookies","sessionId: string | undefined","tempSessionToken: string | undefined","SessionManager","signInResult: Record<string, unknown>","config: ThunderIDNextConfig","idToken: IdToken","accessToken: string","refreshToken: string","userIdFromToken: string","scopes: string","organizationId: string | undefined","expiresIn: number","sessionCookieExpiryTime: number","sessionToken: string"],"sources":["../../../src/server/actions/handleOAuthCallbackAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {IdToken} from '@thunderid/node';\nimport {cookies} from 'next/headers';\nimport {ThunderIDNextConfig} from '../../models/config';\nimport logger from '../../utils/logger';\nimport SessionManager from '../../utils/SessionManager';\nimport getClient from '../getClient';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Server action to handle OAuth callback with authorization code.\n * This action processes the authorization code received from the OAuth provider\n * and exchanges it for tokens to complete the authentication flow.\n *\n * @param code - Authorization code from OAuth provider\n * @param state - State parameter from OAuth provider for CSRF protection\n * @param sessionState - Session state parameter from OAuth provider\n * @returns Promise that resolves with success status and optional error message\n */\nconst handleOAuthCallbackAction = async (\n code: string,\n state: string,\n sessionState?: string,\n): Promise<{\n error?: string;\n redirectUrl?: string;\n success: boolean;\n}> => {\n try {\n if (!code || !state) {\n return {\n error: 'Missing required OAuth parameters: code and state are required',\n success: false,\n };\n }\n\n const thunderIDClient = getClient();\n\n if (!thunderIDClient.isInitialized) {\n return {\n error: 'ThunderID client is not initialized',\n success: false,\n };\n }\n\n const cookieStore: RequestCookies = await cookies();\n let sessionId: string | undefined;\n\n const tempSessionToken: string | undefined = cookieStore.get(SessionManager.getTempSessionCookieName())?.value;\n\n if (tempSessionToken) {\n try {\n const tempSession: {sessionId: string} = await SessionManager.verifyTempSession(tempSessionToken);\n sessionId = tempSession.sessionId;\n } catch {\n logger.error(\n '[handleOAuthCallbackAction] Invalid temporary session token, falling back to session ID from cookies.',\n );\n }\n }\n\n if (!sessionId) {\n logger.error('[handleOAuthCallbackAction] No session ID found in cookies or temporary session token.');\n\n return {\n error: 'No session found. Please start the authentication flow again.',\n success: false,\n };\n }\n\n // Exchange the authorization code for tokens\n const signInResult: Record<string, unknown> = await thunderIDClient.signIn(\n {\n code,\n session_state: sessionState,\n state,\n } as any,\n {},\n sessionId,\n );\n\n const config: ThunderIDNextConfig = await thunderIDClient.getConfiguration();\n\n if (signInResult) {\n try {\n const idToken: IdToken = await thunderIDClient.getDecodedIdToken(\n sessionId,\n (signInResult['id_token'] || signInResult['idToken']) as string,\n );\n const accessToken: string = (signInResult['accessToken'] || signInResult['access_token']) as