chore(types,shared): Added tests and did some cleanup

octoper · octoper · commit 2859c37f1400 · 2025-04-07T15:47:16.000+03:00
diff --git a/packages/backend/src/tokens/authObjects.ts b/packages/backend/src/tokens/authObjects.ts
@@ -111,7 +111,6 @@ export function signedInAuthObject(
     sessionToken,
     fetcher: async (...args) => (await apiClient.sessions.getToken(...args)).jwt,
   });
-
   return {
     actor,
     sessionClaims,
diff --git a/packages/shared/src/__tests__/authorization.test.ts b/packages/shared/src/__tests__/authorization.test.ts
@@ -0,0 +1,49 @@
+import { __experimental_resolveSignedInAuthStateFromJWTClaims as resolveSignedInAuthStateFromJWTClaims } from '../authorization';
+
+describe('resolveSignedInAuthStateFromJWTClaims', () => {
+  const baseClaims = {
+    exp: 1234567890,
+    iat: 1234567890,
+    iss: 'https://api.clerk.com',
+    sub: 'sub',
+    sid: 'sid',
+    azp: 'azp',
+    nbf: 1234567890,
+    __raw: '',
+  };
+
+  test('produced auth object with v2 matches v1', () => {
+    const { sessionClaims: v2Claims, ...signedInAuthObjectV2 } = resolveSignedInAuthStateFromJWTClaims({
+      ...baseClaims,
+      v: 2,
+      org: {
+        id: 'org_id',
+        rol: 'admin',
+        slg: 'org_slug',
+        per: ['permission1', 'permission2'],
+      },
+    });
+
+    const { sessionClaims: v1Claims, ...signedInAuthObjectV1 } = resolveSignedInAuthStateFromJWTClaims({
+      ...baseClaims,
+      org_id: 'org_id',
+      org_role: 'admin',
+      org_slug: 'org_slug',
+      org_permissions: ['permission1', 'permission2'],
+      v: undefined,
+    });
+    expect(signedInAuthObjectV1).toMatchObject(signedInAuthObjectV2);
+  });
+
+  test('produced auth object with v2 matches v1 without having orgs', () => {
+    const { sessionClaims: v2Claims, ...signedInAuthObjectV2 } = resolveSignedInAuthStateFromJWTClaims({
+      ...baseClaims,
+      v: 2,
+    });
+
+    const { sessionClaims: v1Claims, ...signedInAuthObjectV1 } = resolveSignedInAuthStateFromJWTClaims({
+      ...baseClaims,
+    });
+    expect(signedInAuthObjectV1).toMatchObject(signedInAuthObjectV2);
+  });
+});
diff --git a/packages/shared/src/authorization.ts b/packages/shared/src/authorization.ts
@@ -317,8 +317,7 @@ const __experimental_resolveSignedInAuthStateFromJWTClaims = (claims: JwtPayload
       orgRole = claims.org?.rol;
       orgSlug = claims.org?.slg;
 
-      // TODO(jwt-v2): when JWT version 2 is available, do proper handling for org permissions
-      orgPermissions = (claims?.org_permissions as string[] | undefined) ?? undefined;
+      orgPermissions = claims.org?.per;
       break;
     default:
       orgId = claims.org_id;
diff --git a/packages/types/src/jwtv2.ts b/packages/types/src/jwtv2.ts
@@ -43,7 +43,7 @@ type JWTPayloadBase = {
    *
    * The version of the JWT payload.
    */
-  ver: number | undefined;
+  v?: number | undefined;
 
   /**
    * Encoded token supporting the `getRawString` method.
@@ -110,12 +110,7 @@ type JWTPayloadBase = {
 
 export type VersionedJwtPayload =
   | {
-      /**
-       * @experimental
-       *
-       * The version of the JWT payload.
-       */
-      v?: never;
+      v?: undefined;
 
       /**
        *
@@ -139,13 +134,7 @@ export type VersionedJwtPayload =
       org_role?: OrganizationCustomRoleKey;
     }
   | {
-      /**
-       * @experimental
-       *
-       * The version of the JWT payload.
-       */
       v: 2;
-
       /**
        * @experimental - This structure is subject to change.
        *
@@ -166,6 +155,12 @@ export type VersionedJwtPayload =
          * Active organization role.
          */
         rol?: OrganizationCustomRoleKey;
+
+        /**
+         *
+         * Active organization permissions.
+         */
+        per?: OrganizationCustomPermissionKey[];
       };
     };
 
