@thunderid/nuxt 0.0.1

package/dist/runtime/components/user/UserDropdown.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { type Component } from 'vue';
+/**
+ * Nuxt-specific UserDropdown container.
+ *
+ * Reads `user` and `signOut` from `useThunderID()` (Nuxt auto-import) and
+ * profile data from `useUser()`, then delegates rendering to
+ * {@link BaseUserDropdown} from `@thunderid/vue`.
+ *
+ * The `signOut` action comes from the Nuxt plugin's THUNDERID_KEY so it uses
+ * `navigateTo` for the redirect instead of `window.location`.
+ *
+ * The embedded profile modal renders the Nuxt-specific `UserProfile` so that
+ * profile update handlers are also wired through the Nuxt auto-import layer.
+ *
+ * @example
+ * ```vue
+ * <ThunderIDUserDropdown />
+ * ```
+ */
+declare const UserDropdown: Component;
+export default UserDropdown;

package/dist/runtime/components/user/UserDropdown.js

@@ -0,0 +1,45 @@
+import { withVendorCSSClassPrefix } from "@thunderid/browser";
+import { BaseUserDropdown, UserProfile as UserProfileComponent } from "@thunderid/vue";
+import { defineComponent, h, ref } from "vue";
+import { useThunderID, useUser } from "#imports";
+const UserDropdown = defineComponent({
+  emits: ["profileClick"],
+  name: "UserDropdown",
+  props: {
+    className: { default: "", type: String }
+  },
+  setup(props, { slots, emit }) {
+    const { user, signOut } = useThunderID();
+    useUser();
+    const isProfileModalOpen = ref(false);
+    return () => h(
+      BaseUserDropdown,
+      {
+        class: withVendorCSSClassPrefix("user-dropdown--styled"),
+        className: props.className,
+        isProfileModalOpen: isProfileModalOpen.value,
+        onProfileClick: () => {
+          isProfileModalOpen.value = true;
+          emit("profileClick");
+        },
+        onProfileModalClose: () => {
+          isProfileModalOpen.value = false;
+        },
+        onSignOut: () => {
+          signOut();
+        },
+        // Inline profile content avoids creating a circular dependency on the
+        // Nuxt UserProfile container; UserProfileComponent from @thunderid/vue
+        // reads its data from the OrganizationProvider / UserProvider context
+        // wired up by ThunderIDRoot, so it works identically.
+        profileContent: isProfileModalOpen.value ? h(UserProfileComponent, {
+          cardLayout: false,
+          editable: true
+        }) : null,
+        user: user.value
+      },
+      slots
+    );
+  }
+});
+export default UserDropdown;

package/dist/runtime/components/user/UserProfile.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { type Component } from 'vue';
+/**
+ * Nuxt-specific UserProfile container.
+ *
+ * Reads user profile data from `useUser()` (Nuxt auto-import, re-exported
+ * from `@thunderid/vue`) and delegates rendering to {@link BaseUserProfile}
+ * from `@thunderid/vue`.
+ *
+ * Preserves the same prop/slot API as the Vue SDK's `UserProfile` component
+ * so consumers don't need to change their templates.
+ *
+ * @example
+ * ```vue
+ * <ThunderIDUserProfile :editable="true" title="My Profile" />
+ * ```
+ */
+declare const UserProfile: Component;
+export default UserProfile;

package/dist/runtime/components/user/UserProfile.js

@@ -0,0 +1,35 @@
+import { withVendorCSSClassPrefix } from "@thunderid/browser";
+import { BaseUserProfile } from "@thunderid/vue";
+import { defineComponent, h } from "vue";
+import { useUser } from "#imports";
+const UserProfile = defineComponent({
+  name: "UserProfile",
+  props: {
+    cardLayout: { default: true, type: Boolean },
+    className: { default: "", type: String },
+    editable: { default: true, type: Boolean },
+    hideFields: { default: () => [], type: Array },
+    showFields: { default: () => [], type: Array },
+    title: { default: "Profile", type: String }
+  },
+  setup(props, { slots }) {
+    const { flattenedProfile, schemas, updateProfile } = useUser();
+    return () => h(
+      BaseUserProfile,
+      {
+        cardLayout: props.cardLayout,
+        class: withVendorCSSClassPrefix("user-profile--styled"),
+        className: props.className,
+        editable: props.editable,
+        flattenedProfile: flattenedProfile?.value,
+        hideFields: props.hideFields,
+        onUpdate: updateProfile,
+        schemas: schemas?.value,
+        showFields: props.showFields,
+        title: props.title
+      },
+      slots
+    );
+  }
+});
+export default UserProfile;

