@thunderid/nuxt 0.1.0 → 0.2.0

package/README.md

@@ -1,6 +1,7 @@
 ![ThunderID Nuxt SDK](https://raw.githubusercontent.com/thunder-id/thunderid/refs/heads/main/docs/static/assets/images/readme/repo-banner-nuxt-sdk.png)
 
-Nuxt SDK for ThunderID. Provides authentication for Nuxt 3 applications with support for SSR, server routes, and composables.
+Nuxt SDK for ThunderID. Provides authentication for Nuxt 3 applications with support for SSR, server routes, and
+composables.
 
 ## Installation
 

package/dist/module.d.mts

@@ -19,7 +19,7 @@ declare module '@nuxt/schema' {
             clientId: string;
             platform?: ThunderIDNuxtConfig['platform'];
             preferences?: ThunderIDNuxtConfig['preferences'];
-            scopes: string[];
+            scopes: string | string[];
             signInUrl?: string;
             signUpUrl?: string;
         };

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "configKey": "thunderid",
   "name": "@thunderid/nuxt",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "builder": {
     "@nuxt/module-builder": "1.0.1",
     "unbuild": "unknown"

package/dist/module.mjs

@@ -13,13 +13,13 @@ const module$1 = defineNuxtModule({
     const publicConfig = defu(
       // Layer 1: environment variables — only win when actually set
       {
-        afterSignInUrl: process.env["NUXT_PUBLIC_THUNDERID_AFTER_SIGN_IN_URL"],
-        afterSignOutUrl: process.env["NUXT_PUBLIC_THUNDERID_AFTER_SIGN_OUT_URL"],
-        applicationId: process.env["NUXT_PUBLIC_THUNDERID_APPLICATION_ID"],
-        baseUrl: process.env["NUXT_PUBLIC_THUNDERID_BASE_URL"],
-        clientId: process.env["NUXT_PUBLIC_THUNDERID_CLIENT_ID"],
-        signInUrl: process.env["NUXT_PUBLIC_THUNDERID_SIGN_IN_URL"],
-        signUpUrl: process.env["NUXT_PUBLIC_THUNDERID_SIGN_UP_URL"]
+        afterSignInUrl: process.env.NUXT_PUBLIC_THUNDERID_AFTER_SIGN_IN_URL,
+        afterSignOutUrl: process.env.NUXT_PUBLIC_THUNDERID_AFTER_SIGN_OUT_URL,
+        applicationId: process.env.NUXT_PUBLIC_THUNDERID_APPLICATION_ID,
+        baseUrl: process.env.NUXT_PUBLIC_THUNDERID_BASE_URL,
+        clientId: process.env.NUXT_PUBLIC_THUNDERID_CLIENT_ID,
+        signInUrl: process.env.NUXT_PUBLIC_THUNDERID_SIGN_IN_URL,
+        signUpUrl: process.env.NUXT_PUBLIC_THUNDERID_SIGN_UP_URL
       },
       // Layer 2: nuxt.config.ts options
       userOptions,
@@ -31,8 +31,8 @@ const module$1 = defineNuxtModule({
       }
     );
     const privateConfig = {
-      clientSecret: process.env["THUNDERID_CLIENT_SECRET"] || userOptions.clientSecret || "",
-      sessionSecret: process.env["THUNDERID_SESSION_SECRET"] || userOptions.sessionSecret || ""
+      clientSecret: process.env.THUNDERID_CLIENT_SECRET || userOptions.clientSecret || "",
+      sessionSecret: process.env.THUNDERID_SESSION_SECRET || userOptions.sessionSecret || ""
     };
     const { options } = nuxt;
     options.runtimeConfig.thunderid = defu(
@@ -56,14 +56,14 @@ const module$1 = defineNuxtModule({
       }
     );
     const publicThunderID = options.runtimeConfig.public.thunderid;
-    if (publicThunderID?.["clientSecret"]) {
-      delete publicThunderID["clientSecret"];
+    if (publicThunderID?.clientSecret) {
+      delete publicThunderID.clientSecret;
       console.error(
         `[${PACKAGE_NAME}] SECURITY: clientSecret found in public config. Removed. Use THUNDERID_CLIENT_SECRET env var.`
       );
     }
-    if (publicThunderID?.["sessionSecret"]) {
-      delete publicThunderID["sessionSecret"];
+    if (publicThunderID?.sessionSecret) {
+      delete publicThunderID.sessionSecret;
       console.error(
         `[${PACKAGE_NAME}] SECURITY: sessionSecret found in public config. Removed. Use THUNDERID_SESSION_SECRET env var.`
       );

package/dist/runtime/components/ThunderIDRoot.js

@@ -141,7 +141,7 @@ const ThunderIDRoot = defineComponent({
                               revalidateMyOrganizations: shouldFetchOrgs ? revalidateMyOrganizations : void 0
                             },
                             {
-                              default: () => slots["default"]?.()
+                              default: () => slots.default?.()
                             }
                           )
                         }

package/dist/runtime/components/actions/SignInButton.js

@@ -1,7 +1,7 @@
+import { navigateTo } from "#app";
 import { ThunderIDRuntimeError } from "@thunderid/browser";
 import { BaseSignInButton } from "@thunderid/vue";
 import { defineComponent, h, ref } from "vue";
-import { navigateTo } from "#app";
 import { useThunderID } from "#imports";
 const SignInButton = defineComponent({
   emits: ["click", "error"],
@@ -34,14 +34,14 @@ const SignInButton = defineComponent({
       }
     };
     return () => {
-      const slotContent = slots["default"] ? () => slots["default"]({ isLoading: isLoading.value }) : void 0;
+      const slotContent = slots.default ? () => slots.default({ isLoading: isLoading.value }) : void 0;
       return h(
         BaseSignInButton,
         {
-          class: attrs["class"],
+          class: attrs.class,
           isLoading: isLoading.value,
           onClick: handleSignIn,
-          style: attrs["style"]
+          style: attrs.style
         },
         slotContent
       );

package/dist/runtime/components/actions/SignOutButton.js

@@ -26,14 +26,14 @@ const SignOutButton = defineComponent({
       }
     };
     return () => {
-      const slotContent = slots["default"] ? () => slots["default"]({ isLoading: isLoading.value }) : void 0;
+      const slotContent = slots.default ? () => slots.default({ isLoading: isLoading.value }) : void 0;
       return h(
         BaseSignOutButton,
         {
-          class: attrs["class"],
+          class: attrs.class,
           isLoading: isLoading.value,
           onClick: handleSignOut,
-          style: attrs["style"]
+          style: attrs.style
         },
         slotContent
       );

package/dist/runtime/components/actions/SignUpButton.js

@@ -1,7 +1,7 @@
+import { navigateTo } from "#app";
 import { ThunderIDRuntimeError } from "@thunderid/browser";
 import { BaseSignUpButton } from "@thunderid/vue";
 import { defineComponent, h, ref } from "vue";
-import { navigateTo } from "#app";
 import { useThunderID } from "#imports";
 const SignUpButton = defineComponent({
   emits: ["click", "error"],
@@ -31,14 +31,14 @@ const SignUpButton = defineComponent({
       }
     };
     return () => {
-      const slotContent = slots["default"] ? () => slots["default"]({ isLoading: isLoading.value }) : void 0;
+      const slotContent = slots.default ? () => slots.default({ isLoading: isLoading.value }) : void 0;
       return h(
         BaseSignUpButton,
         {
-          class: attrs["class"],
+          class: attrs.class,
           isLoading: isLoading.value,
           onClick: handleSignUp,
-          style: attrs["style"]
+          style: attrs.style
         },
         slotContent
       );

package/dist/runtime/components/auth/Callback.js

@@ -1,5 +1,5 @@
-import { defineComponent, onMounted } from "vue";
 import { navigateTo } from "#app";
+import { defineComponent, onMounted } from "vue";
 const error = (msg, ...args) => {
   console.error(`[@thunderid/nuxt] Callback: ${msg}`, ...args);
 };

package/dist/runtime/components/auth/SignIn.js

@@ -1,6 +1,6 @@
+import { navigateTo } from "#app";
 import { BaseSignIn } from "@thunderid/vue";
 import { defineComponent, h } from "vue";
-import { navigateTo } from "#app";
 import { useThunderID } from "#imports";
 const SignIn = defineComponent({
   emits: ["error", "success"],

