refactor: Read org_id claim instead of organization_id for agent access tokens#1651
Conversation
The server now emits org_id as the canonical claim. Update the SDK to read org_id from the JWT payload when validating agent access tokens. Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Original prompt from madison.packer
|
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
Greptile SummaryThis PR updates agent access token parsing to use the new organization claim. The main changes are:
Confidence Score: 5/5The changes are narrowly scoped to the agent access token claim rename and keep the public claims shape unchanged. Updated parsing, type guard, serialized interface, and tests align around the new
What T-Rex did
Reviews (1): Last reviewed commit: "Read org_id claim instead of organizatio..." | Re-trigger Greptile |
cmatheson
left a comment
There was a problem hiding this comment.
do we need to support the old claim for backwards compat?
|
The server-side rollout is:
Since Agent Auth is new and typeof payload.org_id === 'string' || typeof payload.organization_id === 'string'and read @m0tzy would you like me to add backward compat support for the old claim, or is the hard cutover fine given Agent Auth is new? |
|
@cmatheson the previous organization_id change hasn't been released yet! |
Description
The server is switching the canonical agent access token claim from
organization_idtoorg_id(see workos/workos#64524). This PR updates the Node SDK to readorg_idfrom the JWT payload.Changes:
SerializedAgentAccessTokenClaims.organization_id→org_idhasRequiredAgentClaimstype guard checksorg_idinstead oforganization_iddeserializeAgentAccessTokenClaimsreadspayload.org_idorg_idin the token fixtureThe public
AgentAccessTokenClaims.organizationIdfield is unchanged — consumers are unaffected.Documentation
Docs PR: https://github.com/workos/workos/pull/64524
Link to Devin session: https://app.devin.ai/sessions/84b058ead3984651ae5e337002e3a837
Requested by: @m0tzy