package/dist/runtime/composables/useThunderID.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { type ThunderIDContext } from '@thunderid/vue';
+/**
+ * Nuxt-aware primary composable for ThunderID authentication.
+ *
+ * Mirrors the Next.js `useThunderID` hook: a thin wrapper over the base SDK's
+ * `useThunderID` that re-binds the redirect-based actions (`signIn`, `signOut`,
+ * `signUp`) to Nuxt's {@link navigateTo} so SSR redirects use the correct
+ * response mechanism instead of `window.location`.
+ *
+ * The surrounding context is guaranteed to be present by the Nuxt plugin
+ * (`THUNDERID_KEY`) and {@link ThunderIDRoot} (the auxiliary provider tree),
+ * so this composable does not carry a fallback branch.
+ *
+ * @example
+ * ```vue
+ * <script setup>
+ * const { isSignedIn, user, signIn, signOut } = useThunderID();
+ * </script>
+ * ```
+ */
+export declare function useThunderID(): ThunderIDContext;

package/dist/runtime/composables/useThunderID.js

@@ -0,0 +1,73 @@
+import { EmbeddedSignInFlowStatus, getRedirectBasedSignUpUrl } from "@thunderid/browser";
+import { useThunderID as useThunderIDVue } from "@thunderid/vue";
+import { navigateTo, useState, useRuntimeConfig } from "#app";
+export function useThunderID() {
+  const context = useThunderIDVue();
+  const signIn = async (...args) => {
+    const arg0 = args[0];
+    const isEmbedded = typeof arg0 === "object" && arg0 !== null && "flowId" in arg0;
+    if (isEmbedded) {
+      const payload = arg0;
+      const request = args[1] ?? {};
+      const res = await $fetch("/api/auth/signin", {
+        body: { payload, request },
+        method: "POST"
+      });
+      if (res.data?.afterSignInUrl) {
+        if (import.meta.client) {
+          try {
+            const session = await $fetch("/api/auth/session");
+            const authState = useState("thunderid:auth");
+            authState.value = session;
+          } catch {
+          }
+        }
+        return {
+          authData: {},
+          flowStatus: EmbeddedSignInFlowStatus.SuccessCompleted
+        };
+      }
+      return res.data;
+    }
+    const options = arg0;
+    const returnTo = typeof options?.["returnTo"] === "string" ? options["returnTo"] : void 0;
+    const url = returnTo ? `/api/auth/signin?returnTo=${encodeURIComponent(returnTo)}` : "/api/auth/signin";
+    await navigateTo(url, { external: true });
+    return void 0;
+  };
+  const signOut = async () => {
+    const res = await $fetch("/api/auth/signout", { method: "POST" });
+    await navigateTo(res.redirectUrl || "/", { external: true });
+  };
+  const signUp = async (...args) => {
+    const payload = args[0];
+    if (payload && typeof payload === "object" && "flowType" in payload) {
+      const res = await $fetch("/api/auth/signup", {
+        body: { payload },
+        method: "POST"
+      });
+      if (res.data?.afterSignUpUrl) {
+        await navigateTo(res.data.afterSignUpUrl, { external: false });
+        return void 0;
+      }
+      return res.data;
+    }
+    const cfg = useRuntimeConfig().public.thunderid ?? {};
+    if (cfg.signUpUrl) {
+      await navigateTo(cfg.signUpUrl, { external: true });
+      return void 0;
+    }
+    const redirectUrl = getRedirectBasedSignUpUrl({
+      applicationId: cfg.applicationId,
+      baseUrl: cfg.baseUrl,
+      clientId: cfg.clientId
+    });
+    if (redirectUrl) {
+      await navigateTo(redirectUrl, { external: true });
+      return void 0;
+    }
+    await navigateTo("/sign-up", { external: false });
+    return void 0;
+  };
+  return { ...context, signIn, signOut, signUp };
+}

