Purpose

This pull request introduces a comprehensive logging utility and updates session management functionality across multiple packages. The most significant changes include adding a universal logger utility, enhancing session validation and management, and improving error handling in session-dependent methods.

Logging Utility Enhancements:

• Documentation for Logger Utility: Added detailed documentation in docs/developer/LOGGER.md outlining features, usage examples, and real-world applications for the new logging utility.
• Logger Exports: Introduced logger-related exports in packages/javascript/src/index.ts, including logger, createLogger, createComponentLogger, and LogLevel.
• Logger Unit Tests: Added comprehensive unit tests for the logger utility in packages/javascript/src/utils/__tests__/logger.test.ts to verify logging behavior, log levels, and custom configurations.

Session Management Enhancements:

• Improved Session Validation: Enhanced session validation in packages/nextjs/src/middleware/asgardeoMiddleware.ts to support JWT-based sessions alongside legacy session formats. Deprecated the legacy session validation function. [1] [2]
• Session Payload Integration: Updated packages/nextjs/src/server/AsgardeoProvider.tsx to prioritize JWT-based session payloads for authentication and organization handling, with fallbacks for legacy session IDs. [1] [2]

Error Handling Improvements:

• Access Token Retrieval: Added error handling in packages/nextjs/src/AsgardeoNextClient.ts to reject requests without a session ID and propagate errors during token retrieval.
• Organization Fetching: Improved error handling in packages/nextjs/src/server/actions/getMyOrganizations.ts to validate session ID and access token availability before proceeding with organization data retrieval.

Dependency Updates:

• Added jose Library: Included the jose library in packages/nextjs/package.json to support JWT operations.

Related Issues

• chore: stabilize @asgardeo/react & @asgardeo/nextjs #81

Related PRs

• N/A

Checklist

• e2e cypress tests locally verified.
• Manual test round performed and verified.
• UX/UI review done on the final implementation.
• Documentation provided. (Add links if there are any)
• Unit tests provided. (Add links if there are any)
• Integration tests provided. (Add links if there are any)

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines?
• Ran FindSecurityBugs plugin and verified report?
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets?