Server side session

incorbador · incorbador · commit 2b5b4a2a3005 · 2025-08-22T20:44:27.000+02:00
diff --git a/packages/shared-ui/src/flowHandler/blocks/EmailVerifyBlock.ts b/packages/shared-ui/src/flowHandler/blocks/EmailVerifyBlock.ts
@@ -19,7 +19,6 @@ export class EmailVerifyBlock extends Block<BlockDataEmailVerify> {
   readonly type = BlockTypes.EmailVerify;
   readonly initialScreen;
   readonly authType: AuthType;
-  readonly isNewDevice: boolean;
   readonly emailLinkToken?: string;
 
   constructor(
@@ -30,7 +29,6 @@ export class EmailVerifyBlock extends Block<BlockDataEmailVerify> {
     data: GeneralBlockVerifyIdentifier,
     authType: AuthType,
     fromEmailVerifyFromUrl: boolean,
-    isNewDevice: boolean,
     emailLinkToken?: string,
   ) {
     super(app, flowHandler, common, errorTranslator);
@@ -51,7 +49,6 @@ export class EmailVerifyBlock extends Block<BlockDataEmailVerify> {
     }
 
     this.authType = authType;
-    this.isNewDevice = isNewDevice;
     this.emailLinkToken = emailLinkToken;
 
     this.data = {
@@ -71,7 +68,7 @@ export class EmailVerifyBlock extends Block<BlockDataEmailVerify> {
     data: GeneralBlockVerifyIdentifier,
     authType: AuthType,
   ): EmailVerifyBlock {
-    return new EmailVerifyBlock(app, flowHandler, common, translator, data, authType, false, false);
+    return new EmailVerifyBlock(app, flowHandler, common, translator, data, authType, false);
   }
 
   static fromUrl(
@@ -80,7 +77,6 @@ export class EmailVerifyBlock extends Block<BlockDataEmailVerify> {
     translator: ErrorTranslator,
     data: GeneralBlockVerifyIdentifier,
     authType: AuthType,
-    isNewDevice: boolean,
     emailLinkToken: string,
   ): EmailVerifyBlock {
     const emptyCommon: ProcessCommon = {
@@ -90,17 +86,7 @@ export class EmailVerifyBlock extends Block<BlockDataEmailVerify> {
       environment: '',
     };
 
-    return new EmailVerifyBlock(
-      app,
-      flowHandler,
-      emptyCommon,
-      translator,
-      data,
-      authType,
-      true,
-      isNewDevice,
-      emailLinkToken,
-    );
+    return new EmailVerifyBlock(app, flowHandler, emptyCommon, translator, data, authType, true, emailLinkToken);
   }
 
   showEditEmail() {
@@ -163,11 +149,7 @@ export class EmailVerifyBlock extends Block<BlockDataEmailVerify> {
       throw new Error('Email link token is missing');
     }
 
-    const res = await this.app.authProcessService.finishEmailLinkVerification(
-      abortController,
-      this.emailLinkToken,
-      this.isNewDevice,
-    );
+    const res = await this.app.authProcessService.finishEmailLinkVerification(abortController, this.emailLinkToken);
 
     this.updateProcess(res);
 
diff --git a/packages/shared-ui/src/flowHandler/processHandler.ts b/packages/shared-ui/src/flowHandler/processHandler.ts
@@ -198,7 +198,6 @@ export class ProcessHandler {
       this.#errorTranslator,
       emailVerifyFromUrl.data,
       emailVerifyFromUrl.authType,
-      emailVerifyFromUrl.isNewDevice,
       emailVerifyFromUrl.token,
     ) as Block<unknown>;
 
diff --git a/packages/web-core/openapi/spec_v2.yaml b/packages/web-core/openapi/spec_v2.yaml
@@ -33,6 +33,21 @@ tags:
     description: All API calls that are related to a connect process
 
 paths:
+  /v2/process-config:
+    get:
+      summary: Retrieve process configuration
+      description: Retrieves the process configuration settings.
+      operationId: GetProcessConfig
+      tags:
+        - Configs
+      responses:
+        "200":
+          description: Process configuration settings.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/processConfigRsp"
+
   /v2/session-config:
     get:
       summary: Retrieve session configuration
@@ -1169,16 +1184,13 @@ components:
         - code
         - identifierType
         - verificationType
-        - isNewDevice
       properties:
         code:
           type: string
         identifierType:
           $ref: "#/components/schemas/loginIdentifierType"
         verificationType:
           $ref: "#/components/schemas/verificationMethod"
-        isNewDevice:
-          type: boolean
 
     socialVerifyStartReq:
       type: object
@@ -1208,6 +1220,17 @@ components:
         value:
           type: string
 
