@thunderid/nuxt 0.0.4 → 0.1.0

package/README.md

@@ -1,4 +1,4 @@
-![ThunderID Nuxt SDK](https://raw.githubusercontent.com/thunder-id/thunderid/refs/heads/main/docs/content/sdks/assets/images/%40thunderid%3Anuxt_sdk_banner.png)
+![ThunderID Nuxt SDK](https://raw.githubusercontent.com/thunder-id/thunderid/refs/heads/main/docs/static/assets/images/readme/repo-banner-nuxt-sdk.png)
 
 Nuxt SDK for ThunderID. Provides authentication for Nuxt 3 applications with support for SSR, server routes, and composables.
 

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "configKey": "thunderid",
   "name": "@thunderid/nuxt",
-  "version": "0.0.4",
+  "version": "0.1.0",
   "builder": {
     "@nuxt/module-builder": "1.0.1",
     "unbuild": "unknown"

package/dist/runtime/server/ThunderIDNuxtClient.d.ts

@@ -15,172 +15,35 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import { ThunderIDNodeClient, type IdToken, type Organization, type OrganizationDetails, type CreateOrganizationPayload, type Storage, type TokenExchangeRequestConfig, type TokenResponse, type User, type UserProfile, type UpdateMeProfileConfig, type AllOrganizationsApiResponse, type GetBrandingPreferenceConfig, type BrandingPreference, type EmbeddedFlowExecuteRequestPayload, type EmbeddedFlowExecuteResponse, type ExtendedAuthorizeRequestUrlParams, type SignUpOptions } from '@thunderid/node';
+import { ThunderIDNodeClient, type IdToken, type Organization, type OrganizationDetails, type CreateOrganizationPayload, type Storage, type TokenExchangeRequestConfig, type TokenResponse, type User, type UserProfile, type UpdateMeProfileConfig, type AllOrganizationsApiResponse, type EmbeddedFlowExecuteRequestPayload, type EmbeddedFlowExecuteResponse, type ExtendedAuthorizeRequestUrlParams, type SignUpOptions, type GetBrandingPreferenceConfig, type BrandingPreference } from '@thunderid/node';
 import type { ThunderIDNuxtConfig, ThunderIDSessionPayload } from '../types.js';
-/**
- * Singleton ThunderID client for Nuxt applications.
- *
- * Mirrors the {@link ThunderIDNextClient} pattern: a single shared instance per
- * server process that delegates OAuth/OIDC operations to an internal
- * {@link LegacyThunderIDNodeClient}. The legacy client provisions its own default
- * in-memory store (`MemoryCacheStore`) for PKCE state and tokens so that state
- * persists across the sign-in → callback boundary.
- *
- * Consumers call {@link getInstance} directly from server routes and plugins —
- * there is no per-request wrapper factory. Initialization happens once per
- * process (guarded by {@link isInitialized}) from the `thunderid-init` Nitro
- * plugin on the first request.
- *
- * @example
- * ```ts
- * // In a Nitro API route:
- * export default defineEventHandler(async (event) => {
- *   const client = ThunderIDNuxtClient.getInstance();
- *   return client.getUser(sessionId);
- * });
- * ```
- */
 declare class ThunderIDNuxtClient extends ThunderIDNodeClient<ThunderIDNuxtConfig> {
     private static instance;
-    private legacy;
     isInitialized: boolean;
     private constructor();
-    /**
-     * Get the singleton instance of ThunderIDNuxtClient.
-     */
     static getInstance(): ThunderIDNuxtClient;
-    /**
-     * Initializes the underlying legacy client with OAuth/OIDC settings derived
-     * from the Nuxt module config. Idempotent — repeated calls are no-ops after
-     * the first successful initialization.
-     */
     initialize(config: ThunderIDNuxtConfig, storage?: Storage): Promise<boolean>;
     reInitialize(config: Partial<ThunderIDNuxtConfig>): Promise<boolean>;
-    /**
-     * Seeds the legacy in-memory token store from a verified session JWT payload.
-     *
-     * The signed session cookie is the source of truth for tokens in this SDK — it
-     * survives server restarts and new worker processes. The underlying
-     * {@link LegacyThunderIDNodeClient}, however, keeps tokens in a
-     * {@link MemoryCacheStore} keyed by `sessionId`, and its
-     * `getAccessToken` / `getUser` / `getDecodedIdToken` / `signOut` paths all
-     * read from that store. Without rehydration, those calls fail whenever the
-     * in-memory store and the cookie diverge (the classic case: `nuxi dev`
-     * restart while the browser still holds a valid session cookie).
-     *
-     * Writes the snake_case token shape the legacy helper expects
-     * (see `AuthenticationHelper.processTokenResponse`). Safe to call on every
-     * request — it's an in-memory write and the cookie always reflects the
-     * freshest tokens (the refresh path re-issues the cookie too).
-     */
     rehydrateSessionFromPayload(session: ThunderIDSessionPayload): Promise<void>;
-    /**
-     * Initiates the authorization code flow, handles an embedded sign-in step,
-     * or exchanges a code for tokens.
-     *
-     * Overload 1 — **redirect-flow** (existing callers like `signin.get.ts`):
-     * ```