package/dist/runtime/errors/error-codes.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/**
+ * Typed error codes for the ThunderID Nuxt SDK.
+ * Every structured error thrown by the SDK carries one of these codes
+ * so callers can react to specific failure modes without string matching.
+ */
+export declare enum ErrorCode {
+    ConfigMissingBaseUrl = "config/missing-base-url",
+    ConfigMissingClientId = "config/missing-client-id",
+    ConfigMissingSecret = "config/missing-session-secret",
+    OAuthCallbackError = "oauth/callback-error",
+    OAuthStateInvalid = "oauth/state-invalid",
+    OpenRedirectBlocked = "security/open-redirect-blocked",
+    OrganizationCreateFailed = "organization/create-failed",
+    OrganizationSwitchFailed = "organization/switch-failed",
+    SessionExpired = "session/expired",
+    SessionInvalid = "session/invalid",
+    SessionMissing = "session/missing",
+    TempSessionInvalid = "session/temp-invalid",
+    TokenExchangeFailed = "oauth/token-exchange-failed",
+    TokenRefreshFailed = "oauth/token-refresh-failed",
+    UserProfileFetchFailed = "scim2/user-profile-fetch-failed",
+    UserProfileUpdateFailed = "scim2/user-profile-update-failed"
+}

package/dist/runtime/errors/error-codes.js

@@ -0,0 +1,19 @@
+export var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
+  ErrorCode2["ConfigMissingBaseUrl"] = "config/missing-base-url";
+  ErrorCode2["ConfigMissingClientId"] = "config/missing-client-id";
+  ErrorCode2["ConfigMissingSecret"] = "config/missing-session-secret";
+  ErrorCode2["OAuthCallbackError"] = "oauth/callback-error";
+  ErrorCode2["OAuthStateInvalid"] = "oauth/state-invalid";
+  ErrorCode2["OpenRedirectBlocked"] = "security/open-redirect-blocked";
+  ErrorCode2["OrganizationCreateFailed"] = "organization/create-failed";
+  ErrorCode2["OrganizationSwitchFailed"] = "organization/switch-failed";
+  ErrorCode2["SessionExpired"] = "session/expired";
+  ErrorCode2["SessionInvalid"] = "session/invalid";
+  ErrorCode2["SessionMissing"] = "session/missing";
+  ErrorCode2["TempSessionInvalid"] = "session/temp-invalid";
+  ErrorCode2["TokenExchangeFailed"] = "oauth/token-exchange-failed";
+  ErrorCode2["TokenRefreshFailed"] = "oauth/token-refresh-failed";
+  ErrorCode2["UserProfileFetchFailed"] = "scim2/user-profile-fetch-failed";
+  ErrorCode2["UserProfileUpdateFailed"] = "scim2/user-profile-update-failed";
+  return ErrorCode2;
+})(ErrorCode || {});

package/dist/runtime/errors/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+export { ThunderIDError } from './thunderid-error.js';
+export { ErrorCode } from './error-codes.js';

package/dist/runtime/errors/index.js

@@ -0,0 +1,2 @@
+export { ThunderIDError } from "./thunderid-error.js";
+export { ErrorCode } from "./error-codes.js";

package/dist/runtime/errors/thunderid-error.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { ErrorCode } from './error-codes.js';
+/**
+ * Structured error type for the ThunderID Nuxt SDK.
+ *
+ * Every error thrown by SDK internals should be an `ThunderIDError` so
+ * that callers can branch on `err.code` instead of matching strings.
+ *
+ * @example
+ * ```ts
+ * try {
+ *   const session = await requireServerSession(event);
+ * } catch (err) {
+ *   if (err instanceof ThunderIDError && err.code === ErrorCode.SessionMissing) {
+ *     throw createError({ statusCode: 401 });
+ *   }
+ *   throw err;
+ * }
+ * ```
+ */
+export declare class ThunderIDError extends Error {
+    readonly code: ErrorCode;
+    readonly statusCode?: number;
+    readonly cause?: unknown;
+    readonly context?: Record<string, unknown>;
+    constructor(message: string, code: ErrorCode, opts?: {
+        cause?: unknown;
+        context?: Record<string, unknown>;
+        statusCode?: number;
+    });
+}

package/dist/runtime/errors/thunderid-error.js

@@ -0,0 +1,15 @@
+export class ThunderIDError extends Error {
+  code;
+  statusCode;
+  cause;
+  context;
+  constructor(message, code, opts) {
+    super(message);
+    this.name = "ThunderIDError";
+    this.code = code;
+    this.statusCode = opts?.statusCode;
+    this.cause = opts?.cause;
+    this.context = opts?.context;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+}

package/dist/runtime/middleware/auth.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/**
+ * Named route middleware for protecting pages.
+ *
+ * Registered under the name `'auth'` by the Nuxt module, so pages can
+ * opt in by string reference:
+ *
+ * ```vue
+ * <script setup>
+ * definePageMeta({ middleware: ['auth'] });
+ * </script>
+ * ```
+ *
+ * Equivalent to `defineThunderIDMiddleware()` with no options: redirects
+ * unauthenticated users to `/api/auth/signin?returnTo=<path>`. For scope
+ * or organization gating, use `defineThunderIDMiddleware({ ... })` directly.
+ */
+declare const _default: import("#app").RouteMiddleware;
+export default _default;