package/dist/runtime/components/auth/SignUp.js

@@ -1,10 +1,10 @@
+import { navigateTo } from "#app";
 import {
   EmbeddedFlowResponseType,
   EmbeddedFlowType
 } from "@thunderid/browser";
 import { BaseSignUp } from "@thunderid/vue";
 import { defineComponent, h } from "vue";
-import { navigateTo } from "#app";
 import { useThunderID } from "#imports";
 const SignUp = defineComponent({
   name: "SignUp",
@@ -24,7 +24,7 @@ const SignUp = defineComponent({
     variant: { default: "outlined", type: String }
   },
   setup(props, { slots }) {
-    const { signUp, isInitialized, applicationId } = useThunderID();
+    const { signUp, isInitialized, applicationId, scopes } = useThunderID();
     const handleInitialize = async (payload) => {
       let applicationIdFromUrl = null;
       if (import.meta.client) {
@@ -34,7 +34,8 @@ const SignUp = defineComponent({
       const effectiveApplicationId = applicationId || applicationIdFromUrl || void 0;
       const initialPayload = payload || {
         flowType: EmbeddedFlowType.Registration,
-        ...effectiveApplicationId && { applicationId: effectiveApplicationId }
+        ...effectiveApplicationId && { applicationId: effectiveApplicationId },
+        ...scopes && { scopes }
       };
       return await signUp(initialPayload);
     };
@@ -46,7 +47,7 @@ const SignUp = defineComponent({
         await navigateTo(oauthRedirectUrl, { external: true });
         return;
       }
-      if (props.shouldRedirectAfterSignUp && response?.type !== EmbeddedFlowResponseType.Redirection && props.afterSignUpUrl) {
+      if (props.shouldRedirectAfterSignUp && response?.type !== EmbeddedFlowResponseType.Redirection && props.afterSignUpUrl && !response?.assertion) {
         await navigateTo(props.afterSignUpUrl, { external: true });
       }
       if (props.shouldRedirectAfterSignUp && response?.type === EmbeddedFlowResponseType.Redirection && response?.data?.redirectURL && !response.data.redirectURL.includes("oauth") && !response.data.redirectURL.includes("auth")) {
@@ -72,7 +73,7 @@ const SignUp = defineComponent({
         size: props.size,
         variant: props.variant
       },
-      slots["default"] ? { default: (renderProps) => slots["default"](renderProps) } : void 0
+      slots.default ? { default: (renderProps) => slots.default(renderProps) } : void 0
     );
   }
 });

package/dist/runtime/components/control/Loading.js

@@ -6,10 +6,10 @@ const Loading = defineComponent({
     const { isLoading } = useThunderID();
     return () => {
       if (!isLoading.value) {
-        const fallback = slots["fallback"]?.();
+        const fallback = slots.fallback?.();
         return fallback ? h(Fragment, {}, fallback) : null;
       }
-      const content = slots["default"]?.();
+      const content = slots.default?.();
       return content ? h(Fragment, {}, content) : null;
     };
   }

package/dist/runtime/components/control/SignedIn.js

@@ -6,10 +6,10 @@ const SignedIn = defineComponent({
     const { isSignedIn } = useThunderID();
     return () => {
       if (!isSignedIn.value) {
-        const fallback = slots["fallback"]?.();
+        const fallback = slots.fallback?.();
         return fallback ? h(Fragment, {}, fallback) : null;
       }
-      const content = slots["default"]?.();
+      const content = slots.default?.();
       return content ? h(Fragment, {}, content) : null;
     };
   }

package/dist/runtime/components/control/SignedOut.js

@@ -6,10 +6,10 @@ const SignedOut = defineComponent({
     const { isSignedIn } = useThunderID();
     return () => {
       if (isSignedIn.value) {
-        const fallback = slots["fallback"]?.();
+        const fallback = slots.fallback?.();
         return fallback ? h(Fragment, {}, fallback) : null;
       }
-      const content = slots["default"]?.();
+      const content = slots.default?.();
       return content ? h(Fragment, {}, content) : null;
     };
   }

package/dist/runtime/components/organization/Organization.js

@@ -6,10 +6,10 @@ const Organization = defineComponent({
     const { currentOrganization } = useOrganization();
     return () => {
       if (!currentOrganization?.value) {
-        const fallback = slots["fallback"]?.();
+        const fallback = slots.fallback?.();
         return fallback ? h(Fragment, {}, fallback) : null;
       }
-      const content = slots["default"]?.({ organization: currentOrganization.value });
+      const content = slots.default?.({ organization: currentOrganization.value });
       return content ? h(Fragment, {}, content) : null;
     };
   }