string;\n const refreshToken: string = (signInResult['refreshToken'] as string | undefined) ?? '';\n const userIdFromToken: string = (idToken.sub || signInResult['sub'] || sessionId) as string;\n const scopes: string = signInResult['scope'] as string;\n const organizationId: string | undefined = (idToken['user_org'] || idToken['organization_id']) as\n | string\n | undefined;\n const expiresIn: number = signInResult['expiresIn'] as number;\n const sessionCookieExpiryTime: number = SessionManager.resolveSessionCookieExpiry(\n config.sessionCookie?.expiryTime,\n );\n\n const sessionToken: string = await SessionManager.createSessionToken(\n accessToken,\n userIdFromToken,\n sessionId,\n scopes,\n expiresIn,\n refreshToken,\n organizationId,\n );\n\n cookieStore.set(\n SessionManager.getSessionCookieName(),\n sessionToken,\n SessionManager.getSessionCookieOptions(sessionCookieExpiryTime),\n );\n\n cookieStore.delete(SessionManager.getTempSessionCookieName());\n } catch (error) {\n logger.error(\n `[handleOAuthCallbackAction] Failed to create JWT session, continuing with legacy session:\n ${typeof error === 'string' ? error : JSON.stringify(error)}`,\n );\n }\n }\n\n const afterSignInUrl: string = config.afterSignInUrl || '/';\n\n return {\n redirectUrl: afterSignInUrl,\n success: true,\n };\n } catch (error) {\n let errorMessage = 'Authentication failed';\n\n if (error instanceof Error) {\n errorMessage = error.message;\n } else if (error && typeof error === 'object' && 'message' in error) {\n errorMessage = String((error as {message: unknown}).message);\n } else if (typeof error === 'string') {\n errorMessage = error;\n }\n\n return {\n error: errorMessage,\n success: false,\n };\n }\n};\n\nexport default handleOAuthCallbackAction;\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAuCA,MAAM,4BAA4B,OAChC,MACA,OACA,iBAKI;AACJ,KAAI;AACF,MAAI,CAAC,QAAQ,CAAC,MACZ,QAAO;GACL,OAAO;GACP,SAAS;GACV;EAGH,MAAM,kBAAkBA,mBAAW;AAEnC,MAAI,CAAC,gBAAgB,cACnB,QAAO;GACL,OAAO;GACP,SAAS;GACV;EAGH,MAAMC,cAA8B,MAAM,SAAS;EACnD,IAAIC;EAEJ,MAAMC,mBAAuC,YAAY,IAAIC,uBAAe,0BAA0B,CAAC,EAAE;AAEzG,MAAI,iBACF,KAAI;AAEF,gBADyC,MAAMA,uBAAe,kBAAkB,iBAAiB,EACzE;UAClB;AACN,kBAAO,MACL,wGACD;;AAIL,MAAI,CAAC,WAAW;AACd,kBAAO,MAAM,yFAAyF;AAEtG,UAAO;IACL,OAAO;IACP,SAAS;IACV;;EAIH,MAAMC,eAAwC,MAAM,gBAAgB,OAClE;GACE;GACA,eAAe;GACf;GACD,EACD,EAAE,EACF,UACD;EAED,MAAMC,SAA8B,MAAM,gBAAgB,kBAAkB;AAE5E,MAAI,aACF,KAAI;GACF,MAAMC,UAAmB,MAAM,gBAAgB,kBAC7C,WACC,aAAa,eAAe,aAAa,WAC3C;GACD,MAAMC,cAAuB,aAAa,kBAAkB,aAAa;GACzE,MAAMC,eAAwB,aAAa,mBAA0C;GACrF,MAAMC,kBAA2B,QAAQ,OAAO,aAAa,UAAU;GACvE,MAAMC,SAAiB,aAAa;GACpC,MAAMC,iBAAsC,QAAQ,eAAe,QAAQ;GAG3E,MAAMC,YAAoB,aAAa;GACvC,MAAMC,0BAAkCV,uBAAe,2BACrD,OAAO,eAAe,WACvB;GAED,MAAMW,eAAuB,MAAMX,uBAAe,mBAChD,aACA,iBACA,WACA,QACA,WACA,cACA,eACD;AAED,eAAY,IACVA,uBAAe,sBAAsB,EACrC,cACAA,uBAAe,wBAAwB,wBAAwB,CAChE;AAED,eAAY,OAAOA,uBAAe,0BAA0B,CAAC;WACtD,OAAO;AACd,kBAAO,MACL;YACE,OAAO,UAAU,WAAW,QAAQ,KAAK,UAAU,MAAM,GAC5D;;AAML,SAAO;GACL,aAH6B,OAAO,kBAAkB;GAItD,SAAS;GACV;UACM,OAAO;EACd,IAAI,eAAe;AAEnB,MAAI,iBAAiB,MACnB,gBAAe,MAAM;WACZ,SAAS,OAAO,UAAU,YAAY,aAAa,MAC5D,gBAAe,OAAQ,MAA6B,QAAQ;WACnD,OAAO,UAAU,SAC1B,gBAAe;AAGjB,SAAO;GACL,OAAO;GACP,SAAS;GACV;;;AAIL,wCAAe"}

