npm - @thunderid/nextjs - Versions diffs - 0.2.1 → 0.2.2 - Mend

@thunderid/nextjs 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (349) hide show

package/dist/cjs/server/ThunderIDProvider.cjs ADDED Viewed

@@ -0,0 +1,114 @@
+'use server';
+const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+const require_getSessionId = require('./actions/getSessionId.cjs');
+const require_getClient = require('./getClient.cjs');
+const require_logger = require('../utils/logger.cjs');
+const require_clearSession = require('./actions/clearSession.cjs');
+const require_getSessionPayload = require('./actions/getSessionPayload.cjs');
+const require_getUserAction = require('./actions/getUserAction.cjs');
+const require_getUserProfileAction = require('./actions/getUserProfileAction.cjs');
+const require_handleOAuthCallbackAction = require('./actions/handleOAuthCallbackAction.cjs');
+const require_isSignedIn = require('./actions/isSignedIn.cjs');
+const require_refreshToken = require('./actions/refreshToken.cjs');
+const require_signInAction = require('./actions/signInAction.cjs');
+const require_signOutAction = require('./actions/signOutAction.cjs');
+const require_signUpAction = require('./actions/signUpAction.cjs');
+const require_updateUserProfileAction = require('./actions/updateUserProfileAction.cjs');
+const require_ThunderIDProvider = require('../client/contexts/ThunderID/ThunderIDProvider.cjs');
+let __thunderid_node = require("@thunderid/node");
+__thunderid_node = require_rolldown_runtime.__toESM(__thunderid_node);
+let react_jsx_runtime = require("react/jsx-runtime");
+react_jsx_runtime = require_rolldown_runtime.__toESM(react_jsx_runtime);
+//#region src/server/ThunderIDProvider.tsx
+/**
+* Server-side provider component for ThunderID authentication.
+* Wraps the client-side provider and handles server-side authentication logic.
+* Uses the singleton ThunderIDNextClient instance for consistent authentication state.
+*
+* @param props - Props injected into the component.
+*
+* @example
+* ```tsx
+* <ThunderIDServerProvider config={thunderidConfig}>
+*   <YourApp />
+* </ThunderIDServerProvider>
+* ```
+*
+* @returns ThunderIDServerProvider component.
+*/
+const ThunderIDServerProvider = async ({ children, afterSignInUrl, afterSignOutUrl,..._config }) => {
+	const thunderIDClient = require_getClient.default();
+	let config = {};
+	try {
+		await thunderIDClient.initialize(_config);
+		require_logger.default.debug("[ThunderIDServerProvider] ThunderID client initialized successfully.");
+		config = await thunderIDClient.getConfiguration();
+	} catch (error) {
+		require_logger.default.error("[ThunderIDServerProvider] Failed to initialize ThunderID client:", error?.toString());
+		throw new __thunderid_node.ThunderIDRuntimeError(`Failed to initialize ThunderID client: ${error?.toString()}`, "next-ConfigurationError-001", "next", "An error occurred while initializing the ThunderID client. Please check your configuration.");
+	}
+	if (!thunderIDClient.isInitialized) return /* @__PURE__ */ (0, react_jsx_runtime.jsx)(react_jsx_runtime.Fragment, {});
+	const sessionPayload = await require_getSessionPayload.default();
+	const sessionId = sessionPayload?.sessionId || await require_getSessionId.default() || "";
+	const signedIn = await require_isSignedIn.default(sessionId);
+	let user = {};
+	let userProfile = {
+		flattenedProfile: {},
+		profile: {},
+		schemas: []
+	};
+	if (signedIn) {
+		let updatedBaseUrl = config?.baseUrl;
+		if (sessionPayload?.organizationId) {
+			updatedBaseUrl = `${config?.baseUrl}/o`;
+			config = {
+				...config,
+				baseUrl: updatedBaseUrl
+			};
+		} else if (sessionId) try {
+			if ((await thunderIDClient.getDecodedIdToken(sessionId))?.["user_org"]) {
+				updatedBaseUrl = `${config?.baseUrl}/o`;
+				config = {
+					...config,
+					baseUrl: updatedBaseUrl
+				};
+			}
+		} catch {}
+		if (config?.preferences?.user?.fetchUserProfile !== false) try {
+			const userResponse = await require_getUserAction.default(sessionId);
+			const userProfileResponse = await require_getUserProfileAction.default(sessionId);
+			user = userResponse.data?.user || {};
+			userProfile = userProfileResponse.data?.userProfile ?? userProfile;
+		} catch (error) {
+			require_logger.default.warn("[ThunderIDServerProvider] Failed to fetch user profile from SCIM2:", error?.toString());
+		}
+	}
+	return /* @__PURE__ */ (0, react_jsx_runtime.jsx)(require_ThunderIDProvider.default, {
+		organizationHandle: config?.organizationHandle,
+		applicationId: config?.applicationId,
+		baseUrl: config?.baseUrl,
+		signIn: require_signInAction.default,
+		clearSession: require_clearSession.default,
+		refreshToken: require_refreshToken.default,
+		signOut: require_signOutAction.default,
+		signUp: require_signUpAction.default,
+		handleOAuthCallback: require_handleOAuthCallbackAction.default,
+		signInUrl: config?.signInUrl,
+		signUpUrl: config?.signUpUrl,
+		preferences: config?.preferences,
+		clientId: config?.clientId,
+		user,
+		userProfile,
+		updateProfile: require_updateUserProfileAction.default,
+		isSignedIn: signedIn,
+		children
+	});
+};
+var ThunderIDProvider_default$1 = ThunderIDServerProvider;
+//#endregion
+exports.default = ThunderIDProvider_default$1;
+//# sourceMappingURL=ThunderIDProvider.cjs.map

package/dist/cjs/server/ThunderIDProvider.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ThunderIDProvider.cjs","names":["ThunderIDServerProvider: FC<PropsWithChildren<ThunderIDServerProviderProps>>","getClient","config: Partial<ThunderIDNextConfig>","ThunderIDRuntimeError","sessionPayload: SessionTokenPayload | undefined","getSessionPayload","sessionId: string","getSessionId","signedIn: boolean","isSignedIn","user: User","userProfile: UserProfile","updatedBaseUrl: string | undefined","userResponse: {\n data: {user: User | null};\n error: string | null;\n success: boolean;\n }","getUserAction","userProfileResponse: {\n data: {userProfile: UserProfile};\n error: string | null;\n success: boolean;\n }","getUserProfileAction","ThunderIDClientProvider","signInAction","clearSession","refreshToken","signOutAction","signUpAction","handleOAuthCallbackAction","updateUserProfileAction"],"sources":["../../../src/server/ThunderIDProvider.tsx"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {ThunderIDRuntimeError, IdToken, User, UserProfile} from '@thunderid/node';\nimport {ThunderIDProviderProps} from '@thunderid/react';\nimport {FC, PropsWithChildren, ReactElement} from 'react';\nimport clearSession from './actions/clearSession';\nimport getSessionId from './actions/getSessionId';\nimport getSessionPayload from './actions/getSessionPayload';\nimport getUserAction from './actions/getUserAction';\nimport getUserProfileAction from './actions/getUserProfileAction';\nimport handleOAuthCallbackAction from './actions/handleOAuthCallbackAction';\nimport isSignedIn from './actions/isSignedIn';\nimport refreshToken from './actions/refreshToken';\nimport signInAction from './actions/signInAction';\nimport signOutAction from './actions/signOutAction';\nimport signUpAction from './actions/signUpAction';\nimport updateUserProfileAction from './actions/updateUserProfileAction';\nimport getClient from './getClient';\nimport ThunderIDClientProvider from '../client/contexts/ThunderID/ThunderIDProvider.js';\nimport {ThunderIDNextConfig} from '../models/config';\nimport logger from '../utils/logger';\nimport {SessionTokenPayload} from '../utils/SessionManager';\n\n/**\n * Props interface of {@link ThunderIDServerProvider}\n */\nexport type ThunderIDServerProviderProps = Partial<ThunderIDProviderProps> & {\n clientSecret?: string;\n /**\n * Session cookie lifetime in seconds. Determines how long the session cookie\n * remains valid in the browser after sign-in.\n *\n * Resolution order (first defined value wins):\n * 1. This prop — set here when mounting the provider.\n * 2. `THUNDERID_SESSION_COOKIE_EXPIRY_TIME` environment variable.\n * 3. Built-in default of 86400 seconds (24 hours).\n *\n * @example\n * // 8-hour session cookie\n * <ThunderIDServerProvider sessionCookieExpiryTime={28800} ... />\n */\n sessionCookieExpiryTime?: number;\n};\n\n/**\n * Server-side provider component for ThunderID authentication.\n * Wraps the client-side provider and handles server-side authentication logic.\n * Uses the singleton ThunderIDNextClient instance for consistent authentication state.\n *\n * @param props - Props injected into the component.\n *\n * @example\n * ```tsx\n * <ThunderIDServerProvider config={thunderidConfig}>\n * <YourApp />\n * </ThunderIDServerProvider>\n * ```\n *\n * @returns ThunderIDServerProvider component.\n */\nconst ThunderIDServerProvider: FC<PropsWithChildren<ThunderIDServerProviderProps>> = async ({\n children,\n afterSignInUrl,\n afterSignOutUrl,\n ..._config\n}: PropsWithChildren<ThunderIDServerProviderProps>): Promise<ReactElement> => {\n const thunderIDClient = getClient();\n let config: Partial<ThunderIDNextConfig> = {};\n\n try {\n await thunderIDClient.initialize(_config as ThunderIDNextConfig);\n\n logger.debug('[ThunderIDServerProvider] ThunderID client initialized successfully.');\n\n config = await thunderIDClient.getConfiguration();\n } catch (error) {\n logger.error('[ThunderIDServerProvider] Failed to initialize ThunderID client:', error?.toString());\n\n throw new ThunderIDRuntimeError(\n `Failed to initialize ThunderID client: ${error?.toString()}`,\n 'next-ConfigurationError-001',\n 'next',\n 'An error occurred while initializing the ThunderID client. Please check your configuration.',\n );\n }\n\n if (!thunderIDClient.isInitialized) {\n return <></>;\n }\n\n // Try to get session information from JWT first, then fall back to legacy\n const sessionPayload: SessionTokenPayload | undefined = await getSessionPayload();\n const sessionId: string = sessionPayload?.sessionId || (await getSessionId()) || '';\n const signedIn: boolean = await isSignedIn(sessionId);\n\n let user: User = {};\n let userProfile: UserProfile = {\n flattenedProfile: {},\n profile: {},\n schemas: [],\n };\n if (signedIn) {\n let updatedBaseUrl: string | undefined = config?.baseUrl;\n\n if (sessionPayload?.organizationId) {\n updatedBaseUrl = `${config?.baseUrl}/o`;\n config = {...config, baseUrl: updatedBaseUrl};\n } else if (sessionId) {\n try {\n const idToken: IdToken = await thunderIDClient.getDecodedIdToken(sessionId);\n if (idToken?.['user_org']) {\n updatedBaseUrl = `${config?.baseUrl}/o`;\n config = {...config, baseUrl: updatedBaseUrl};\n }\n } catch {\n // Continue without organization info\n }\n }\n\n // Check if user profile fetching is enabled (default: true)\n const shouldFetchUserProfile: boolean = config?.preferences?.user?.fetchUserProfile !== false;\n\n if (shouldFetchUserProfile) {\n try {\n const userResponse: {\n data: {user: User | null};\n error: string | null;\n success: boolean;\n } = await getUserAction(sessionId);\n const userProfileResponse: {\n data: {userProfile: UserProfile};\n error: string | null;\n success: boolean;\n } = await getUserProfileAction(sessionId);\n\n user = userResponse.data?.user || {};\n userProfile = userProfileResponse.data?.userProfile ?? userProfile;\n } catch (error) {\n logger.warn('[ThunderIDServerProvider] Failed to fetch user profile from SCIM2:', error?.toString());\n }\n }\n }\n\n return (\n <ThunderIDClientProvider\n organizationHandle={config?.organizationHandle}\n applicationId={config?.applicationId}\n baseUrl={config?.baseUrl}\n signIn={signInAction}\n clearSession={clearSession}\n refreshToken={refreshToken}\n signOut={signOutAction}\n signUp={signUpAction}\n handleOAuthCallback={handleOAuthCallbackAction}\n signInUrl={config?.signInUrl}\n signUpUrl={config?.signUpUrl}\n preferences={config?.preferences}\n clientId={config?.clientId}\n user={user}\n userProfile={userProfile}\n updateProfile={updateUserProfileAction}\n isSignedIn={signedIn}\n >\n {children}\n </ThunderIDClientProvider>\n );\n};\n\nexport default ThunderIDServerProvider;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8EA,MAAMA,0BAA+E,OAAO,EAC1F,UACA,gBACA,gBACA,GAAG,cACyE;CAC5E,MAAM,kBAAkBC,2BAAW;CACnC,IAAIC,SAAuC,EAAE;AAE7C,KAAI;AACF,QAAM,gBAAgB,WAAW,QAA+B;AAEhE,yBAAO,MAAM,uEAAuE;AAEpF,WAAS,MAAM,gBAAgB,kBAAkB;UAC1C,OAAO;AACd,yBAAO,MAAM,oEAAoE,OAAO,UAAU,CAAC;AAEnG,QAAM,IAAIC,uCACR,0CAA0C,OAAO,UAAU,IAC3D,+BACA,QACA,8FACD;;AAGH,KAAI,CAAC,gBAAgB,cACnB,QAAO,0EAAK;CAId,MAAMC,iBAAkD,MAAMC,mCAAmB;CACjF,MAAMC,YAAoB,gBAAgB,aAAc,MAAMC,8BAAc,IAAK;CACjF,MAAMC,WAAoB,MAAMC,2BAAW,UAAU;CAErD,IAAIC,OAAa,EAAE;CACnB,IAAIC,cAA2B;EAC7B,kBAAkB,EAAE;EACpB,SAAS,EAAE;EACX,SAAS,EAAE;EACZ;AACD,KAAI,UAAU;EACZ,IAAIC,iBAAqC,QAAQ;AAEjD,MAAI,gBAAgB,gBAAgB;AAClC,oBAAiB,GAAG,QAAQ,QAAQ;AACpC,YAAS;IAAC,GAAG;IAAQ,SAAS;IAAe;aACpC,UACT,KAAI;AAEF,QADyB,MAAM,gBAAgB,kBAAkB,UAAU,IAC7D,aAAa;AACzB,qBAAiB,GAAG,QAAQ,QAAQ;AACpC,aAAS;KAAC,GAAG;KAAQ,SAAS;KAAe;;UAEzC;AAQV,MAFwC,QAAQ,aAAa,MAAM,qBAAqB,MAGtF,KAAI;GACF,MAAMC,eAIF,MAAMC,8BAAc,UAAU;GAClC,MAAMC,sBAIF,MAAMC,qCAAqB,UAAU;AAEzC,UAAO,aAAa,MAAM,QAAQ,EAAE;AACpC,iBAAc,oBAAoB,MAAM,eAAe;WAChD,OAAO;AACd,0BAAO,KAAK,sEAAsE,OAAO,UAAU,CAAC;;;AAK1G,QACE,2CAACC;EACC,oBAAoB,QAAQ;EAC5B,eAAe,QAAQ;EACvB,SAAS,QAAQ;EACjB,QAAQC;EACR,cAAcC;EACd,cAAcC;EACd,SAASC;EACT,QAAQC;EACR,qBAAqBC;EACrB,WAAW,QAAQ;EACnB,WAAW,QAAQ;EACnB,aAAa,QAAQ;EACrB,UAAU,QAAQ;EACZ;EACO;EACb,eAAeC;EACf,YAAY;EAEX;GACuB;;AAI9B,kCAAe"}

