Skip to content

Add roles from JWT payload #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 18, 2025
Merged

Add roles from JWT payload #71

merged 2 commits into from
Sep 18, 2025

Conversation

@atainter
Copy link
Contributor

@atainter atainter commented Sep 17, 2025

No description provided.

greptile-apps[bot]
greptile-apps bot reviewed Sep 17, 2025
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Summary

This PR adds support for extracting and managing multiple user roles from JWT payloads in the WorkOS AuthKit React SDK. The changes introduce a new roles field alongside the existing single role field to provide more flexible role-based access control.

The implementation follows the established patterns in the codebase:

  1. State Management: A new roles: string[] | null field is added to the State interface in src/state.ts, initialized to null in the initialState object, matching the pattern used by other JWT-derived fields like permissions and featureFlags.

  2. JWT Extraction: The AuthKitProvider component in src/provider.tsx is updated to extract the roles array from JWT claims using the same destructuring pattern as other claims. The roles are then included in the session state updates.

  3. Session Comparison: The session equality check is updated to include roles comparison (a.roles === b.roles) to prevent unnecessary re-renders when roles change.

  4. IDE Configuration: The .gitignore file is updated to exclude JetBrains IDE configuration files (.idea directory), which is a standard practice for maintaining a clean repository.

This change maintains backward compatibility by preserving the existing single role field while adding the new roles array functionality. The implementation integrates seamlessly with the existing authentication context and state management system, allowing consuming applications to access both individual role and multiple roles as needed.

Confidence score: 5/5

  • This PR is safe to merge with minimal risk
  • Score reflects simple additive changes that follow established patterns and maintain backward compatibility
  • No files require special attention

3 files reviewed, no comments

Edit Code Review Bot Settings | Greptile

nholden
nholden approved these changes Sep 17, 2025
View reviewed changes
src/state.ts
isLoading: boolean;
user: User | null;
role: string | null;
roles: string[] | null;
Copy link
Member

@nholden nholden Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, why not string[] and default to an empty array like permissions and featureFlags?

Copy link
Contributor Author

@atainter atainter Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's an optional field in the JWT payload, so I didn't want to default to empty. If users use this to authorize anything, an empty roles array might be different than expected and change the authorization decision. Also felt weird that roles could be null, but roles couldn't

@nholden nholden mentioned this pull request Sep 17, 2025
Merged
@atainter atainter merged commit 7eb6640 into main Sep 18, 2025
2 checks passed
@atainter atainter deleted the at-roles branch September 18, 2025 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nholden nholden nholden approved these changes

@nicknisi nicknisi Awaiting requested review from nicknisi

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@atainter @nholden