package/dist/runtime/components/user/User.js

@@ -6,10 +6,10 @@ const User = defineComponent({
     const { user } = useThunderID();
     return () => {
       if (!user.value) {
-        const fallback = slots["fallback"]?.();
+        const fallback = slots.fallback?.();
         return fallback ? h(Fragment, {}, fallback) : null;
       }
-      const content = slots["default"]?.({ user: user.value });
+      const content = slots.default?.({ user: user.value });
       return content ? h(Fragment, {}, content) : null;
     };
   }

package/dist/runtime/composables/useThunderID.js

@@ -1,6 +1,6 @@
+import { navigateTo, useState, useRuntimeConfig } from "#app";
 import { EmbeddedSignInFlowStatus, getRedirectBasedSignUpUrl } from "@thunderid/browser";
 import { useThunderID as useThunderIDVue } from "@thunderid/vue";
-import { navigateTo, useState, useRuntimeConfig } from "#app";
 export function useThunderID() {
   const context = useThunderIDVue();
   const signIn = async (...args) => {
@@ -30,7 +30,7 @@ export function useThunderID() {
       return res.data;
     }
     const options = arg0;
-    const returnTo = typeof options?.["returnTo"] === "string" ? options["returnTo"] : void 0;
+    const returnTo = typeof options?.returnTo === "string" ? options.returnTo : void 0;
     const url = returnTo ? `/api/auth/signin?returnTo=${encodeURIComponent(returnTo)}` : "/api/auth/signin";
     await navigateTo(url, { external: true });
     return void 0;

package/dist/runtime/middleware/defineThunderIDMiddleware.js

@@ -9,11 +9,11 @@ export function defineThunderIDMiddleware(options = {}) {
       return navigateTo(`${redirectTo}?returnTo=${returnTo}`, { external: true });
     }
     const user = authState.value.user;
-    if (requireOrganization && !user?.["organizationId"]) {
+    if (requireOrganization && !user?.organizationId) {
       return navigateTo(redirectTo, { external: true });
     }
     if (requireScopes.length > 0) {
-      const sessionScopes = String(user?.["scopes"] ?? "").split(" ");
+      const sessionScopes = String(user?.scopes ?? "").split(" ");
       const hasAllScopes = requireScopes.every((s) => sessionScopes.includes(s));
       if (!hasAllScopes) {
         return navigateTo(redirectTo, { external: true });

package/dist/runtime/plugins/thunderid.js

@@ -1,8 +1,8 @@
+import { defineNuxtPlugin, useState, useRequestEvent, useRuntimeConfig, navigateTo } from "#app";
 import { getRedirectBasedSignUpUrl } from "@thunderid/browser";
 import { ThunderIDPlugin, THUNDERID_KEY } from "@thunderid/vue";
 import { computed } from "vue";
 import ThunderIDRoot from "../components/ThunderIDRoot.js";
-import { defineNuxtPlugin, useState, useRequestEvent, useRuntimeConfig, navigateTo } from "#app";
 export default defineNuxtPlugin((nuxtApp) => {
   const publicConfig = useRuntimeConfig().public.thunderid;
   if (import.meta.client && import.meta.dev) {
@@ -46,7 +46,7 @@ export default defineNuxtPlugin((nuxtApp) => {
           user: ssrContext.session?.sub ? { sub: ssrContext.session.sub } : null
         };
       } else {
-        const legacyAuth = event?.context?.["__thunderidAuth"];
+        const legacyAuth = event?.context?.__thunderidAuth;
         authState.value = legacyAuth ?? { isLoading: false, isSignedIn: false, user: null };
       }
     }
@@ -60,7 +60,7 @@ export default defineNuxtPlugin((nuxtApp) => {
   const user = computed(() => authState.value.user ?? null);
   const organizationRef = computed(() => currentOrgState.value);
   const signIn = async (options) => {
-    const returnTo = typeof options?.["returnTo"] === "string" ? options["returnTo"] : void 0;
+    const returnTo = typeof options?.returnTo === "string" ? options.returnTo : void 0;
     const url = returnTo ? `/api/auth/signin?returnTo=${encodeURIComponent(returnTo)}` : "/api/auth/signin";
     await navigateTo(url, { external: true });
   };
@@ -112,6 +112,7 @@ export default defineNuxtPlugin((nuxtApp) => {
     organizationHandle: publicConfig.organizationHandle,
     platform: void 0,
     reInitialize: async () => false,
+    scopes: publicConfig.scopes,
     signIn,
     signInOptions: void 0,
     signInSilently: noop,