package/dist/cjs/server/actions/clearSession.cjs ADDED Viewed

@@ -0,0 +1,41 @@
+'use server';
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_SessionManager = require('../../utils/SessionManager.cjs');
+const require_logger = require('../../utils/logger.cjs');
+let next_headers = require("next/headers");
+next_headers = require_rolldown_runtime.__toESM(next_headers);
+//#region src/server/actions/clearSession.ts
+/**
+* Deletes all ThunderID session cookies from the browser without contacting the
+* identity server.
+*
+* Use this for error-recovery scenarios where the local session must be wiped
+* immediately: refresh token failures, corrupt sessions, or forced local sign-out
+* when the identity server is unreachable.
+*
+* For a complete sign-out that also revokes the server-side session and obtains the
+* after-sign-out redirect URL, use `signOutAction` instead.
+*
+* @example
+* ```typescript
+* import { clearSession } from '@thunderid/nextjs/server';
+*
+* // Inside a Server Action or Route Handler:
+* await clearSession();
+* redirect('/sign-in');
+* ```
+*/
+const clearSession = async () => {
+	const cookieStore = await (0, next_headers.cookies)();
+	cookieStore.delete(require_SessionManager.default.getSessionCookieName());
+	cookieStore.delete(require_SessionManager.default.getTempSessionCookieName());
+	require_logger.default.debug("[clearSession] Session cookies cleared.");
+};
+var clearSession_default = clearSession;
+//#endregion
+exports.default = clearSession_default;
+//# sourceMappingURL=clearSession.cjs.map

package/dist/cjs/server/actions/clearSession.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"clearSession.cjs","names":["cookieStore: RequestCookies","SessionManager"],"sources":["../../../../src/server/actions/clearSession.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport logger from '../../utils/logger';\nimport SessionManager from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Deletes all ThunderID session cookies from the browser without contacting the\n * identity server.\n *\n * Use this for error-recovery scenarios where the local session must be wiped\n * immediately: refresh token failures, corrupt sessions, or forced local sign-out\n * when the identity server is unreachable.\n *\n * For a complete sign-out that also revokes the server-side session and obtains the\n * after-sign-out redirect URL, use `signOutAction` instead.\n *\n * @example\n * ```typescript\n * import { clearSession } from '@thunderid/nextjs/server';\n *\n * // Inside a Server Action or Route Handler:\n * await clearSession();\n * redirect('/sign-in');\n * ```\n */\nconst clearSession = async (): Promise<void> => {\n const cookieStore: RequestCookies = await cookies();\n cookieStore.delete(SessionManager.getSessionCookieName());\n cookieStore.delete(SessionManager.getTempSessionCookieName());\n logger.debug('[clearSession] Session cookies cleared.');\n};\n\nexport default clearSession;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,MAAM,eAAe,YAA2B;CAC9C,MAAMA,cAA8B,iCAAe;AACnD,aAAY,OAAOC,+BAAe,sBAAsB,CAAC;AACzD,aAAY,OAAOA,+BAAe,0BAA0B,CAAC;AAC7D,wBAAO,MAAM,0CAA0C;;AAGzD,2BAAe"}

