Add roles from JWT payload#40
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR introduces support for multiple roles per user by adding a roles array field alongside the existing single role field throughout the AuthKit React Router authentication system. The changes are comprehensive and systematic, touching all relevant interfaces, functions, and test files.
The implementation adds a roles?: string[] property to all authentication-related interfaces including AccessToken, UserInfo, AuthorizedData, and UnauthorizedData. In the session management (session.ts), the roles are extracted from JWT tokens in the getClaimsFromAccessToken function and propagated through the refreshSession and authkitLoader functions. The main authentication function in auth.ts has been updated to extract and return the roles claim from JWT access tokens following the same pattern as other array fields like permissions and entitlements.
The change maintains full backward compatibility by keeping the existing role field intact while adding the optional roles array. This allows applications to gradually migrate from single-role to multi-role authorization models. The implementation follows established patterns in the codebase where array fields are already supported for permissions, entitlements, and feature flags.
Additionally, the PR includes a minor improvement to the developer experience by adding .idea to the .gitignore file to exclude JetBrains IDE configuration files from version control.
All test files have been comprehensively updated to include the new roles field, ensuring proper test coverage for the multi-role functionality across different authentication scenarios including session creation, token refresh, and organization switching.
Confidence score: 5/5
- This PR is safe to merge with minimal risk as it maintains full backward compatibility
- Score reflects well-structured, comprehensive changes that follow existing patterns and include thorough test coverage
- No files require special attention as all changes are consistent and follow established conventions
6 files reviewed, no comments
| sessionId: string; | ||
| organizationId: string | null; | ||
| role: string | null; | ||
| roles: string[] | null; |
There was a problem hiding this comment.
Sorry, broken record here, why not string[] like permissions, entitlements, and featureFlags?
There was a problem hiding this comment.
Same thing - consistency with role. If you have a strong opinion about consistency with the other array fields, I can change it.
2 participants
No description provided.