MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix: Always check admin status from access token in JWT callback
CI Pipeline / Backend Build & Test (push) Successful in 1m3s
Details
CI Pipeline / Frontend Lint, Test & Build (push) Successful in 29s
Details
CI Pipeline / Infrastructure Validation (push) Successful in 3s
Details

Browse Source 
The jwt callback was only checking isAdmin during initial login when
account was present, but not on subsequent session refreshes. This caused
the admin status to be lost after the initial login.

- Moved admin status check outside of the 'if (account)' block
- Now checks isAdmin on every JWT callback when accessToken is available
This commit is contained in:
WorkClub Automation
2026-03-21 13:11:01 +01:00
parent f8d698ba42
commit b5dd24b4c9
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/auth/auth.ts
+3
View File
@@ -71,7 +71,10 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
// Add clubs claim from Keycloak access token
token.clubs = (account as { clubs?: Record<string, string> }).clubs || {}
token.accessToken = account.access_token
}
// Always check admin status from the access token if available
if (token.accessToken) {
try {
const payload = JSON.parse(Buffer.from((token.accessToken as string).split('.')[1], 'base64').toString());
const roles = (payload.realm_access?.roles as string[]) || [];