package/dist/runtime/server/ThunderIDNuxtClient.js

@@ -69,16 +69,15 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
     if (typeof arg0 === "object" && arg0 !== null && "flowId" in arg0) {
       const sessionId = args[2];
       if (arg0.flowId === "") {
-        return this.getSignInUrl(
-          { client_secret: "{{clientSecret}}", response_mode: "direct" },
-          sessionId
-        ).then((authorizeUrl) => {
-          const url = new URL(authorizeUrl);
-          return initializeEmbeddedSignInFlow({
-            payload: Object.fromEntries(url.searchParams.entries()),
-            url: `${url.origin}${url.pathname}`
-          });
-        });
+        return this.getSignInUrl({ client_secret: "{{clientSecret}}", response_mode: "direct" }, sessionId).then(
+          (authorizeUrl) => {
+            const url = new URL(authorizeUrl);
+            return initializeEmbeddedSignInFlow({
+              payload: Object.fromEntries(url.searchParams.entries()),
+              url: `${url.origin}${url.pathname}`
+            });
+          }
+        );
       }
       const request = args[1] ?? {};
       return executeEmbeddedSignInFlow({
@@ -161,7 +160,6 @@ class ThunderIDNuxtClient extends ThunderIDNodeClient {
       headers: { Authorization: `Bearer ${accessToken}` }
     });
   }
-  // eslint-disable-next-line class-methods-use-this
   async getBrandingPreference(config) {
     return getBrandingPreference(config);
   }

package/dist/runtime/server/plugins/thunderid-ssr.js

@@ -23,9 +23,9 @@ export default defineNitroPlugin((nitro) => {
         );
         return;
       }
-      const sessionSecret2 = process.env["THUNDERID_SESSION_SECRET"] || privateConfig?.sessionSecret;
+      const sessionSecret2 = process.env.THUNDERID_SESSION_SECRET || privateConfig?.sessionSecret;
       if (!sessionSecret2) {
-        if (process.env["NODE_ENV"] === "production") {
+        if (process.env.NODE_ENV === "production") {
           log.error(
             "THUNDERID_SESSION_SECRET is required in production. Set it to a secure random string of at least 32 characters. Refusing to initialize ThunderID client."
           );
@@ -58,7 +58,7 @@ export default defineNitroPlugin((nitro) => {
     const config = useRuntimeConfig(event);
     const publicConfig = config.public.thunderid;
     const prefs = publicConfig?.preferences;
-    const sessionSecret = process.env["THUNDERID_SESSION_SECRET"] || config.thunderid?.sessionSecret;
+    const sessionSecret = process.env.THUNDERID_SESSION_SECRET || config.thunderid?.sessionSecret;
     const session = await verifyAndRehydrateSession(
       event,
       sessionSecret
@@ -77,7 +77,7 @@ export default defineNitroPlugin((nitro) => {
         const idToken = await client.getDecodedIdToken(
           session.sessionId
         );
-        if (idToken?.["user_org"]) {
+        if (idToken?.user_org) {
           resolvedBaseUrl = `${baseUrl}/o`;
         }
       }
@@ -130,6 +130,6 @@ export default defineNitroPlugin((nitro) => {
       isSignedIn: true,
       user: ssrData.user
     };
-    eventContext["__thunderidAuth"] = authState;
+    eventContext.__thunderidAuth = authState;
   });
 });

package/dist/runtime/server/routes/auth/branding/branding.get.js

@@ -21,7 +21,7 @@ export default defineEventHandler(async (event) => {
         const idToken = await client.getDecodedIdToken(
           session.sessionId
         );
-        if (idToken?.["user_org"]) {
+        if (idToken?.user_org) {
           resolvedBaseUrl = `${baseUrl}/o`;
         }
       }