-     * signIn(authURLCallback, sessionId, code?, sessionState?, state?, config?)
-     * ```
-     * Overload 2 — **embedded flow initiate** (flowId === ''):
-     * ```
-     * signIn({flowId: ''}, request, sessionId)
-     * ```
-     * Dispatches to `initializeEmbeddedSignInFlow`.
-     *
-     * Overload 3 — **embedded flow execute** (flowId set):
-     * ```
-     * signIn(payload, request, sessionId)
-     * ```
-     * Dispatches to `executeEmbeddedSignInFlow`.
-     *
-     * Overload 4 — **code exchange** (completion after embedded flow):
-     * ```
-     * signIn({code, state, session_state}, {}, sessionId)
-     * ```
-     * Falls through to the legacy redirect-flow code-exchange path.
-     */
     signIn(...args: any[]): Promise<any>;
-    /**
-     * Executes the embedded sign-up flow step.
-     * Mirrors `ThunderIDNextClient.signUp` with an `EmbeddedFlowExecuteRequestPayload`.
-     */
     signUp(options?: SignUpOptions): Promise<void>;
     signUp(payload: EmbeddedFlowExecuteRequestPayload): Promise<EmbeddedFlowExecuteResponse>;
-    /**
-     * Returns the OAuth2 authorization URL.
-     * Used by the redirect-flow GET handler and the embedded-flow initiation path.
-     *
-     * Mirrors `ThunderIDNextClient.getAuthorizeRequestUrl`.
-     */
     getAuthorizeRequestUrl(customParams: ExtendedAuthorizeRequestUrlParams, userId?: string): Promise<string>;
-    /**
-     * Clears the session and returns the RP-Initiated Logout URL.
-     * Accepts either `(sessionId: string)` or `(options?, sessionId?, callback?)`.
-     *
-     * For ThunderIDV2 (Thunder), RP-Initiated Logout is not yet supported by the platform.
-     * Skip the /oidc/logout call and return afterSignOutUrl directly — the caller
-     * (signout.post.ts) is responsible for clearing session cookies.
-     */
     signOut(...args: any[]): Promise<string>;
     getUser(sessionId?: string): Promise<User>;
     getAccessToken(sessionId?: string): Promise<string>;
-    /**
-     * Decodes and returns the ID token claims for the given session.
-     * Exposed here (as on {@link ThunderIDNextClient}) so route handlers can
-     * access ID token claims without falling back to the legacy client.
-     */
     getDecodedIdToken(sessionId?: string, idToken?: string): Promise<IdToken>;
     isSignedIn(sessionId?: string): Promise<boolean>;
     exchangeToken(config: TokenExchangeRequestConfig, sessionId?: string): Promise<TokenResponse | Response>;
-    /**
-     * Fetches the flattened SCIM2 user profile for the given session.
-     * Mirrors `ThunderIDNextClient.getUserProfile` — calls `getScim2Me` +
-     * `getSchemas` + `generateFlattenedUserProfile` and falls back to
-     * `getUser` claims if SCIM2 is unavailable.
-     */
     getUserProfile(sessionId: string): Promise<UserProfile>;
-    /**
-     * Extracts the current organisation from the decoded ID token.
-     * Returns null when the user is not acting within an organisation.
-     */
     getCurrentOrganization(sessionId: string): Promise<Organization | null>;
-    /**
-     * Returns the list of organisations the authenticated user is a member of.
-     */
     getMyOrganizations(sessionId: string): Promise<Organization[]>;
-    /**
-     * Fetches the branding preference for the tenant / application.
-     * Delegates to the standalone `getBrandingPreference` API helper from
-     * `@thunderid/node`, which does not require an authenticated session.
-     */
     getBrandingPreference(config: GetBrandingPreferenceConfig): Promise<BrandingPreference>;
-    /**
-     * Updates the SCIM2 /Me profile for the authenticated user.
-     * Mirrors `ThunderIDNextClient.updateUserProfile`.
-     */
     updateUserProfile(config: UpdateMeProfileConfig, sessionId: string): Promise<User>;
-    /**
-     * Retrieves all organisations accessible to the authenticated user
-     * (paginated). Mirrors `ThunderIDNextClient.getAllOrganizations`.
-     */
     getAllOrganizations(options?: any, sessionId?: string): Promise<AllOrganizationsApiResponse>;
-    /**
-     * Creates a new sub-organisation. Mirrors `ThunderIDNextClient.createOrganization`.
-     */
     createOrganization(payload: CreateOrganizationPayload, sessionId: string): Promise<Organization>;
-    /**
-     * Fetches the details of a single organisation by ID.
-     * Mirrors `ThunderIDNextClient.getOrganization`.
-     */
     getOrganization(organizationId: string, sessionId: string): Promise<OrganizationDetails>;
-    /**
-     * Performs an organisation-switch token exchange and returns the new
-     * `TokenResponse`. The caller (the Nitro route) is responsible for
-     * persisting the new session cookie.
-     *
-     * Mirrors `ThunderIDNextClient.switchOrganization`.
-     */
     switchOrganization(organization: Organization, sessionId: string): Promise<TokenResponse | Response>;
+    getStorageManager(): any;
 }
 export default ThunderIDNuxtClient;

