fix: allow non-string defaults in user_properties (#100)#129
Merged
JohnMcLear merged 1 commit intomainfrom Apr 17, 2026
Merged
Conversation
The JTD schema forced \`user_properties.*.default\` to be a string, which
made it impossible to configure is_admin / readOnly / canCreate to
\`false\` / \`true\` — the obvious and documented way to set sensible
defaults from an OIDC provider. Reported since 2023.
Relax that slot to the JTD empty form \`{}\` so any JSON value is
accepted. The default is assigned verbatim to
\`req.session.user[propName]\` at authenticate time, so no downstream
code depends on it being a string.
Also expose \`validSettings\` on \`exportedForTestingOnly\` so the new spec
can exercise the validator directly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #100. The JTD schema rejected anything but a string in
user_properties.*.default, so operators could not setis_admin/readOnly/canCreatetofalse/truedefaults. Relax that slot to the JTD empty form ({}) so any JSON value is accepted — the default is assigned verbatim toreq.session.user[propName]at authenticate time. Expose the compiled validator onexportedForTestingOnlyand add specs that confirm string, boolean, and numeric defaults all validate.