package/dist/cjs/server/actions/getAccessToken.cjs ADDED Viewed

@@ -0,0 +1,27 @@
+'use server';
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_SessionManager = require('../../utils/SessionManager.cjs');
+let next_headers = require("next/headers");
+next_headers = require_rolldown_runtime.__toESM(next_headers);
+//#region src/server/actions/getAccessToken.ts
+/**
+* Get the access token from the session cookie.
+*
+* @returns The access token if it exists, undefined otherwise
+*/
+const getAccessToken = async () => {
+	const sessionToken = (await (0, next_headers.cookies)()).get(require_SessionManager.default.getSessionCookieName())?.value;
+	if (sessionToken) try {
+		return (await require_SessionManager.default.verifySessionToken(sessionToken))["accessToken"];
+	} catch (error) {
+		return;
+	}
+};
+var getAccessToken_default = getAccessToken;
+//#endregion
+exports.default = getAccessToken_default;
+//# sourceMappingURL=getAccessToken.cjs.map

package/dist/cjs/server/actions/getAccessToken.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getAccessToken.cjs","names":["sessionToken: string | undefined","SessionManager"],"sources":["../../../../src/server/actions/getAccessToken.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Get the access token from the session cookie.\n *\n * @returns The access token if it exists, undefined otherwise\n */\nconst getAccessToken = async (): Promise<string | undefined> => {\n const cookieStore: RequestCookies = await cookies();\n\n const sessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n\n if (sessionToken) {\n try {\n const sessionPayload: SessionTokenPayload = await SessionManager.verifySessionToken(sessionToken);\n\n return sessionPayload['accessToken'] as string;\n } catch (error) {\n return undefined;\n }\n }\n\n return undefined;\n};\n\nexport default getAccessToken;\n"],"mappings":";;;;;;;;;;;;;;AA8BA,MAAM,iBAAiB,YAAyC;CAG9D,MAAMA,gBAF8B,iCAAe,EAEE,IAAIC,+BAAe,sBAAsB,CAAC,EAAE;AAEjG,KAAI,aACF,KAAI;AAGF,UAF4C,MAAMA,+BAAe,mBAAmB,aAAa,EAE3E;UACf,OAAO;AACd;;;AAON,6BAAe"}

package/dist/cjs/server/actions/getClientOrigin.cjs ADDED Viewed

@@ -0,0 +1,18 @@
+'use server';
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+let next_headers = require("next/headers");
+next_headers = require_rolldown_runtime.__toESM(next_headers);
+//#region src/server/actions/getClientOrigin.ts
+const getClientOrigin = async () => {
+	const headersList = await (0, next_headers.headers)();
+	const host = headersList.get("host");
+	return `${headersList.get("x-forwarded-proto") ?? "http"}://${host}`;
+};
+var getClientOrigin_default = getClientOrigin;
+//#endregion
+exports.default = getClientOrigin_default;
+//# sourceMappingURL=getClientOrigin.cjs.map

package/dist/cjs/server/actions/getClientOrigin.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getClientOrigin.cjs","names":["headersList: ReadonlyHeaders","host: string | null"],"sources":["../../../../src/server/actions/getClientOrigin.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {ReadonlyHeaders} from 'next/dist/server/web/spec-extension/adapters/headers';\nimport {headers} from 'next/headers';\n\nconst getClientOrigin = async (): Promise<string> => {\n const headersList: ReadonlyHeaders = await headers();\n const host: string | null = headersList.get('host');\n const protocol: string = headersList.get('x-forwarded-proto') ?? 'http';\n return `${protocol}://${host}`;\n};\n\nexport default getClientOrigin;\n"],"mappings":";;;;;;;;AAuBA,MAAM,kBAAkB,YAA6B;CACnD,MAAMA,cAA+B,iCAAe;CACpD,MAAMC,OAAsB,YAAY,IAAI,OAAO;AAEnD,QAAO,GADkB,YAAY,IAAI,oBAAoB,IAAI,OAC9C,KAAK;;AAG1B,8BAAe"}

package/dist/cjs/server/actions/getSessionId.cjs ADDED Viewed

@@ -0,0 +1,28 @@
+'use server';
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_SessionManager = require('../../utils/SessionManager.cjs');
+let next_headers = require("next/headers");
+next_headers = require_rolldown_runtime.__toESM(next_headers);
+//#region src/server/actions/getSessionId.ts
+/**
+* Get the session ID from cookies.
+* Tries JWT session first, then falls back to legacy session ID.
+*
+* @returns The session ID if it exists, undefined otherwise
+*/
+const getSessionId = async () => {
+	const sessionToken = (await (0, next_headers.cookies)()).get(require_SessionManager.default.getSessionCookieName())?.value;
+	if (sessionToken) try {
+		return (await require_SessionManager.default.verifySessionToken(sessionToken)).sessionId;
+	} catch (error) {
+		return;
+	}
+};
+var getSessionId_default = getSessionId;
+//#endregion
+exports.default = getSessionId_default;
+//# sourceMappingURL=getSessionId.cjs.map

package/dist/cjs/server/actions/getSessionId.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getSessionId.cjs","names":["sessionToken: string | undefined","SessionManager"],"sources":["../../../../src/server/actions/getSessionId.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Get the session ID from cookies.\n * Tries JWT session first, then falls back to legacy session ID.\n *\n * @returns The session ID if it exists, undefined otherwise\n */\nconst getSessionId = async (): Promise<string | undefined> => {\n const cookieStore: RequestCookies = await cookies();\n\n const sessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n\n if (sessionToken) {\n try {\n const sessionPayload: SessionTokenPayload = await SessionManager.verifySessionToken(sessionToken);\n\n return sessionPayload.sessionId;\n } catch (error) {\n return undefined;\n }\n }\n\n return undefined;\n};\n\nexport default getSessionId;\n"],"mappings":";;;;;;;;;;;;;;;AA+BA,MAAM,eAAe,YAAyC;CAG5D,MAAMA,gBAF8B,iCAAe,EAEE,IAAIC,+BAAe,sBAAsB,CAAC,EAAE;AAEjG,KAAI,aACF,KAAI;AAGF,UAF4C,MAAMA,+BAAe,mBAAmB,aAAa,EAE3E;UACf,OAAO;AACd;;;AAON,2BAAe"}

package/dist/cjs/server/actions/getSessionPayload.cjs ADDED Viewed

@@ -0,0 +1,29 @@
+'use server';
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_SessionManager = require('../../utils/SessionManager.cjs');
+let next_headers = require("next/headers");
+next_headers = require_rolldown_runtime.__toESM(next_headers);
+//#region src/server/actions/getSessionPayload.ts
+/**
+* Get the session payload from JWT session cookie.
+* This includes user ID, session ID, scopes, and organization ID.
+*
+* @returns The session payload if valid JWT session exists, undefined otherwise
+*/
+const getSessionPayload = async () => {
+	const sessionToken = (await (0, next_headers.cookies)()).get(require_SessionManager.default.getSessionCookieName())?.value;
+	if (!sessionToken) return;
+	try {
+		return await require_SessionManager.default.verifySessionToken(sessionToken);
+	} catch {
+		return;
+	}
+};
+var getSessionPayload_default = getSessionPayload;
+//#endregion
+exports.default = getSessionPayload_default;
+//# sourceMappingURL=getSessionPayload.cjs.map

