Extract feature flags

[gobbledygook88]

Description

Extract feature flags from the session object

An attempt to fix #479

[greptile-apps]

Greptile Overview

Summary

This PR adds feature flags extraction functionality to the WorkOS Python SDK's session management system. The changes enable applications to access feature flag information directly from authenticated sessions by extracting the `feature_flags` field from JWT tokens during authentication and refresh operations.

The implementation adds a new feature_flags field to the AuthenticateWithSessionCookieSuccessResponse model, typed as Optional[Sequence[str]] to handle cases where feature flags may not be present in the JWT payload. The extraction logic is consistently implemented across all session authentication flows - both synchronous and asynchronous versions of authenticate and refresh methods in the Session classes.

This change follows the established pattern used for other optional JWT claims like entitlements, roles, and permissions. The feature flags are extracted using .get("feature_flags", None) from the decoded JWT payload, ensuring backward compatibility and graceful handling when feature flags are absent. The implementation spans three key files: the type definition in session.py types, the extraction logic in the main session.py module, and comprehensive test coverage to verify the functionality works correctly across all authentication scenarios.

Important Files Changed

Changed Files

Filename	Score	Overview
workos/types/user_management/session.py	5/5	Added optional feature_flags field to AuthenticateWithSessionCookieSuccessResponse model
workos/session.py	5/5	Implemented feature_flags extraction from JWT tokens in authenticate and refresh methods
tests/test_session.py	5/5	Updated test fixtures and assertions to verify feature_flags extraction functionality

Confidence score: 5/5

• This PR is safe to merge with minimal risk
• Score reflects simple, well-tested changes that follow existing patterns in the codebase
• No files require special attention

Sequence Diagram

sequenceDiagram
    participant User
    participant Session
    participant JWT
    participant UserManagement
    participant JWKS
    
    User->>Session: "authenticate()"
    Session->>Session: "unseal_data(session_data, cookie_password)"
    Session->>JWKS: "get_signing_key_from_jwt(access_token)"
    JWKS-->>Session: "signing_key"
    Session->>JWT: "decode(access_token, signing_key)"
    JWT-->>Session: "decoded_claims (including feature_flags)"
    Session-->>User: "AuthenticateWithSessionCookieSuccessResponse (with feature_flags)"
    
    User->>Session: "refresh()"
    Session->>Session: "unseal_data(session_data, cookie_password)"
    Session->>UserManagement: "authenticate_with_refresh_token()"
    UserManagement-->>Session: "auth_response (access_token, user, etc.)"
    Session->>JWKS: "get_signing_key_from_jwt(access_token)"
    JWKS-->>Session: "signing_key"
    Session->>JWT: "decode(access_token, signing_key)"
    JWT-->>Session: "decoded_claims (including feature_flags)"
    Session-->>User: "RefreshWithSessionCookieSuccessResponse (with feature_flags)"

Loading

_{3 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}