Skip to content

Add roles from JWT payload#71

Merged
atainter merged 2 commits into
mainfrom
at-roles
Sep 18, 2025
Merged

Add roles from JWT payload#71
atainter merged 2 commits into
mainfrom
at-roles

Conversation

@atainter
Copy link
Copy Markdown
Contributor

@atainter atainter commented Sep 17, 2025

No description provided.

greptile-apps[bot]
greptile-apps Bot reviewed Sep 17, 2025
View reviewed changes
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Summary

This PR adds support for extracting and managing multiple user roles from JWT payloads in the WorkOS AuthKit React SDK. The changes introduce a new roles field alongside the existing single role field to provide more flexible role-based access control.

The implementation follows the established patterns in the codebase:

  1. State Management: A new roles: string[] | null field is added to the State interface in src/state.ts, initialized to null in the initialState object, matching the pattern used by other JWT-derived fields like permissions and featureFlags.

  2. JWT Extraction: The AuthKitProvider component in src/provider.tsx is updated to extract the roles array from JWT claims using the same destructuring pattern as other claims. The roles are then included in the session state updates.

  3. Session Comparison: The session equality check is updated to include roles comparison (a.roles === b.roles) to prevent unnecessary re-renders when roles change.

  4. IDE Configuration: The .gitignore file is updated to exclude JetBrains IDE configuration files (.idea directory), which is a standard practice for maintaining a clean repository.

This change maintains backward compatibility by preserving the existing single role field while adding the new roles array functionality. The implementation integrates seamlessly with the existing authentication context and state management system, allowing consuming applications to access both individual role and multiple roles as needed.

Confidence score: 5/5

  • This PR is safe to merge with minimal risk
  • Score reflects simple additive changes that follow established patterns and maintain backward compatibility
  • No files require special attention

3 files reviewed, no comments

Edit Code Review Bot Settings | Greptile

nholden
nholden approved these changes Sep 17, 2025
View reviewed changes
Comment thread src/state.ts
isLoading: boolean;
user: User | null;
role: string | null;
roles: string[] | null;
Copy link
Copy Markdown
Contributor

@nholden nholden Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, why not string[] and default to an empty array like permissions and featureFlags?

Copy link
Copy Markdown
Contributor Author

@atainter atainter Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's an optional field in the JWT payload, so I didn't want to default to empty. If users use this to authorize anything, an empty roles array might be different than expected and change the authorization decision. Also felt weird that roles could be null, but roles couldn't

@nholden nholden mentioned this pull request Sep 17, 2025
Merged
@atainter atainter merged commit 7eb6640 into main Sep 18, 2025
2 checks passed
@atainter atainter deleted the at-roles branch September 18, 2025 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@nicknisi nicknisi Awaiting requested review from nicknisi

+1 more reviewer

@nholden nholden nholden approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@atainter @nholden