Fix SSR hydration mismatch in tokenStore (#306)

nicknisi · web-flow · commit 988f2e141a4f · 2025-09-16T10:49:00.000-05:00
* fix SSR rendering of token

* test: fix session refresh error tests for Node 20

- Update test expectations to match wrapped error messages
- Provide valid JWT tokens in mock sessions to prevent decoding errors
- Tests now expect 'Failed to refresh session:' prefix in error messages
diff --git a/src/components/tokenStore.ts b/src/components/tokenStore.ts
@@ -19,7 +19,7 @@ export class TokenStore {
 
   constructor() {
     // Initialize state with token from cookie if available
-    const initialToken = this.getInitialTokenFromCookie();
+    const initialToken = typeof window !== 'undefined' ? this.getInitialTokenFromCookie() : undefined;
     this.state = {
       token: initialToken,
       loading: false,
@@ -28,7 +28,7 @@ export class TokenStore {
 
     // Server snapshot should match initial state for hydration
     this.serverSnapshot = {
-      token: initialToken,
+      token: undefined,
       loading: false,
       error: null,
     };
diff --git a/src/session.spec.ts b/src/session.spec.ts
@@ -825,22 +825,32 @@ describe('session.ts', () => {
 
     it('throws if authenticateWithRefreshToken fails with string', async () => {
       const nextCookies = await cookies();
+      // Create a mock session with a valid JWT that includes org_id
+      const mockSessionWithValidJWT = {
+        ...mockSession,
+        accessToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdfaWQiOiJvcmdfMTIzIn0.fake',
+      };
       nextCookies.set(
         'wos-session',
-        await sealData(mockSession, { password: process.env.WORKOS_COOKIE_PASSWORD as string }),
+        await sealData(mockSessionWithValidJWT, { password: process.env.WORKOS_COOKIE_PASSWORD as string }),
       );
       jest.spyOn(workos.userManagement, 'authenticateWithRefreshToken').mockRejectedValue('fail');
-      expect(refreshSession({ ensureSignedIn: false })).rejects.toThrow('fail');
+      expect(refreshSession({ ensureSignedIn: false })).rejects.toThrow('Failed to refresh session: fail');
     });
 
     it('throws if authenticateWithRefreshToken fails with error', async () => {
       const nextCookies = await cookies();
+      // Create a mock session with a valid JWT that includes org_id
+      const mockSessionWithValidJWT = {
+        ...mockSession,
+        accessToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdfaWQiOiJvcmdfMTIzIn0.fake',
+      };
       nextCookies.set(
         'wos-session',
-        await sealData(mockSession, { password: process.env.WORKOS_COOKIE_PASSWORD as string }),
+        await sealData(mockSessionWithValidJWT, { password: process.env.WORKOS_COOKIE_PASSWORD as string }),
       );
       jest.spyOn(workos.userManagement, 'authenticateWithRefreshToken').mockRejectedValue(new Error('error'));
-      await expect(refreshSession()).rejects.toThrow('error');
+      await expect(refreshSession()).rejects.toThrow('Failed to refresh session: error');
     });
   });
 
