From 36cd1a5cdfa9dd2e07909c8db46c29020b153eff Mon Sep 17 00:00:00 2001
From: Anton Gunnarsson <anton.gunnarsson@scandichotels.com>
Date: Thu, 20 Nov 2025 12:36:40 +0000
Subject: [PATCH] Merged in fix/sw-3627-pass-user-access-token-payment-callback
 (pull request #3189)

fix(SW-3627): Pass social session user token to payment callback apge

* Pass social session user token to payment callback apge


Approved-by: Linus Flood
---
 .../payment-callback/[status]/page.tsx        | 13 +++++----
 apps/partner-sas/auth/scandic/session.ts      | 29 +++++++++++++++----
 2 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/apps/partner-sas/app/[lang]/hotelreservation/(payment-callback)/payment-callback/[status]/page.tsx b/apps/partner-sas/app/[lang]/hotelreservation/(payment-callback)/payment-callback/[status]/page.tsx
index 1c5d13540..c5b7856ed 100644
--- a/apps/partner-sas/app/[lang]/hotelreservation/(payment-callback)/payment-callback/[status]/page.tsx
+++ b/apps/partner-sas/app/[lang]/hotelreservation/(payment-callback)/payment-callback/[status]/page.tsx
@@ -3,6 +3,8 @@ import { logger } from "@scandic-hotels/common/logger"
 
 import { bookingFlowConfig } from "@/constants/bookingFlowConfig"
 
+import { getSocialSession, isValidSocialSession } from "@/auth/scandic/session"
+
 import type { PaymentCallbackStatusEnum } from "@scandic-hotels/common/constants/paymentCallbackStatusEnum"
 
 import type { LangParams, PageArgs } from "@/types/params"
@@ -15,12 +17,11 @@ export default async function PaymentCallbackPage(
   logger.debug(`[payment-callback] callback started`)
   const lang = params.lang
 
-  const userAccessToken = null
-  // TODO fix when auth is implemented
-  // const session = await auth()
-  // if (isValidSession(session)) {
-  //   userAccessToken = session.token.access_token
-  // }
+  let userAccessToken = null
+  const session = await getSocialSession()
+  if (isValidSocialSession(session)) {
+    userAccessToken = session.access_token
+  }
 
   return (
     <PaymentCallbackPagePrimitive
diff --git a/apps/partner-sas/auth/scandic/session.ts b/apps/partner-sas/auth/scandic/session.ts
index 963de5cf0..dd2a5d8c2 100644
--- a/apps/partner-sas/auth/scandic/session.ts
+++ b/apps/partner-sas/auth/scandic/session.ts
@@ -7,12 +7,13 @@ import { dt } from "@scandic-hotels/common/dt"
 
 import { env } from "@/env/server"
 
+type SocialSession = {
+  access_token: string
+  refresh_token?: string
+  expires_at: string
+}
 async function internalGetSession() {
-  return await getIronSession<{
-    access_token: string
-    refresh_token: string | undefined
-    expires_at: string
-  }>(await cookies(), {
+  return await getIronSession<SocialSession>(await cookies(), {
     password: env.IRON_SESSION_SECRET,
     cookieName: "scandic_session",
   })
@@ -54,3 +55,21 @@ export async function destroySocialSession() {
 
   session.destroy()
 }
+
+export function isValidSocialSession(
+  session: SocialSession | null
+): session is SocialSession {
+  if (!session) {
+    return false
+  }
+
+  if (!session.access_token) {
+    return false
+  }
+
+  if (session.expires_at && dt(session.expires_at).isBefore(dt())) {
+    return false
+  }
+
+  return true
+}