Fix the ID Token Validation issues due to invalid Issuer configured in the SDK

[brionmario]

Purpose

This pull request updates Thunder's React integration guides, templates, and code samples to simplify the configuration of the Asgardeo React SDK. The main change is the removal of the now-unnecessary tokenValidation prop from all documentation, templates, and example code, reflecting recent improvements in the SDK and Thunder backend. Additionally, this PR updates the Asgardeo SDK to version 0.9.3 and introduces a new announcement banner to the documentation.

React SDK Integration Simplification:

• Removed the tokenValidation prop from all React integration guides, code samples, and configuration instructions, both for inbuilt and custom authentication modes. Now, only the required props (clientId/applicationId, baseUrl, platform, and optionally signInUrl) are needed for AsgardeoProvider configuration. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]

• Updated all relevant documentation and quick start guides to remove references to tokenValidation and clarify the minimal required configuration for Thunder authentication. [1] [2] [3] [4] [5]

SDK and Dependency Updates:

• Upgraded @asgardeo/react SDK from version 0.9.2 to 0.9.3 in the pnpm-lock.yaml to ensure compatibility and leverage the latest improvements. [1] [2] [3] [4]

Documentation Improvements:

• Added a persistent announcement banner to the documentation site indicating that the docs are under active development, including custom styling for both light and dark modes. [1] [2]

These changes make the integration process clearer and less error-prone for developers, while also keeping dependencies up to date and improving the documentation experience.

Approach

Update the SDK with the correct Issuer: asgardeo/javascript#342

Related Issues

• Fixes Bump SDK Version to Include Correct issuer Handling #1125

Related PRs

• N/A

Checklist

• Followed the contribution guidelines.
• Manual test round performed and verified.
• Documentation provided. (Add links if there are any)
• Tests provided. (Add links if there are any)
  • Unit Tests
  • Integration Tests
• Breaking changes. (Fill if applicable)
  • Breaking changes section filled.
  • breaking change label added.

Security checks

• Followed secure coding standards in WSO2 Secure Coding Guidelines
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.

[Copilot]

Pull request overview

Updates Thunder’s React integration guidance and dependencies to align with the latest Asgardeo React SDK behavior, removing the previously-required tokenValidation workaround and adding a docs-site announcement banner.

Changes:

• Removed tokenValidation from React integration docs, templates, and MCP tool instructions.
• Bumped @asgardeo/react dependency from 0.9.2 to 0.9.3 (and related locked transitive updates).
• Added a persistent “docs under active development” announcement banner and styling.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
frontend/pnpm-workspace.yaml	Bumps workspace catalog version of @asgardeo/react to 0.9.3.
frontend/pnpm-lock.yaml	Locks updated @asgardeo/react and related dependency graph changes.
frontend/apps/thunder-develop/src/features/applications/data/application-templates/technology-based/react.json	Updates React integration template prompts/snippets to drop tokenValidation.
docs/src/css/custom.css	Adds announcement-bar styling.
docs/docusaurus.config.ts	Enables a non-closeable announcement bar in Docusaurus config.
docs/content/guides/quick-start/react.mdx	Removes tokenValidation from the React quick start guide.
backend/internal/mcp/tools/reactsdk/tool.go	Updates MCP React SDK instructions to remove tokenValidation.

Files not reviewed (1)

• frontend/pnpm-lock.yaml: Language not supported

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.62%. Comparing base (b670edb) to head (2d38e6a).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1232      +/-   ##
==========================================
- Coverage   89.63%   89.62%   -0.01%     
==========================================
  Files         605      605              
  Lines       39625    39622       -3     
  Branches     2120     2120              
==========================================
- Hits        35516    35513       -3     
+ Misses       2286     2285       -1     
- Partials     1823     1824       +1     

Flag	Coverage Δ
backend-integration-postgres	53.57% <0.00%> (+<0.01%)	⬆️
backend-integration-sqlite	53.54% <0.00%> (+<0.01%)	⬆️
backend-unit	80.26% <100.00%> (-0.01%)	⬇️
frontend-apps-develop-unit	90.48% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

Files not reviewed (1)

• frontend/pnpm-lock.yaml: Language not supported

[Copilot]

Pull request overview

Copilot reviewed 12 out of 14 changed files in this pull request and generated 2 comments.

Files not reviewed (2)

• frontend/pnpm-lock.yaml: Language not supported
• samples/apps/react-sdk-sample/package-lock.json: Language not supported

[Copilot]

In this test fixture, mockApplication.inbound_auth_config[0].config.token.issuer was updated to https://localhost:8090, but mockRequest still uses https://localhost:8090/oauth2/token and the test asserts the request body equals mockRequest. This leaves the create-application path exercising the old issuer value, which is inconsistent with the intended issuer change. Update mockRequest (and any related assertions/fixtures) to use the new issuer as well, and align other affected application API tests that still hardcode /oauth2/token as the issuer.

Suggested change

	issuer: 'https://localhost:8090',
	issuer: 'https://localhost:8090/oauth2/token',

[Copilot]

The repeating-linear-gradient stop positions are out of order (...color1) 20px followed by ...color2) 10px). Browsers clamp decreasing stops, which makes the intended stripe widths unclear. Adjust the stop positions so they are monotonic (e.g., start color2 at the same or greater position than the preceding color1 stop).