package/dist/runtime/server/routes/auth/session/callback.get.js

@@ -12,11 +12,11 @@ export default defineEventHandler(async (event) => {
   const sessionSecret = config.thunderid?.sessionSecret;
   const publicConfig = config.public.thunderid;
   const query = getQuery(event);
-  const code = query["code"];
-  const state = query["state"];
-  const sessionState = query["session_state"];
-  const error = query["error"];
-  const errorDescription = query["error_description"];
+  const code = query.code;
+  const state = query.state;
+  const sessionState = query.session_state;
+  const error = query.error;
+  const errorDescription = query.error_description;
   if (error) {
     throw createError({
       statusCode: 400,

package/dist/runtime/server/routes/auth/session/signin.get.js

@@ -8,7 +8,7 @@ export default defineEventHandler(async (event) => {
   const config = useRuntimeConfig();
   const sessionSecret = config.thunderid?.sessionSecret;
   const query = getQuery(event);
-  const returnTo = query["returnTo"];
+  const returnTo = query.returnTo;
   const safeReturnTo = returnTo && returnTo.startsWith("/") && !returnTo.startsWith("//") ? returnTo : void 0;
   const sessionId = generateSessionId();
   const tempToken = await createTempSessionToken(sessionId, sessionSecret, safeReturnTo);

package/dist/runtime/server/utils/session.d.ts

@@ -61,13 +61,13 @@ export declare function getTempSessionCookieName(): string;
 /**
  * Session cookie options.
  */
-type SessionCookieOptions = {
+interface SessionCookieOptions {
     httpOnly: boolean;
     maxAge: number;
     path: string;
     sameSite: 'lax';
     secure: boolean;
-};
+}
 export declare function getSessionCookieOptions(): SessionCookieOptions;
 /**
  * Temp session cookie options (15 min TTL).

package/dist/runtime/server/utils/session.js

@@ -3,9 +3,9 @@ import { setCookie } from "h3";
 import { SignJWT, jwtVerify } from "jose";
 const DEFAULT_EXPIRY_SECONDS = 3600;
 function getSecret(sessionSecret) {
-  const secret = sessionSecret || process.env["THUNDERID_SESSION_SECRET"];
+  const secret = sessionSecret || process.env.THUNDERID_SESSION_SECRET;
   if (!secret) {
-    if (process.env["NODE_ENV"] === "production") {
+    if (process.env.NODE_ENV === "production") {
       throw new Error(
         "[thunderid] THUNDERID_SESSION_SECRET environment variable is required in production. Set it to a secure random string of at least 32 characters."
       );
@@ -37,7 +37,7 @@ export async function createTempSessionToken(sessionId, sessionSecret, returnTo)
     type: "temp"
   };
   if (returnTo) {
-    payload["returnTo"] = returnTo;
+    payload.returnTo = returnTo;
   }
   return new SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime("15m").sign(secret);
 }
@@ -49,12 +49,12 @@ export async function verifySessionToken(token, sessionSecret) {
 export async function verifyTempSessionToken(token, sessionSecret) {
   const secret = getSecret(sessionSecret);
   const { payload } = await jwtVerify(token, secret);
-  if (payload["type"] !== "temp") {
+  if (payload.type !== "temp") {
     throw new Error("Invalid token type: expected temp session");
   }
   return {
-    returnTo: payload["returnTo"],
-    sessionId: payload["sessionId"]
+    returnTo: payload.returnTo,
+    sessionId: payload.sessionId
   };
 }
 export function getSessionCookieName() {
@@ -69,7 +69,7 @@ export function getSessionCookieOptions() {
     maxAge: DEFAULT_EXPIRY_SECONDS,
     path: "/",
     sameSite: "lax",
-    secure: process.env["NODE_ENV"] === "production"
+    secure: process.env.NODE_ENV === "production"
   };
 }
 export function getTempSessionCookieOptions() {
@@ -78,7 +78,7 @@ export function getTempSessionCookieOptions() {
     maxAge: 15 * 60,
     path: "/",
     sameSite: "lax",
-    secure: process.env["NODE_ENV"] === "production"
+    secure: process.env.NODE_ENV === "production"
   };
 }
 export async function issueSessionCookie(event, sessionId, tokenResponse, sessionSecret) {
@@ -86,7 +86,7 @@ export async function issueSessionCookie(event, sessionId, tokenResponse, sessio
   const client = ThunderIDNuxtClient.getInstance();
   const idToken = await client.getDecodedIdToken(sessionId, tokenResponse.idToken);
   const userId = idToken.sub || sessionId;
-  const organizationId = idToken["user_org"] || idToken["organization_id"];
+  const organizationId = idToken.user_org || idToken.organization_id;
   const expiresInSeconds = parseInt(tokenResponse.expiresIn ?? "3600", 10);
   const accessTokenExpiresAt = Math.floor(Date.now() / 1e3) + (Number.isFinite(expiresInSeconds) ? expiresInSeconds : 3600);
   const sessionToken = await createSessionToken(