+    processConfigRsp:
+      type: object
+      required:
+        - useServerSideProcessId
+        - frontendApiUrl
+      properties:
+        useServerSideProcessId:
+          type: boolean
+        frontendApiUrl:
+          type: string
+
     sessionConfigRsp:
       type: object
       required:
diff --git a/packages/web-core/src/api/v2/api.ts b/packages/web-core/src/api/v2/api.ts
@@ -1408,12 +1408,6 @@ export interface IdentifierVerifyFinishReq {
      * @memberof IdentifierVerifyFinishReq
      */
     'verificationType': VerificationMethod;
-    /**
-     * 
-     * @type {boolean}
-     * @memberof IdentifierVerifyFinishReq
-     */
-    'isNewDevice': boolean;
 }
 
 
@@ -2248,6 +2242,25 @@ export interface ProcessCommon {
      */
     'environment': string;
 }
+/**
+ * 
+ * @export
+ * @interface ProcessConfigRsp
+ */
+export interface ProcessConfigRsp {
+    /**
+     * 
+     * @type {boolean}
+     * @memberof ProcessConfigRsp
+     */
+    'useServerSideProcessId': boolean;
+    /**
+     * 
+     * @type {string}
+     * @memberof ProcessConfigRsp
+     */
+    'frontendApiUrl': string;
+}
 /**
  * tbd.
  * @export
@@ -4206,6 +4219,43 @@ export class AuthApi extends BaseAPI {
  */
 export const ConfigsApiAxiosParamCreator = function (configuration?: Configuration) {
     return {
+        /**
+         * Retrieves the process configuration settings.
+         * @summary Retrieve process configuration
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        getProcessConfig: async (options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/v2/process-config`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'GET', ...baseOptions, ...options};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication bearerAuth required
+            // http bearer authentication required
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
+
+            // authentication projectID required
+            await setApiKeyToObject(localVarHeaderParameter, "X-Corbado-ProjectID", configuration)
+
+
+    
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                options: localVarRequestOptions,
+            };
+        },
         /**
          * Retrieves the session configuration settings.
          * @summary Retrieve session configuration
@@ -4290,6 +4340,16 @@ export const ConfigsApiAxiosParamCreator = function (configuration?: Configurati
 export const ConfigsApiFp = function(configuration?: Configuration) {
     const localVarAxiosParamCreator = ConfigsApiAxiosParamCreator(configuration)
     return {
+        /**
+         * Retrieves the process configuration settings.
+         * @summary Retrieve process configuration
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        async getProcessConfig(options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<ProcessConfigRsp>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.getProcessConfig(options);
+            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
+        },
         /**
          * Retrieves the session configuration settings.
          * @summary Retrieve session configuration
@@ -4320,6 +4380,15 @@ export const ConfigsApiFp = function(configuration?: Configuration) {
 export const ConfigsApiFactory = function (configuration?: Configuration, basePath?: string, axios?: AxiosInstance) {
     const localVarFp = ConfigsApiFp(configuration)
     return {
+        /**
+         * Retrieves the process configuration settings.
+         * @summary Retrieve process configuration
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        getProcessConfig(options?: any): AxiosPromise<ProcessConfigRsp> {
+            return localVarFp.getProcessConfig(options).then((request) => request(axios, basePath));
+        },
         /**
          * Retrieves the session configuration settings.
          * @summary Retrieve session configuration
@@ -4348,6 +4417,17 @@ export const ConfigsApiFactory = function (configuration?: Configuration, basePa
  * @extends {BaseAPI}
  */
 export class ConfigsApi extends BaseAPI {
+    /**
+     * Retrieves the process configuration settings.
+     * @summary Retrieve process configuration
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof ConfigsApi
+     */
+    public getProcessConfig(options?: AxiosRequestConfig) {
+        return ConfigsApiFp(this.configuration).getProcessConfig(options).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * Retrieves the session configuration settings.
      * @summary Retrieve session configuration
diff --git a/packages/web-core/src/models/authProcess.ts b/packages/web-core/src/models/authProcess.ts
@@ -47,3 +47,21 @@ export class AuthProcess {
     localStorage.removeItem(getStorageKey(projectId));
   }
 }
+
+export class TempAuthProcess {
+  readonly id: string;
+  readonly projectId: string;
+  readonly frontendApiUrl: string;
+  readonly expiresAt: number;
+
+  constructor(id: string, projectId: string, expiresAt: number, frontendApiUrl: string) {
+    this.id = id;
+    this.projectId = projectId;
+    this.expiresAt = expiresAt;
+    this.frontendApiUrl = frontendApiUrl;
+  }
+
+  isValid(): boolean {
+    return this.expiresAt > Date.now() / 1000;
+  }
+}
diff --git a/packages/web-core/src/models/emailVerifyFromUrl.ts b/packages/web-core/src/models/emailVerifyFromUrl.ts
@@ -1,7 +1,6 @@
 import type { GeneralBlockVerifyIdentifier, VerificationMethod } from '../api';
-import { BlockType } from '../api';
-import { AuthType } from '../api';
-import { AuthProcess } from './authProcess';
+import { AuthType, BlockType } from '../api';
+import { TempAuthProcess } from './authProcess';
 
