Nullable response in JWTSessionResponse

[cosmin-marginean]

The JWTSessionResponse is currently designed as receiving a nullable response (Session?) as per definition here:

stytch-java/stytch/src/main/kotlin/com/stytch/java/common/JWTResponse.kt

Line 10 in 36e6787

public data class JWTSessionResponse(val response: Session?) : JWTResponse

There is only one place where this is object is created in the code, and that is inside Sessions.authenticateJwt:

stytch-java/stytch/src/main/kotlin/com/stytch/java/consumer/api/sessions/Sessions.kt

Line 582 in 36e6787

is StytchResult.Success -> StytchResult.Success(JWTSessionResponse(localResult.value))

Sessions.authenticateJwt, in turn, calls authenticateJwtLocal which always seems to return a non-nullable Session:

stytch-java/stytch/src/main/kotlin/com/stytch/java/consumer/api/sessions/Sessions.kt

Lines 633 to 644 in 36e6787

	return StytchResult.Success(
	Session(
	sessionId = stytchSessionClaim.id,
	attributes = stytchSessionClaim.attributes,
	authenticationFactors = stytchSessionClaim.authenticationFactors,
	userId = jwtClaims.payload.subject,
	startedAt = Instant.parse(stytchSessionClaim.startedAt),
	lastAccessedAt = Instant.parse(stytchSessionClaim.lastAccessedAt),
	expiresAt = Instant.parse(stytchSessionClaim.expiresAt),
	customClaims = jwtClaims.customClaims,
	),
	)

So the question is whether JWTSessionResponse.response should be nullable at all, since we are never passing a null Session when constructing this.

Admittedly, this requires making authenticateJwtLocal also returning StytchResult<Session> instead of StytchResult<Session?>, but I don't see why that would be an issue if this underlying Session is never null.