package/dist/runtime/types.d.ts

@@ -30,7 +30,7 @@ export interface ThunderIDNuxtConfig {
      * URL when present. Mirrors `applicationId` in the React/Next.js SDKs.
      */
     applicationId?: string;
-    /** Base URL of the ThunderID org tenant (e.g. https://api.asgardeo.io/t/your_org) */
+    /** Base URL of the ThunderID org tenant (e.g. https://localhost:8090) */
     baseUrl?: string;
     /** OAuth2 Client ID */
     clientId?: string;
@@ -72,7 +72,7 @@ export interface ThunderIDNuxtConfig {
         };
     };
     /** OAuth2 scopes to request */
-    scopes?: string[];
+    scopes?: string | string[];
     /** Secret for signing session JWTs (use THUNDERID_SESSION_SECRET env var) */
     sessionSecret?: string;
     /**

package/dist/runtime/utils/log.js

@@ -8,7 +8,7 @@ export function createLogger(subsystem) {
   const tag = `[${PREFIX}:${subsystem}]`;
   return {
     debug: (...args) => {
-      if (process.env["THUNDERID_DEBUG"]) {
+      if (process.env.THUNDERID_DEBUG) {
         console.log(tag, ...args);
       }
     },

package/dist/runtime/utils/url-validation.js

@@ -1,5 +1,5 @@
-import { ThunderIDError } from "../errors/thunderid-error.js";
 import { ErrorCode } from "../errors/error-codes.js";
+import { ThunderIDError } from "../errors/thunderid-error.js";
 export function validateReturnUrl(url) {
   if (typeof url !== "string" || url.trim() === "") {
     throw new ThunderIDError("returnTo must be a non-empty string.", ErrorCode.OpenRedirectBlocked, { statusCode: 400 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thunderid/nuxt",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Nuxt SDK for ThunderID",
   "keywords": [
     "thunderid",
@@ -61,24 +61,24 @@
     "directory": "packages/nuxt"
   },
   "dependencies": {
-    "@nuxt/kit": "3.21.6",
+    "@nuxt/kit": "3.21.7",
     "defu": "6.1.5",
     "jose": "5.2.0",
-    "@thunderid/node": "^0.1.0",
-    "@thunderid/browser": "^0.1.0",
-    "@thunderid/vue": "^0.1.0"
+    "@thunderid/node": "^0.2.0",
+    "@thunderid/vue": "^0.3.0",
+    "@thunderid/browser": "^0.3.0"
   },
   "devDependencies": {
     "@nuxt/devtools": "2.6.4",
     "@nuxt/module-builder": "1.0.1",
-    "@nuxt/schema": "3.21.6",
+    "@nuxt/schema": "3.21.7",
     "@nuxt/test-utils": "3.17.2",
     "@types/node": "24.7.2",
     "eslint": "9.39.4",
     "h3": "1.15.11",
-    "nuxt": "3.21.6",
+    "nuxt": "3.21.7",
     "typescript": "5.9.3",
-    "vitest": "4.1.3",
+    "vitest": "4.1.8",
     "@thunderid/eslint-plugin": "^0.0.0",
     "@thunderid/prettier-config": "^0.0.0"
   },
@@ -91,6 +91,9 @@
   },
   "scripts": {
     "build": "nuxt module-build prepare && nuxt module-build build",
+    "clean": "pnpm clean:dist && pnpm clean:node_modules",
+    "clean:dist": "rimraf dist .nuxt",
+    "clean:node_modules": "rimraf node_modules",
     "format:check": "prettier --check --cache .",
     "format:fix": "prettier --write --cache .",
     "lint": "nuxt prepare && eslint .",