 type EmailVerifyFromUrlData = {
   blockData: {
@@ -12,7 +11,7 @@ type EmailVerifyFromUrlData = {
   };
   authType: number;
   process: {
-    id: string;
+    tempId: string;
     projectId: string;
     expires: number;
     frontendApiUrl: string;
@@ -22,26 +21,17 @@ type EmailVerifyFromUrlData = {
 export class EmailVerifyFromUrl {
   data: GeneralBlockVerifyIdentifier;
   token: string;
-  isNewDevice: boolean;
-  process: AuthProcess;
+  process: TempAuthProcess;
   authType: AuthType;
 
-  constructor(
-    data: GeneralBlockVerifyIdentifier,
-    token: string,
-    isNewDevice: boolean,
-    process: AuthProcess,
-    authType: AuthType,
-  ) {
+  constructor(data: GeneralBlockVerifyIdentifier, token: string, process: TempAuthProcess, authType: AuthType) {
     this.data = data;
     this.token = token;
-    this.isNewDevice = isNewDevice;
     this.process = process;
     this.authType = authType;
   }
 
-  static fromURL(encodedProcess: string, token: string, existingProcess: AuthProcess | undefined): EmailVerifyFromUrl {
-    console.log('maybeProcess', encodedProcess, existingProcess);
+  static fromURL(encodedProcess: string, token: string): EmailVerifyFromUrl {
     const decoded = JSON.parse(atob(encodedProcess)) as EmailVerifyFromUrlData;
     const process = decoded.process;
 
@@ -54,16 +44,20 @@ export class EmailVerifyFromUrl {
       blockType: BlockType.EmailVerify,
     };
 
-    const isNewDevice = existingProcess?.id !== process.id;
     let authType: AuthType;
     if (decoded.authType === 0) {
       authType = AuthType.Login;
     } else {
       authType = AuthType.Signup;
     }
 
-    const authProcess = new AuthProcess(process.id, process.projectId, process.expires, process.frontendApiUrl);
+    const tempAuthProcess = new TempAuthProcess(
+      process.tempId,
+      process.projectId,
+      process.expires,
+      process.frontendApiUrl,
+    );
 
-    return new EmailVerifyFromUrl(data, token, isNewDevice, authProcess, authType);
+    return new EmailVerifyFromUrl(data, token, tempAuthProcess, authType);
   }
 }
diff --git a/packages/web-core/src/services/ProcessService.ts b/packages/web-core/src/services/ProcessService.ts
diff --git a/playground/react/.env b/playground/react/.env
diff --git a/playground/react/vite.config.ts b/playground/react/vite.config.ts