package/dist/cjs/server/actions/getSessionPayload.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getSessionPayload.cjs","names":["sessionToken: string | undefined","SessionManager"],"sources":["../../../../src/server/actions/getSessionPayload.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Get the session payload from JWT session cookie.\n * This includes user ID, session ID, scopes, and organization ID.\n *\n * @returns The session payload if valid JWT session exists, undefined otherwise\n */\nconst getSessionPayload = async (): Promise<SessionTokenPayload | undefined> => {\n const cookieStore: RequestCookies = await cookies();\n\n const sessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n if (!sessionToken) {\n return undefined;\n }\n\n try {\n return await SessionManager.verifySessionToken(sessionToken);\n } catch {\n return undefined;\n }\n};\n\nexport default getSessionPayload;\n"],"mappings":";;;;;;;;;;;;;;;AA+BA,MAAM,oBAAoB,YAAsD;CAG9E,MAAMA,gBAF8B,iCAAe,EAEE,IAAIC,+BAAe,sBAAsB,CAAC,EAAE;AACjG,KAAI,CAAC,aACH;AAGF,KAAI;AACF,SAAO,MAAMA,+BAAe,mBAAmB,aAAa;SACtD;AACN;;;AAIJ,gCAAe"}

package/dist/cjs/server/actions/getUserAction.cjs ADDED Viewed

@@ -0,0 +1,30 @@
+'use server';
+const require_getClient = require('../getClient.cjs');
+//#region src/server/actions/getUserAction.ts
+/**
+* Server action to get the current user.
+* Returns the user profile if signed in.
+*/
+const getUserAction = async (sessionId) => {
+	try {
+		return {
+			data: { user: await require_getClient.default().getUser(sessionId) },
+			error: null,
+			success: true
+		};
+	} catch (error) {
+		return {
+			data: { user: null },
+			error: "Failed to get user",
+			success: false
+		};
+	}
+};
+var getUserAction_default = getUserAction;
+//#endregion
+exports.default = getUserAction_default;
+//# sourceMappingURL=getUserAction.cjs.map

package/dist/cjs/server/actions/getUserAction.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getUserAction.cjs","names":["getClient"],"sources":["../../../../src/server/actions/getUserAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {User} from '@thunderid/node';\nimport getClient from '../getClient';\n\n/**\n * Server action to get the current user.\n * Returns the user profile if signed in.\n */\nconst getUserAction = async (\n sessionId: string,\n): Promise<{data: {user: User | null}; error: string | null; success: boolean}> => {\n try {\n const client = getClient();\n const user: User = await client.getUser(sessionId);\n return {data: {user}, error: null, success: true};\n } catch (error) {\n return {data: {user: null}, error: 'Failed to get user', success: false};\n }\n};\n\nexport default getUserAction;\n"],"mappings":";;;;;;;;;;AA2BA,MAAM,gBAAgB,OACpB,cACiF;AACjF,KAAI;AAGF,SAAO;GAAC,MAAM,EAAC,MADI,MADJA,2BAAW,CACM,QAAQ,UAAU,EAC9B;GAAE,OAAO;GAAM,SAAS;GAAK;UAC1C,OAAO;AACd,SAAO;GAAC,MAAM,EAAC,MAAM,MAAK;GAAE,OAAO;GAAsB,SAAS;GAAM;;;AAI5E,4BAAe"}

package/dist/cjs/server/actions/getUserProfileAction.cjs ADDED Viewed

@@ -0,0 +1,34 @@
+'use server';
+const require_getClient = require('../getClient.cjs');
+//#region src/server/actions/getUserProfileAction.ts
+/**
+* Server action to get the current user.
+* Returns the user profile if signed in.
+*/
+const getUserProfileAction = async (sessionId) => {
+	try {
+		return {
+			data: { userProfile: await require_getClient.default().getUserProfile(sessionId) },
+			error: null,
+			success: true
+		};
+	} catch (error) {
+		return {
+			data: { userProfile: {
+				flattenedProfile: {},
+				profile: {},
+				schemas: []
+			} },
+			error: "Failed to get user profile",
+			success: false
+		};
+	}
+};
+var getUserProfileAction_default = getUserProfileAction;
+//#endregion
+exports.default = getUserProfileAction_default;
+//# sourceMappingURL=getUserProfileAction.cjs.map

package/dist/cjs/server/actions/getUserProfileAction.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getUserProfileAction.cjs","names":["getClient"],"sources":["../../../../src/server/actions/getUserProfileAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {UserProfile} from '@thunderid/node';\nimport getClient from '../getClient';\n\n/**\n * Server action to get the current user.\n * Returns the user profile if signed in.\n */\nconst getUserProfileAction = async (\n sessionId: string,\n): Promise<{data: {userProfile: UserProfile}; error: string | null; success: boolean}> => {\n try {\n const client = getClient();\n const updatedProfile: UserProfile = await client.getUserProfile(sessionId);\n return {data: {userProfile: updatedProfile}, error: null, success: true};\n } catch (error) {\n return {\n data: {\n userProfile: {\n flattenedProfile: {},\n profile: {},\n schemas: [],\n },\n },\n error: 'Failed to get user profile',\n success: false,\n };\n }\n};\n\nexport default getUserProfileAction;\n"],"mappings":";;;;;;;;;;AA2BA,MAAM,uBAAuB,OAC3B,cACwF;AACxF,KAAI;AAGF,SAAO;GAAC,MAAM,EAAC,aADqB,MADrBA,2BAAW,CACuB,eAAe,UAAU,EAC/B;GAAE,OAAO;GAAM,SAAS;GAAK;UACjE,OAAO;AACd,SAAO;GACL,MAAM,EACJ,aAAa;IACX,kBAAkB,EAAE;IACpB,SAAS,EAAE;IACX,SAAS,EAAE;IACZ,EACF;GACD,OAAO;GACP,SAAS;GACV;;;AAIL,mCAAe"}

package/dist/cjs/server/actions/handleOAuthCallbackAction.cjs ADDED Viewed

@@ -0,0 +1,89 @@
+'use server';
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_SessionManager = require('../../utils/SessionManager.cjs');
+const require_getClient = require('../getClient.cjs');
+const require_logger = require('../../utils/logger.cjs');
+let next_headers = require("next/headers");
+next_headers = require_rolldown_runtime.__toESM(next_headers);
+//#region src/server/actions/handleOAuthCallbackAction.ts
+/**
+* Server action to handle OAuth callback with authorization code.
+* This action processes the authorization code received from the OAuth provider
+* and exchanges it for tokens to complete the authentication flow.
+*
+* @param code - Authorization code from OAuth provider
+* @param state - State parameter from OAuth provider for CSRF protection
+* @param sessionState - Session state parameter from OAuth provider
+* @returns Promise that resolves with success status and optional error message
+*/
+const handleOAuthCallbackAction = async (code, state, sessionState) => {
+	try {
+		if (!code || !state) return {
+			error: "Missing required OAuth parameters: code and state are required",
+			success: false
+		};
+		const thunderIDClient = require_getClient.default();
+		if (!thunderIDClient.isInitialized) return {
+			error: "ThunderID client is not initialized",
+			success: false
+		};
+		const cookieStore = await (0, next_headers.cookies)();
+		let sessionId;
+		const tempSessionToken = cookieStore.get(require_SessionManager.default.getTempSessionCookieName())?.value;
+		if (tempSessionToken) try {
+			sessionId = (await require_SessionManager.default.verifyTempSession(tempSessionToken)).sessionId;
+		} catch {
+			require_logger.default.error("[handleOAuthCallbackAction] Invalid temporary session token, falling back to session ID from cookies.");
+		}
+		if (!sessionId) {
+			require_logger.default.error("[handleOAuthCallbackAction] No session ID found in cookies or temporary session token.");
+			return {
+				error: "No session found. Please start the authentication flow again.",
+				success: false
+			};
+		}
+		const signInResult = await thunderIDClient.signIn({
+			code,
+			session_state: sessionState,
+			state
+		}, {}, sessionId);
+		const config = await thunderIDClient.getConfiguration();
+		if (signInResult) try {
+			const idToken = await thunderIDClient.getDecodedIdToken(sessionId, signInResult["id_token"] || signInResult["idToken"]);
+			const accessToken = signInResult["accessToken"] || signInResult["access_token"];
+			const refreshToken = signInResult["refreshToken"] ?? "";
+			const userIdFromToken = idToken.sub || signInResult["sub"] || sessionId;
+			const scopes = signInResult["scope"];
+			const organizationId = idToken["user_org"] || idToken["organization_id"];
+			const expiresIn = signInResult["expiresIn"];
+			const sessionCookieExpiryTime = require_SessionManager.default.resolveSessionCookieExpiry(config.sessionCookie?.expiryTime);
+			const sessionToken = await require_SessionManager.default.createSessionToken(accessToken, userIdFromToken, sessionId, scopes, expiresIn, refreshToken, organizationId);
+			cookieStore.set(require_SessionManager.default.getSessionCookieName(), sessionToken, require_SessionManager.default.getSessionCookieOptions(sessionCookieExpiryTime));
+			cookieStore.delete(require_SessionManager.default.getTempSessionCookieName());
+		} catch (error) {
+			require_logger.default.error(`[handleOAuthCallbackAction] Failed to create JWT session, continuing with legacy session:
+          ${typeof error === "string" ? error : JSON.stringify(error)}`);
+		}
+		return {
+			redirectUrl: config.afterSignInUrl || "/",
+			success: true
+		};
+	} catch (error) {
+		let errorMessage = "Authentication failed";
+		if (error instanceof Error) errorMessage = error.message;
+		else if (error && typeof error === "object" && "message" in error) errorMessage = String(error.message);
+		else if (typeof error === "string") errorMessage = error;
+		return {
+			error: errorMessage,
+			success: false
+		};
+	}
+};
+var handleOAuthCallbackAction_default = handleOAuthCallbackAction;
+//#endregion
+exports.default = handleOAuthCallbackAction_default;
+//# sourceMappingURL=handleOAuthCallbackAction.cjs.map