package/dist/runtime/middleware/auth.js

@@ -0,0 +1,2 @@
+import { defineThunderIDMiddleware } from "./defineThunderIDMiddleware.js";
+export default defineThunderIDMiddleware();

package/dist/runtime/middleware/defineThunderIDMiddleware.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { defineNuxtRouteMiddleware } from '#app';
+export interface ThunderIDMiddlewareOptions {
+    /**
+     * The path to redirect unauthenticated (or unauthorised) requests to.
+     * Defaults to `'/api/auth/signin'`.
+     */
+    redirectTo?: string;
+    /**
+     * If `true`, the middleware will also require that the user has an
+     * `organizationId` in their session.  Redirects to `redirectTo` if not.
+     */
+    requireOrganization?: boolean;
+    /**
+     * Required OAuth scopes.  The middleware checks that every listed scope
+     * is present in the session before allowing access.
+     */
+    requireScopes?: string[];
+}
+/**
+ * Typed factory for ThunderID route middleware.
+ *
+ * Usage in a page component:
+ * ```vue
+ * <script setup>
+ * definePageMeta({
+ *   middleware: [defineThunderIDMiddleware({ requireOrganization: true })]
+ * });
+ * </script>
+ * ```
+ *
+ * Or add it as a named middleware in `middleware/` and reference by name.
+ *
+ * The built-in `'auth'` middleware registered by this module is equivalent
+ * to calling `defineThunderIDMiddleware()` with no options.
+ */
+export declare function defineThunderIDMiddleware(options?: ThunderIDMiddlewareOptions): ReturnType<typeof defineNuxtRouteMiddleware>;

package/dist/runtime/middleware/defineThunderIDMiddleware.js

@@ -0,0 +1,24 @@
+import { defineNuxtRouteMiddleware, navigateTo, useState } from "#app";
+const DEFAULT_REDIRECT_TO = "/api/auth/signin";
+export function defineThunderIDMiddleware(options = {}) {
+  const { redirectTo = DEFAULT_REDIRECT_TO, requireOrganization = false, requireScopes = [] } = options;
+  return defineNuxtRouteMiddleware((to) => {
+    const authState = useState("thunderid:auth");
+    if (!authState.value?.isSignedIn) {
+      const returnTo = encodeURIComponent(to.fullPath);
+      return navigateTo(`${redirectTo}?returnTo=${returnTo}`, { external: true });
+    }
+    const user = authState.value.user;
+    if (requireOrganization && !user?.["organizationId"]) {
+      return navigateTo(redirectTo, { external: true });
+    }
+    if (requireScopes.length > 0) {
+      const sessionScopes = String(user?.["scopes"] ?? "").split(" ");
+      const hasAllScopes = requireScopes.every((s) => sessionScopes.includes(s));
+      if (!hasAllScopes) {
+        return navigateTo(redirectTo, { external: true });
+      }
+    }
+    return void 0;
+  });
+}

package/dist/runtime/plugins/thunderid.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/**
+ * Universal Nuxt plugin (runs on both server and client) that wires up the
+ * ThunderID Vue SDK.
+ *
+ * Responsibilities — mirrors the split between `ThunderIDServerProvider` and
+ * `ThunderIDClientProvider` in the Next.js SDK:
+ *
+ *  1. **Auth state** — hydrate `useState('thunderid:auth')` from the Nitro
+ *     plugin's `event.context.thunderid` so SSR and client agree on signed-in
+ *     status and the user object.
+ *  2. **THUNDERID_KEY** — provide the primary auth context at the app level.
+ *     Action helpers (`signIn` / `signOut` / `signUp`) use Nuxt's
+ *     `navigateTo` so redirects work on both server and client.
+ *  3. **ThunderIDRoot** — register the wrapper component that mounts the rest
+ *     of the provider tree (`I18nProvider`, `BrandingProvider`,
+ *     `ThemeProvider`, `FlowProvider`, `UserProvider`, `OrganizationProvider`)
+ *     so downstream composables receive real context values.
+ *  4. **ThunderIDPlugin (delegated)** — install the Vue SDK plugin in
+ *     delegated mode so it skips browser-only initialisation (SSR-safe).
+ */
+declare const _default: import("#app").Plugin<Record<string, unknown>> & import("#app").ObjectPlugin<Record<string, unknown>>;
+export default _default;