package/dist/runtime/server/ThunderIDNuxtClient.js

@@ -1,43 +1,26 @@
 import {
   ThunderIDNodeClient,
-  LegacyThunderIDNodeClient,
-  Platform,
   getBrandingPreference,
   getMeOrganizations,
   getAllOrganizations,
   createOrganization,
   getOrganization,
-  getScim2Me,
-  getSchemas,
-  flattenUserSchema,
-  generateFlattenedUserProfile,
-  updateMeProfile,
   initializeEmbeddedSignInFlow,
   executeEmbeddedSignInFlow,
   executeEmbeddedSignUpFlow
 } from "@thunderid/node";
 class ThunderIDNuxtClient extends ThunderIDNodeClient {
   static instance;
-  legacy;
   isInitialized = false;
   constructor() {
     super();
-    this.legacy = new LegacyThunderIDNodeClient();
   }
-  /**
-   * Get the singleton instance of ThunderIDNuxtClient.
-   */
   static getInstance() {
     if (!ThunderIDNuxtClient.instance) {
       ThunderIDNuxtClient.instance = new ThunderIDNuxtClient();
     }
     return ThunderIDNuxtClient.instance;
   }
-  /**
-   * Initializes the underlying legacy client with OAuth/OIDC settings derived
-   * from the Nuxt module config. Idempotent — repeated calls are no-ops after
-   * the first successful initialization.
-   */
   async initialize(config, storage) {
     if (this.isInitialized) {
       return true;
@@ -49,40 +32,22 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       clientId: config.clientId,
       clientSecret: config.clientSecret || void 0,
       enablePKCE: true,
-      platform: config.platform,
       scopes: config.scopes || ["openid", "profile"],
       tokenRequest: config.tokenRequest
     };
-    const result = await this.legacy.initialize(authConfig, storage);
+    const result = await super.initialize(authConfig, storage);
     this.isInitialized = true;
     return result;
   }
   async reInitialize(config) {
-    await this.legacy.reInitialize(config);
+    await super.reInitialize(config);
     return true;
   }
-  /**
-   * Seeds the legacy in-memory token store from a verified session JWT payload.
-   *
-   * The signed session cookie is the source of truth for tokens in this SDK — it
-   * survives server restarts and new worker processes. The underlying
-   * {@link LegacyThunderIDNodeClient}, however, keeps tokens in a
-   * {@link MemoryCacheStore} keyed by `sessionId`, and its
-   * `getAccessToken` / `getUser` / `getDecodedIdToken` / `signOut` paths all
-   * read from that store. Without rehydration, those calls fail whenever the
-   * in-memory store and the cookie diverge (the classic case: `nuxi dev`
-   * restart while the browser still holds a valid session cookie).
-   *
-   * Writes the snake_case token shape the legacy helper expects
-   * (see `AuthenticationHelper.processTokenResponse`). Safe to call on every
-   * request — it's an in-memory write and the cookie always reflects the
-   * freshest tokens (the refresh path re-issues the cookie too).
-   */
   async rehydrateSessionFromPayload(session) {
     if (!this.isInitialized || !session?.sessionId || !session?.accessToken) {
       return;
     }
-    const storageManager = await this.legacy.getStorageManager();
+    const storageManager = this.getStorageManager();
     const iatSeconds = typeof session.iat === "number" ? session.iat : Math.floor(Date.now() / 1e3);
     const expiresInSeconds = typeof session.accessTokenExpiresAt === "number" ? Math.max(0, session.accessTokenExpiresAt - iatSeconds) : 3600;
     await storageManager.setSessionData(
@@ -99,38 +64,12 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       session.sessionId
     );
   }
-  /**
-   * Initiates the authorization code flow, handles an embedded sign-in step,