package/dist/cjs/server/actions/handleOAuthCallbackAction.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handleOAuthCallbackAction.cjs","names":["getClient","cookieStore: RequestCookies","sessionId: string | undefined","tempSessionToken: string | undefined","SessionManager","signInResult: Record<string, unknown>","config: ThunderIDNextConfig","idToken: IdToken","accessToken: string","refreshToken: string","userIdFromToken: string","scopes: string","organizationId: string | undefined","expiresIn: number","sessionCookieExpiryTime: number","sessionToken: string"],"sources":["../../../../src/server/actions/handleOAuthCallbackAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {IdToken} from '@thunderid/node';\nimport {cookies} from 'next/headers';\nimport {ThunderIDNextConfig} from '../../models/config';\nimport logger from '../../utils/logger';\nimport SessionManager from '../../utils/SessionManager';\nimport getClient from '../getClient';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Server action to handle OAuth callback with authorization code.\n * This action processes the authorization code received from the OAuth provider\n * and exchanges it for tokens to complete the authentication flow.\n *\n * @param code - Authorization code from OAuth provider\n * @param state - State parameter from OAuth provider for CSRF protection\n * @param sessionState - Session state parameter from OAuth provider\n * @returns Promise that resolves with success status and optional error message\n */\nconst handleOAuthCallbackAction = async (\n code: string,\n state: string,\n sessionState?: string,\n): Promise<{\n error?: string;\n redirectUrl?: string;\n success: boolean;\n}> => {\n try {\n if (!code || !state) {\n return {\n error: 'Missing required OAuth parameters: code and state are required',\n success: false,\n };\n }\n\n const thunderIDClient = getClient();\n\n if (!thunderIDClient.isInitialized) {\n return {\n error: 'ThunderID client is not initialized',\n success: false,\n };\n }\n\n const cookieStore: RequestCookies = await cookies();\n let sessionId: string | undefined;\n\n const tempSessionToken: string | undefined = cookieStore.get(SessionManager.getTempSessionCookieName())?.value;\n\n if (tempSessionToken) {\n try {\n const tempSession: {sessionId: string} = await SessionManager.verifyTempSession(tempSessionToken);\n sessionId = tempSession.sessionId;\n } catch {\n logger.error(\n '[handleOAuthCallbackAction] Invalid temporary session token, falling back to session ID from cookies.',\n );\n }\n }\n\n if (!sessionId) {\n logger.error('[handleOAuthCallbackAction] No session ID found in cookies or temporary session token.');\n\n return {\n error: 'No session found. Please start the authentication flow again.',\n success: false,\n };\n }\n\n // Exchange the authorization code for tokens\n const signInResult: Record<string, unknown> = await thunderIDClient.signIn(\n {\n code,\n session_state: sessionState,\n state,\n } as any,\n {},\n sessionId,\n );\n\n const config: ThunderIDNextConfig = await thunderIDClient.getConfiguration();\n\n if (signInResult) {\n try {\n const idToken: IdToken = await thunderIDClient.getDecodedIdToken(\n sessionId,\n (signInResult['id_token'] || signInResult['idToken']) as string,\n );\n const accessToken: string = (signInResult['accessToken'] || signInResult['access_token']) as string;\n const refreshToken: string = (signInResult['refreshToken'] as string | undefined) ?? '';\n const userIdFromToken: string = (idToken.sub || signInResult['sub'] || sessionId) as string;\n const scopes: string = signInResult['scope'] as string;\n const organizationId: string | undefined = (idToken['user_org'] || idToken['organization_id']) as\n | string\n | undefined;\n const expiresIn: number = signInResult['expiresIn'] as number;\n const sessionCookieExpiryTime: number = SessionManager.resolveSessionCookieExpiry(\n config.sessionCookie?.expiryTime,\n );\n\n const sessionToken: string = await SessionManager.createSessionToken(\n accessToken,\n userIdFromToken,\n sessionId,\n scopes,\n expiresIn,\n refreshToken,\n organizationId,\n );\n\n cookieStore.set(\n SessionManager.getSessionCookieName(),\n sessionToken,\n SessionManager.getSessionCookieOptions(sessionCookieExpiryTime),\n );\n\n cookieStore.delete(SessionManager.getTempSessionCookieName());\n } catch (error) {\n logger.error(\n `[handleOAuthCallbackAction] Failed to create JWT session, continuing with legacy session:\n ${typeof error === 'string' ? error : JSON.stringify(error)}`,\n );\n }\n }\n\n const afterSignInUrl: string = config.afterSignInUrl || '/';\n\n return {\n redirectUrl: afterSignInUrl,\n success: true,\n };\n } catch (error) {\n let errorMessage = 'Authentication failed';\n\n if (error instanceof Error) {\n errorMessage = error.message;\n } else if (error && typeof error === 'object' && 'message' in error) {\n errorMessage = String((error as {message: unknown}).message);\n } else if (typeof error === 'string') {\n errorMessage = error;\n }\n\n return {\n error: errorMessage,\n success: false,\n };\n }\n};\n\nexport default handleOAuthCallbackAction;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAuCA,MAAM,4BAA4B,OAChC,MACA,OACA,iBAKI;AACJ,KAAI;AACF,MAAI,CAAC,QAAQ,CAAC,MACZ,QAAO;GACL,OAAO;GACP,SAAS;GACV;EAGH,MAAM,kBAAkBA,2BAAW;AAEnC,MAAI,CAAC,gBAAgB,cACnB,QAAO;GACL,OAAO;GACP,SAAS;GACV;EAGH,MAAMC,cAA8B,iCAAe;EACnD,IAAIC;EAEJ,MAAMC,mBAAuC,YAAY,IAAIC,+BAAe,0BAA0B,CAAC,EAAE;AAEzG,MAAI,iBACF,KAAI;AAEF,gBADyC,MAAMA,+BAAe,kBAAkB,iBAAiB,EACzE;UAClB;AACN,0BAAO,MACL,wGACD;;AAIL,MAAI,CAAC,WAAW;AACd,0BAAO,MAAM,yFAAyF;AAEtG,UAAO;IACL,OAAO;IACP,SAAS;IACV;;EAIH,MAAMC,eAAwC,MAAM,gBAAgB,OAClE;GACE;GACA,eAAe;GACf;GACD,EACD,EAAE,EACF,UACD;EAED,MAAMC,SAA8B,MAAM,gBAAgB,kBAAkB;AAE5E,MAAI,aACF,KAAI;GACF,MAAMC,UAAmB,MAAM,gBAAgB,kBAC7C,WACC,aAAa,eAAe,aAAa,WAC3C;GACD,MAAMC,cAAuB,aAAa,kBAAkB,aAAa;GACzE,MAAMC,eAAwB,aAAa,mBAA0C;GACrF,MAAMC,kBAA2B,QAAQ,OAAO,aAAa,UAAU;GACvE,MAAMC,SAAiB,aAAa;GACpC,MAAMC,iBAAsC,QAAQ,eAAe,QAAQ;GAG3E,MAAMC,YAAoB,aAAa;GACvC,MAAMC,0BAAkCV,+BAAe,2BACrD,OAAO,eAAe,WACvB;GAED,MAAMW,eAAuB,MAAMX,+BAAe,mBAChD,aACA,iBACA,WACA,QACA,WACA,cACA,eACD;AAED,eAAY,IACVA,+BAAe,sBAAsB,EACrC,cACAA,+BAAe,wBAAwB,wBAAwB,CAChE;AAED,eAAY,OAAOA,+BAAe,0BAA0B,CAAC;WACtD,OAAO;AACd,0BAAO,MACL;YACE,OAAO,UAAU,WAAW,QAAQ,KAAK,UAAU,MAAM,GAC5D;;AAML,SAAO;GACL,aAH6B,OAAO,kBAAkB;GAItD,SAAS;GACV;UACM,OAAO;EACd,IAAI,eAAe;AAEnB,MAAI,iBAAiB,MACnB,gBAAe,MAAM;WACZ,SAAS,OAAO,UAAU,YAAY,aAAa,MAC5D,gBAAe,OAAQ,MAA6B,QAAQ;WACnD,OAAO,UAAU,SAC1B,gBAAe;AAGjB,SAAO;GACL,OAAO;GACP,SAAS;GACV;;;AAIL,wCAAe"}

package/dist/cjs/server/actions/isSignedIn.cjs ADDED Viewed

@@ -0,0 +1,40 @@
+'use server';
+const require_getSessionId = require('./getSessionId.cjs');
+const require_getClient = require('../getClient.cjs');
+const require_getSessionPayload = require('./getSessionPayload.cjs');
+//#region src/server/actions/isSignedIn.ts
+/**
+* Check if the user is currently signed in.
+*
+* For JWT-based sessions: the session JWT exp claim is now tied to the access
+* token expiry. A successful jwtVerify (inside getSessionPayload) already proves
+* exp > now, so no separate timestamp comparison is needed here.
+*
+* Falls back to the legacy SDK in-memory check when no JWT session cookie exists.
+*
+* @param sessionId - Optional session ID (used only for the legacy fallback path)
+* @returns True if the user is signed in with a valid, non-expired token
+*/
+const isSignedIn = async (sessionId) => {
+	try {
+		if (await require_getSessionPayload.default()) return true;
+		const resolvedSessionId = sessionId || await require_getSessionId.default();
+		if (!resolvedSessionId) return false;
+		const client = require_getClient.default();
+		try {
+			return !!await client.getAccessToken(resolvedSessionId);
+		} catch {
+			return false;
+		}
+	} catch {
+		return false;
+	}
+};
+var isSignedIn_default = isSignedIn;
+//#endregion
+exports.default = isSignedIn_default;
+//# sourceMappingURL=isSignedIn.cjs.map

package/dist/cjs/server/actions/isSignedIn.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"isSignedIn.cjs","names":["getSessionPayload","resolvedSessionId: string | undefined","getSessionId","getClient"],"sources":["../../../../src/server/actions/isSignedIn.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport getSessionId from './getSessionId';\nimport getSessionPayload from './getSessionPayload';\nimport {SessionTokenPayload} from '../../utils/SessionManager';\nimport getClient from '../getClient';\n\n/**\n * Check if the user is currently signed in.\n *\n * For JWT-based sessions: the session JWT exp claim is now tied to the access\n * token expiry. A successful jwtVerify (inside getSessionPayload) already proves\n * exp > now, so no separate timestamp comparison is needed here.\n *\n * Falls back to the legacy SDK in-memory check when no JWT session cookie exists.\n *\n * @param sessionId - Optional session ID (used only for the legacy fallback path)\n * @returns True if the user is signed in with a valid, non-expired token\n */\nconst isSignedIn = async (sessionId?: string): Promise<boolean> => {\n try {\n const sessionPayload: SessionTokenPayload | undefined = await getSessionPayload();\n\n if (sessionPayload) {\n return true;\n }\n\n // No JWT session — fall back to the legacy SDK in-memory store check.\n const resolvedSessionId: string | undefined = sessionId || (await getSessionId());\n\n if (!resolvedSessionId) {\n return false;\n }\n\n const client = getClient();\n\n try {\n const accessToken: string = await client.getAccessToken(resolvedSessionId);\n return !!accessToken;\n } catch {\n return false;\n }\n } catch {\n return false;\n }\n};\n\nexport default isSignedIn;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAqCA,MAAM,aAAa,OAAO,cAAyC;AACjE,KAAI;AAGF,MAFwD,MAAMA,mCAAmB,CAG/E,QAAO;EAIT,MAAMC,oBAAwC,aAAc,MAAMC,8BAAc;AAEhF,MAAI,CAAC,kBACH,QAAO;EAGT,MAAM,SAASC,2BAAW;AAE1B,MAAI;AAEF,UAAO,CAAC,CADoB,MAAM,OAAO,eAAe,kBAAkB;UAEpE;AACN,UAAO;;SAEH;AACN,SAAO;;;AAIX,yBAAe"}

package/dist/cjs/server/actions/refreshToken.cjs ADDED Viewed

@@ -0,0 +1,61 @@
+'use server';
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_SessionManager = require('../../utils/SessionManager.cjs');
+const require_getClient = require('../getClient.cjs');
+const require_handleRefreshToken = require('../../utils/handleRefreshToken.cjs');
+let __thunderid_node = require("@thunderid/node");
+__thunderid_node = require_rolldown_runtime.__toESM(__thunderid_node);
+let next_headers = require("next/headers");
+next_headers = require_rolldown_runtime.__toESM(next_headers);
+//#region src/server/actions/refreshToken.ts
+/**
+* Server action to refresh the access token using the stored refresh token.
+* Exchanges the refresh token for a new token set and updates the session cookie.
+*
+* Delegates the HTTP exchange to handleRefreshToken so the same logic is shared
+* with the middleware token refresh path.
+*
+* Called from the client side (e.g. ThunderIDClientProvider refreshOnMount) where
+* Next.js allows cookie mutation. When invoked during SSR rendering the cookie
+* write is silently skipped and a warning is logged.
+*/
+const refreshToken = async () => {
+	try {
+		const cookieStore = await (0, next_headers.cookies)();
+		const sessionToken = cookieStore.get(require_SessionManager.default.getSessionCookieName())?.value;
+		if (!sessionToken) throw new __thunderid_node.ThunderIDAPIError("No active session found. User must be signed in to refresh the token.", "refreshToken-ServerActionError-002", "nextjs", 401);
+		const sessionPayload = await require_SessionManager.default.verifySessionTokenForRefresh(sessionToken);
+		const config = await require_getClient.default().getConfiguration();
+		const result = await require_handleRefreshToken.default(sessionPayload, {
+			baseUrl: config.baseUrl ?? "",
+			clientId: config.clientId ?? "",
+			clientSecret: config.clientSecret ?? "",
+			sessionCookie: config.sessionCookie
+		});
+		try {
+			cookieStore.set(require_SessionManager.default.getSessionCookieName(), result.newSessionToken, require_SessionManager.default.getSessionCookieOptions(result.sessionCookieExpiryTime));
+		} catch {
+			__thunderid_node.logger.warn("[refreshToken] Could not write session cookie — called from SSR rendering context.");
+		}
+		const rawExpiresIn = result.tokenResponse.expiresIn;
+		const expiresInSeconds = parseInt(rawExpiresIn ?? "", 10);
+		if (Number.isNaN(expiresInSeconds)) throw new Error(`[refreshToken] Invalid expiresIn value received: ${rawExpiresIn}`);
+		const expiresAt = Math.floor(Date.now() / 1e3) + expiresInSeconds;
+		__thunderid_node.logger.debug("[refreshToken] Token refresh succeeded.");
+		return { expiresAt };
+	} catch (error) {
+		try {
+			(await (0, next_headers.cookies)()).delete(require_SessionManager.default.getSessionCookieName());
+			__thunderid_node.logger.debug("[refreshToken] Cleared session cookie after refresh failure.");
+		} catch {}
+		throw new __thunderid_node.ThunderIDAPIError(`Failed to refresh the session: ${error instanceof Error ? error.message : JSON.stringify(error)}`, "refreshToken-ServerActionError-001", "nextjs", error instanceof __thunderid_node.ThunderIDAPIError ? error.statusCode : void 0);
+	}
+};
+var refreshToken_default = refreshToken;
+//#endregion
+exports.default = refreshToken_default;
+//# sourceMappingURL=refreshToken.cjs.map