feat: add getSchemas API function and related documentation; refactor Asgardeo client to integrate schema retrieval; enhance error handling and logging in authentication flows

Author: brionmario

packages/javascript/src/IsomorphicCrypto.ts

@@ -138,6 +138,7 @@ export class IsomorphicCrypto<T = any> {
    */
   public decodeIdToken(idToken: string): IdToken {
     try {
+      console.log('[IsomorphicCrypto] Decoding ID token:', idToken);
       const utf8String: string = this._cryptoUtils.base64URLDecode(idToken?.split('.')[1]);
       const payload: IdToken = JSON.parse(utf8String);
 

packages/javascript/src/__legacy__/client.ts

@@ -237,13 +237,14 @@ export class AsgardeoAuthClient<T> {
         await this._storageManager.setTemporaryDataParameter(pkceKey, codeVerifier, userId);
       }
 
-      console.log('[AsgardeoAuthClient] configData:', configData);
+      if (authRequestConfig['client_secret']) {
+        authRequestConfig['client_secret'] = configData.clientSecret;
+      }
 
       const authorizeRequestParams: Map<string, string> = getAuthorizeRequestUrlParams(
         {
           redirectUri: configData.afterSignInUrl,
           clientId: configData.clientId,
-          clientSecret: configData.clientSecret,
           scopes: processOpenIDScopes(configData.scopes),
           responseMode: configData.responseMode,
           codeChallengeMethod: PKCEConstants.DEFAULT_CODE_CHALLENGE_METHOD,
@@ -360,6 +361,8 @@ export class AsgardeoAuthClient<T> {
 
       let tokenResponse: Response;
 
+      console.log('[AsgardeoAuthClient] Requesting access token from:', tokenEndpoint);
+
       try {
         tokenResponse = await fetch(tokenEndpoint, {
           body: body,
@@ -631,7 +634,9 @@ export class AsgardeoAuthClient<T> {
    * @preserve
    */
   public async getUser(userId?: string): Promise<User> {
+    console.log('[AsgardeoAuthClient] Getting user with userId:', userId);
     const sessionData: SessionData = await this._storageManager.getSessionData(userId);
+    console.log('[AsgardeoAuthClient] Session data:', sessionData);
     const authenticatedUser: User = this._authenticationHelper.getAuthenticatedUserInfo(sessionData?.id_token);
 
     Object.keys(authenticatedUser).forEach((key: string) => {

packages/javascript/src/__legacy__/helpers/authentication-helper.ts

@@ -288,6 +288,7 @@ export class AuthenticationHelper<T> {
 
     await this._storageManager.setSessionData(parsedResponse, userId);
 
+    console.log('[AuthenticationHelper] Token response handled successfully:', userId, tokenResponse);
     return Promise.resolve(tokenResponse);
   }
 }

packages/javascript/src/api/getSchemas.ts

@@ -0,0 +1,163 @@
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import {Schema} from '../models/scim2-schema';
+import AsgardeoAPIError from '../errors/AsgardeoAPIError';
+
+/**
+ * Configuration for the getSchemas request
+ */
+export interface GetSchemasConfig extends Omit<RequestInit, 'method'> {
+  /**
+   * The absolute API endpoint.
+   */
+  url?: string;
+  /**
+   * The base path of the API endpoint.
+   */
+  baseUrl?: string;
+  /**
+   * Optional custom fetcher function.
+   * If not provided, native fetch will be used
+   */
+  fetcher?: (url: string, config: RequestInit) => Promise<Response>;
+}
+
+/**
+ * Retrieves the SCIM2 schemas from the specified endpoint.
+ *
+ * @param config - Request configuration object.
+ * @returns A promise that resolves with the SCIM2 schemas information.
+ * @example
+ * ```typescript
+ * // Using default fetch
+ * try {
+ *   const schemas = await getSchemas({
+ *     url: "https://api.asgardeo.io/t/<ORGANIZATION>/scim2/Schemas",
+ *   });
+ *   console.log(schemas);
+ * } catch (error) {
+ *   if (error instanceof AsgardeoAPIError) {
+ *     console.error('Failed to get schemas:', error.message);
+ *   }
+ * }
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Using custom fetcher (e.g., axios-based httpClient)
+ * try {
+ *   const schemas = await getSchemas({
+ *     url: "https://api.asgardeo.io/t/<ORGANIZATION>/scim2/Schemas",
+ *     fetcher: async (url, config) => {
+ *       const response = await httpClient({
+ *         url,
+ *         method: config.method,
+ *         headers: config.headers,
+ *         ...config
+ *       });
+ *       // Convert axios-like response to fetch-like Response
+ *       return {
+ *         ok: response.status >= 200 && response.status < 300,
+ *         status: response.status,
+ *         statusText: response.statusText,
+ *         json: () => Promise.resolve(response.data),
+ *         text: () => Promise.resolve(typeof response.data === 'string' ? response.data : JSON.stringify(response.data))
+ *       } as Response;
+ *     }
+ *   });
+ *   console.log(schemas);
+ * } catch (error) {
+ *   if (error instanceof AsgardeoAPIError) {
+ *     console.error('Failed to get schemas:', error.message);
+ *   }
+ * }
+ * ```
+ */
+const getSchemas = async ({url, baseUrl, fetcher, ...requestConfig}: GetSchemasConfig): Promise<Schema[]> => {
+  try {
+    new URL(url ?? baseUrl);
+  } catch (error) {
+    throw new AsgardeoAPIError(
+      `Invalid URL provided. ${error?.toString()}`,
+      'getSchemas-ValidationError-001',
+      'javascript',
+      400,
+      'The provided `url` or `baseUrl` path does not adhere to the URL schema.',
+    );
+  }
+
+  const fetchFn = fetcher || fetch;
+  const resolvedUrl: string = url ?? `${baseUrl}/scim2/Schemas`;
+
+  const requestInit: RequestInit = {
+    method: 'GET',
+    headers: {
+      'Content-Type': 'application/scim+json',
+      Accept: 'application/json',
+      ...requestConfig.headers,
+    },
+    ...requestConfig,
+  };
+
+  try {
+    const response: Response = await fetchFn(resolvedUrl, requestInit);
+
+    if (!response?.ok) {
+      const errorText = await response.text();
+
+      throw new AsgardeoAPIError(
+        `Failed to fetch SCIM2 schemas: ${errorText}`,
+        'getSchemas-ResponseError-001',
+        'javascript',
+        response.status,
+        response.statusText,
+      );
+    }
+
+    const responseData = await response.json();
+
+    // Handle both array response and Resources array response
+    if (Array.isArray(responseData)) {
+      return responseData as Schema[];
+    } else if (
+      responseData &&
+      typeof responseData === 'object' &&
+      'Resources' in responseData &&
+      Array.isArray(responseData.Resources)
+    ) {
+      return responseData.Resources as Schema[];
+    } else {
+      return [responseData] as Schema[];
+    }
+  } catch (error) {
+    if (error instanceof AsgardeoAPIError) {
+      throw error;
+    }
+
+    throw new AsgardeoAPIError(
+      `Network or parsing error: ${error instanceof Error ? error.message : 'Unknown error'}`,
+      'getSchemas-NetworkError-001',
+      'javascript',
+      0,
+      'Network Error',
+    );
+  }
+};
+
+export default getSchemas;