-   * or exchanges a code for tokens.
-   *
-   * Overload 1 — **redirect-flow** (existing callers like `signin.get.ts`):
-   * ```
-   * signIn(authURLCallback, sessionId, code?, sessionState?, state?, config?)
-   * ```
-   * Overload 2 — **embedded flow initiate** (flowId === ''):
-   * ```
-   * signIn({flowId: ''}, request, sessionId)
-   * ```
-   * Dispatches to `initializeEmbeddedSignInFlow`.
-   *
-   * Overload 3 — **embedded flow execute** (flowId set):
-   * ```
-   * signIn(payload, request, sessionId)
-   * ```
-   * Dispatches to `executeEmbeddedSignInFlow`.
-   *
-   * Overload 4 — **code exchange** (completion after embedded flow):
-   * ```
-   * signIn({code, state, session_state}, {}, sessionId)
-   * ```
-   * Falls through to the legacy redirect-flow code-exchange path.
-   */
   signIn(...args) {
     const arg0 = args[0];
     if (typeof arg0 === "object" && arg0 !== null && "flowId" in arg0) {
       const sessionId = args[2];
       if (arg0.flowId === "") {
-        return this.getAuthorizeRequestUrl(
+        return this.getSignInUrl(
           { client_secret: "{{clientSecret}}", response_mode: "direct" },
           sessionId
         ).then((authorizeUrl) => {
@@ -153,24 +92,18 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       const sessionState = typeof payload.session_state === "string" ? payload.session_state : void 0;
       const state = typeof payload.state === "string" ? payload.state : void 0;
       const extraParams = {};
-      if (code) {
-        extraParams.code = code;
-      }
-      if (sessionState) {
-        extraParams.session_state = sessionState;
-      }
-      if (state) {
-        extraParams.state = state;
-      }
-      return this.legacy.signIn(args[3], args[2], code, sessionState, state, extraParams);
+      if (code) extraParams.code = code;
+      if (sessionState) extraParams.session_state = sessionState;
+      if (state) extraParams.state = state;
+      return super.signIn(args[3], args[2], code, sessionState, state, extraParams);
     }
-    return this.legacy.signIn(args[0], args[1], args[2], args[3], args[4], args[5]);
+    return super.signIn(args[0], args[1], args[2], args[3], args[4], args[5]);
   }
   async signUp(payloadOrOptions) {
     if (!payloadOrOptions || !("flowType" in payloadOrOptions)) {
       return void 0;
     }
-    const configData = await this.legacy.getConfigData?.();
+    const configData = this.getStorageManager().getConfigData();
     const baseUrl = configData?.baseUrl;
     const response = await executeEmbeddedSignUpFlow({
       baseUrl,
@@ -178,86 +111,32 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
     });
     return response;
   }
-  /**
-   * Returns the OAuth2 authorization URL.
-   * Used by the redirect-flow GET handler and the embedded-flow initiation path.
-   *
-   * Mirrors `ThunderIDNextClient.getAuthorizeRequestUrl`.
-   */
   async getAuthorizeRequestUrl(customParams, userId) {
-    return this.legacy.getSignInUrl(customParams, userId);
+    return this.getSignInUrl(customParams, userId);
   }
-  /**
-   * Clears the session and returns the RP-Initiated Logout URL.
-   * Accepts either `(sessionId: string)` or `(options?, sessionId?, callback?)`.
-   *
-   * For ThunderIDV2 (Thunder), RP-Initiated Logout is not yet supported by the platform.
-   * Skip the /oidc/logout call and return afterSignOutUrl directly — the caller
-   * (signout.post.ts) is responsible for clearing session cookies.
-   */
   async signOut(...args) {
-    const sessionId = typeof args[0] === "string" ? args[0] : args[1];
-    const configData = await this.legacy.getConfigData?.();