package/dist/server/actions/isSignedIn.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"isSignedIn.d.ts","sourceRoot":"","sources":["../../../src/server/actions/isSignedIn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AASH;;;;;;;;;;;GAWG;AACH,QAAA,MAAM,UAAU,GAAU,YAAY,MAAM,KAAG,OAAO,CAAC,OAAO,CA0B7D,CAAC;AAEF,eAAe,UAAU,CAAC"}

package/dist/server/actions/isSignedIn.js ADDED Viewed

@@ -0,0 +1,40 @@
+'use server';
+import getSessionId_default from "./getSessionId.js";
+import getClient_default from "../getClient.js";
+import getSessionPayload_default from "./getSessionPayload.js";
+//#region src/server/actions/isSignedIn.ts
+/**
+* Check if the user is currently signed in.
+*
+* For JWT-based sessions: the session JWT exp claim is now tied to the access
+* token expiry. A successful jwtVerify (inside getSessionPayload) already proves
+* exp > now, so no separate timestamp comparison is needed here.
+*
+* Falls back to the legacy SDK in-memory check when no JWT session cookie exists.
+*
+* @param sessionId - Optional session ID (used only for the legacy fallback path)
+* @returns True if the user is signed in with a valid, non-expired token
+*/
+const isSignedIn = async (sessionId) => {
+	try {
+		if (await getSessionPayload_default()) return true;
+		const resolvedSessionId = sessionId || await getSessionId_default();
+		if (!resolvedSessionId) return false;
+		const client = getClient_default();
+		try {
+			return !!await client.getAccessToken(resolvedSessionId);
+		} catch {
+			return false;
+		}
+	} catch {
+		return false;
+	}
+};
+var isSignedIn_default = isSignedIn;
+//#endregion
+export { isSignedIn_default as default };
+//# sourceMappingURL=isSignedIn.js.map

package/dist/server/actions/isSignedIn.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"isSignedIn.js","names":["getSessionPayload","resolvedSessionId: string | undefined","getSessionId","getClient"],"sources":["../../../src/server/actions/isSignedIn.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport getSessionId from './getSessionId';\nimport getSessionPayload from './getSessionPayload';\nimport {SessionTokenPayload} from '../../utils/SessionManager';\nimport getClient from '../getClient';\n\n/**\n * Check if the user is currently signed in.\n *\n * For JWT-based sessions: the session JWT exp claim is now tied to the access\n * token expiry. A successful jwtVerify (inside getSessionPayload) already proves\n * exp > now, so no separate timestamp comparison is needed here.\n *\n * Falls back to the legacy SDK in-memory check when no JWT session cookie exists.\n *\n * @param sessionId - Optional session ID (used only for the legacy fallback path)\n * @returns True if the user is signed in with a valid, non-expired token\n */\nconst isSignedIn = async (sessionId?: string): Promise<boolean> => {\n try {\n const sessionPayload: SessionTokenPayload | undefined = await getSessionPayload();\n\n if (sessionPayload) {\n return true;\n }\n\n // No JWT session — fall back to the legacy SDK in-memory store check.\n const resolvedSessionId: string | undefined = sessionId || (await getSessionId());\n\n if (!resolvedSessionId) {\n return false;\n }\n\n const client = getClient();\n\n try {\n const accessToken: string = await client.getAccessToken(resolvedSessionId);\n return !!accessToken;\n } catch {\n return false;\n }\n } catch {\n return false;\n }\n};\n\nexport default isSignedIn;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAqCA,MAAM,aAAa,OAAO,cAAyC;AACjE,KAAI;AAGF,MAFwD,MAAMA,2BAAmB,CAG/E,QAAO;EAIT,MAAMC,oBAAwC,aAAc,MAAMC,sBAAc;AAEhF,MAAI,CAAC,kBACH,QAAO;EAGT,MAAM,SAASC,mBAAW;AAE1B,MAAI;AAEF,UAAO,CAAC,CADoB,MAAM,OAAO,eAAe,kBAAkB;UAEpE;AACN,UAAO;;SAEH;AACN,SAAO;;;AAIX,yBAAe"}

package/dist/server/actions/refreshToken.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"refreshToken.d.ts","sourceRoot":"","sources":["../../../src/server/actions/refreshToken.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAaH;;;;;;;;;;GAUG;AACH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;GAUG;AACH,QAAA,MAAM,YAAY,QAAa,OAAO,CAAC,aAAa,CAmEnD,CAAC;AAEF,eAAe,YAAY,CAAC"}