packages/javascript/src/api/scim2/__tests__/getMeProfile.test.ts

@@ -26,6 +26,7 @@ export {default as executeEmbeddedSignInFlow} from './api/executeEmbeddedSignInF
 export {default as executeEmbeddedSignUpFlow} from './api/executeEmbeddedSignUpFlow';
 export {default as getUserInfo} from './api/getUserInfo';
 export {default as getScim2Me, GetScim2MeConfig} from './api/getScim2Me';
+export {default as getSchemas, GetSchemasConfig} from './api/getSchemas';
 
 export {default as ApplicationNativeAuthenticationConstants} from './constants/ApplicationNativeAuthenticationConstants';
 export {default as TokenConstants} from './constants/TokenConstants';

packages/javascript/src/api/scim2/getMeProfile.ts

@@ -55,7 +55,6 @@ const getAuthorizeRequestUrlParams = (
   options: {
     redirectUri: string;
     clientId: string;
-    clientSecret?: string;
     scopes?: string;
     responseMode?: string;
     codeChallenge?: string;
@@ -79,10 +78,6 @@ const getAuthorizeRequestUrlParams = (
     authorizeRequestParams.set('response_mode', responseMode as string);
   }
 
-  if (clientSecret) {
-    authorizeRequestParams.set('client_secret', clientSecret as string);
-  }
-
   const pkceKey: string = pkceOptions?.key;
 
   if (codeChallenge) {

packages/javascript/src/api/scim2/index.ts

@@ -33,6 +33,9 @@ import {
   executeEmbeddedSignInFlow,
   EmbeddedFlowExecuteRequestConfig,
   ExtendedAuthorizeRequestUrlParams,
+  generateUserProfile,
+  flattenUserSchema,
+  getScim2Me,
 } from '@asgardeo/node';
 import {NextRequest, NextResponse} from 'next/server';
 import {AsgardeoNextConfig} from './models/config';
@@ -52,7 +55,7 @@ const removeTrailingSlash = (path: string): string => (path.endsWith('/') ? path
 class AsgardeoNextClient<T extends AsgardeoNextConfig = AsgardeoNextConfig> extends AsgardeoNodeClient<T> {
   private static instance: AsgardeoNextClient<any>;
   private asgardeo: LegacyAsgardeoNodeClient<T>;
-  private isInitialized: boolean = false;
+  public isInitialized: boolean = false;
 
   private constructor() {
     super();
@@ -123,7 +126,18 @@ class AsgardeoNextClient<T extends AsgardeoNextConfig = AsgardeoNextConfig> exte
   override async getUser(userId?: string): Promise<User> {
     await this.ensureInitialized();
     const resolvedSessionId: string = userId || ((await getSessionId()) as string);
-    return this.asgardeo.getUser(resolvedSessionId);
+
+    try {
+      const configData = await this.asgardeo.getConfigData();
+      const baseUrl = configData?.baseUrl;
+
+      const profile = await getScim2Me({baseUrl});
+      const schemas = await getSchemas({url: `${baseUrl}/scim2/Schemas`});
+
+      return generateUserProfile(profile, flattenUserSchema(schemas));
+    } catch (error) {
+      return this.asgardeo.getUser(resolvedSessionId);
+    }
   }
 
   override async getOrganizations(): Promise<Organization[]> {
@@ -176,10 +190,12 @@ class AsgardeoNextClient<T extends AsgardeoNextConfig = AsgardeoNextConfig> exte
         const defaultSignInUrl: URL = new URL(
           await this.getAuthorizeRequestUrl({
             response_mode: 'direct',
-            ...(arg3 ?? {}),
+            client_secret: '{{clientSecret}}',
           }),
         );
 
+        console.log('[AsgardeoNextClient] Redirecting to sign-in URL:', defaultSignInUrl);
+
         return initializeEmbeddedSignInFlow({
           url: `${defaultSignInUrl.origin}${defaultSignInUrl.pathname}`,
           payload: Object.fromEntries(defaultSignInUrl.searchParams.entries()),