-    if (configData?.platform === Platform.ThunderIDV2) {
-      return configData?.afterSignOutUrl || configData?.afterSignInUrl || "/";
-    }
-    return this.legacy.signOut(sessionId);
+    const configData = this.getStorageManager().getConfigData();
+    return configData?.afterSignOutUrl || configData?.afterSignInUrl || "/";
   }
   getUser(sessionId) {
-    return this.legacy.getUser(sessionId);
+    return super.getUser(sessionId);
   }
   getAccessToken(sessionId) {
-    return this.legacy.getAccessToken(sessionId);
+    return super.getAccessToken(sessionId);
   }
-  /**
-   * Decodes and returns the ID token claims for the given session.
-   * Exposed here (as on {@link ThunderIDNextClient}) so route handlers can
-   * access ID token claims without falling back to the legacy client.
-   */
   getDecodedIdToken(sessionId, idToken) {
-    return this.legacy.getDecodedIdToken(sessionId, idToken);
+    return super.getDecodedIdToken(sessionId, idToken);
   }
   isSignedIn(sessionId) {
-    return this.legacy.isSignedIn(sessionId);
+    return super.isSignedIn(sessionId);
   }
   exchangeToken(config, sessionId) {
-    return this.legacy.exchangeToken(config, sessionId);
+    return super.exchangeToken(config, sessionId);
   }
-  /**
-   * Fetches the flattened SCIM2 user profile for the given session.
-   * Mirrors `ThunderIDNextClient.getUserProfile` — calls `getScim2Me` +
-   * `getSchemas` + `generateFlattenedUserProfile` and falls back to
-   * `getUser` claims if SCIM2 is unavailable.
-   */
   async getUserProfile(sessionId) {
-    const accessToken = await this.getAccessToken(sessionId);
-    const configData = await this.legacy.getConfigData?.();
-    const baseUrl = configData?.baseUrl ?? "";
-    if (configData?.platform === Platform.ThunderIDV2) {
-      const user = await this.getUser(sessionId);
-      return { flattenedProfile: user, profile: user, schemas: [] };
-    }
-    try {
-      const authHeaders = { Authorization: `Bearer ${accessToken}` };
-      const [profile, schemas] = await Promise.all([
-        getScim2Me({ baseUrl, headers: authHeaders }),
-        getSchemas({ baseUrl, headers: authHeaders })
-      ]);
-      const processedSchemas = flattenUserSchema(schemas);
-      return {
-        flattenedProfile: generateFlattenedUserProfile(profile, processedSchemas),
-        profile,
-        schemas: processedSchemas
-      };
-    } catch {
-      const user = await this.getUser(sessionId);
-      return { flattenedProfile: user, profile: user, schemas: [] };
-    }
+    const user = await this.getUser(sessionId);
+    return { flattenedProfile: user, profile: user, schemas: [] };
   }
-  /**
-   * Extracts the current organisation from the decoded ID token.
-   * Returns null when the user is not acting within an organisation.
-   */
   async getCurrentOrganization(sessionId) {
     try {
       const idToken = await this.getDecodedIdToken(sessionId);
@@ -273,65 +152,35 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       return null;
     }
   }
-  /**
-   * Returns the list of organisations the authenticated user is a member of.
-   */
   async getMyOrganizations(sessionId) {
     const accessToken = await this.getAccessToken(sessionId);
-    const configData = await this.legacy.getConfigData?.();
+    const configData = this.getStorageManager().getConfigData();
     const baseUrl = configData?.baseUrl ?? "";
     return getMeOrganizations({
       baseUrl,
       headers: { Authorization: `Bearer ${accessToken}` }
     });
   }
-  /**
-   * Fetches the branding preference for the tenant / application.
