Fix auth to handle JWT tokens without actor_id

Browse Source

- Default actor_id to @username when not in token claims
- Support both artdag_session (base64 JSON) and auth_token (JWT) cookies
- Check both 'username' and 'sub' claims for username
- Check both 'actor_id' and 'actor' claims for actor_id

This fixes authentication when L2 tokens don't include actor_id.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

...

This commit is contained in:

gilesb

2026-01-11 16:06:51 +00:00

parent 889ea98e41

commit 932abb8d7a

2 changed files with 40 additions and 15 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

artdag_common/middleware/__pycache__/auth.cpython-310.pyc Normal file

Binary file not shown.