-   * Delegates to the standalone `getBrandingPreference` API helper from
-   * `@thunderid/node`, which does not require an authenticated session.
-   */
   // eslint-disable-next-line class-methods-use-this
   async getBrandingPreference(config) {
     return getBrandingPreference(config);
   }
-  /**
-   * Updates the SCIM2 /Me profile for the authenticated user.
-   * Mirrors `ThunderIDNextClient.updateUserProfile`.
-   */
   async updateUserProfile(config, sessionId) {
-    const accessToken = await this.getAccessToken(sessionId);
-    const configData = await this.legacy.getConfigData?.();
-    const baseUrl = configData?.baseUrl ?? "";
-    if (configData?.platform === Platform.ThunderIDV2) {
-      throw new Error("Profile updates are not supported for the ThunderIDV2 (Thunder) platform.");
-    }
-    return updateMeProfile({
-      ...config,
-      // pass-through, includes payload
-      baseUrl,
-      headers: { ...config.headers, Authorization: `Bearer ${accessToken}` }
-    });
+    throw new Error("Profile updates are not supported for the ThunderID platform.");
   }
-  /**
-   * Retrieves all organisations accessible to the authenticated user
-   * (paginated). Mirrors `ThunderIDNextClient.getAllOrganizations`.
-   */
   async getAllOrganizations(options, sessionId) {
     const resolvedSessionId = sessionId ?? "";
     const accessToken = await this.getAccessToken(resolvedSessionId);
-    const configData = await this.legacy.getConfigData?.();
+    const configData = this.getStorageManager().getConfigData();
     const baseUrl = configData?.baseUrl ?? "";
     return getAllOrganizations({
       baseUrl,
       headers: { Authorization: `Bearer ${accessToken}` }
     });
   }
-  /**
-   * Creates a new sub-organisation. Mirrors `ThunderIDNextClient.createOrganization`.
-   */
   async createOrganization(payload, sessionId) {
     const accessToken = await this.getAccessToken(sessionId);
-    const configData = await this.legacy.getConfigData?.();
+    const configData = this.getStorageManager().getConfigData();
     const baseUrl = configData?.baseUrl ?? "";
     return createOrganization({
       baseUrl,
@@ -339,13 +188,9 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       payload
     });
   }
-  /**
-   * Fetches the details of a single organisation by ID.
-   * Mirrors `ThunderIDNextClient.getOrganization`.
-   */
   async getOrganization(organizationId, sessionId) {
     const accessToken = await this.getAccessToken(sessionId);
-    const configData = await this.legacy.getConfigData?.();
+    const configData = this.getStorageManager().getConfigData();
     const baseUrl = configData?.baseUrl ?? "";
     return getOrganization({
       baseUrl,
@@ -353,13 +198,6 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       organizationId
     });
   }
-  /**
-   * Performs an organisation-switch token exchange and returns the new
-   * `TokenResponse`. The caller (the Nitro route) is responsible for
-   * persisting the new session cookie.
-   *
-   * Mirrors `ThunderIDNextClient.switchOrganization`.
-   */
   async switchOrganization(organization, sessionId) {
     if (!organization.id) {
       throw new Error("Organization ID is required for switching organizations.");
@@ -378,7 +216,10 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       returnsSession: true,
       signInRequired: true
     };
-    return this.legacy.exchangeToken(exchangeConfig, sessionId);
+    return this.exchangeToken(exchangeConfig, sessionId);
+  }
+  getStorageManager() {
+    return super.getStorageManager();
   }
 }
 export default ThunderIDNuxtClient;

package/dist/runtime/server/routes/auth/user/profile.patch.js

@@ -1,4 +1,3 @@
-import { Platform } from "@thunderid/node";
 import { defineEventHandler, readBody, createError } from "h3";
 import ThunderIDNuxtClient from "../../../ThunderIDNuxtClient.js";
 import { verifyAndRehydrateSession } from "../../../utils/serverSession.js";
@@ -8,12 +7,6 @@ export default defineEventHandler(
     const config = useRuntimeConfig();
     const sessionSecret = config.thunderid?.sessionSecret;
     const publicConfig = config.public.thunderid;
-    if (publicConfig?.platform === Platform.ThunderIDV2) {
-      throw createError({
-        statusCode: 501,
-        statusMessage: "Profile updates are not supported for the ThunderIDV2 (Thunder) platform."
-      });
-    }
     const session = await verifyAndRehydrateSession(
       event,
       sessionSecret

package/dist/runtime/types.d.ts

@@ -34,10 +34,10 @@ export interface ThunderIDNuxtConfig {
     baseUrl?: string;
     /** OAuth2 Client ID */
     clientId?: string;
-    /** OAuth2 Client Secret (server-only, use ASGARDEO_CLIENT_SECRET env var) */
+    /** OAuth2 Client Secret (server-only, use THUNDERID_CLIENT_SECRET env var) */
     clientSecret?: string;
     /**
-     * Identity platform variant. Set to `Platform.ThunderIDV2` when connecting to
+     * Identity platform variant. Set to `Platform.ThunderID` when connecting to
      * a Thunder (ThunderIDV2) instance. Forwarded to the underlying Node client so
      * platform-specific behaviours (e.g. issuer resolution) apply correctly.
      */
@@ -73,7 +73,7 @@ export interface ThunderIDNuxtConfig {
     };
     /** OAuth2 scopes to request */
     scopes?: string[];
-    /** Secret for signing session JWTs (use ASGARDEO_SESSION_SECRET env var) */
+    /** Secret for signing session JWTs (use THUNDERID_SESSION_SECRET env var) */
     sessionSecret?: string;
     /**
      * Optional override for the redirect-based sign-in URL. Reserved for

package/dist/runtime/utils/log.d.ts

@@ -26,14 +26,14 @@ export declare function maskToken(token: string): string;
 /**
  * Create a namespaced logger for a specific SDK subsystem.
  *
- * Debug output is suppressed unless the `ASGARDEO_DEBUG` environment
+ * Debug output is suppressed unless the `THUNDERID_DEBUG` environment
  * variable is set (any truthy value).
  *
  * @example
  * ```ts
  * const log = createLogger('session');
  * log.info('Session created for', maskToken(accessToken));
- * log.debug('Full payload', payload); // only logged when ASGARDEO_DEBUG=true
+ * log.debug('Full payload', payload); // only logged when THUNDERID_DEBUG=true
  * ```
  */
 export declare function createLogger(subsystem: string): {

package/dist/runtime/utils/log.js

@@ -8,7 +8,7 @@ export function createLogger(subsystem) {
   const tag = `[${PREFIX}:${subsystem}]`;
   return {
     debug: (...args) => {
-      if (process.env["ASGARDEO_DEBUG"]) {
+      if (process.env["THUNDERID_DEBUG"]) {
         console.log(tag, ...args);
       }
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thunderid/nuxt",
-  "version": "0.0.4",
+  "version": "0.1.0",
   "description": "Nuxt SDK for ThunderID",
   "keywords": [
     "thunderid",
@@ -61,22 +61,22 @@
     "directory": "packages/nuxt"
   },
   "dependencies": {
-    "@nuxt/kit": "3.16.2",
+    "@nuxt/kit": "3.21.6",
     "defu": "6.1.5",
     "jose": "5.2.0",
-    "@thunderid/node": "^0.0.5",
-    "@thunderid/vue": "^0.0.4",
-    "@thunderid/browser": "^0.0.4"
+    "@thunderid/node": "^0.1.0",
+    "@thunderid/browser": "^0.1.0",
+    "@thunderid/vue": "^0.1.0"
   },
   "devDependencies": {
-    "@nuxt/devtools": "2.4.0",
+    "@nuxt/devtools": "2.6.4",
     "@nuxt/module-builder": "1.0.1",
-    "@nuxt/schema": "3.16.2",
+    "@nuxt/schema": "3.21.6",
     "@nuxt/test-utils": "3.17.2",
     "@types/node": "24.7.2",
     "eslint": "9.39.4",
     "h3": "1.15.11",
-    "nuxt": "3.16.2",
+    "nuxt": "3.21.6",
     "typescript": "5.9.3",
     "vitest": "4.1.3",
     "@thunderid/eslint-plugin": "^0.0.0",