@newhomestar/sdk 0.8.17 → 0.8.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +6 -2
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -903,9 +903,13 @@ export function runHttpServer(def, opts = {}) {
|
|
|
903
903
|
message: 'optionsFetcher requires a valid Bearer token',
|
|
904
904
|
});
|
|
905
905
|
}
|
|
906
|
-
// Resolve credentials (same flow as action handlers)
|
|
906
|
+
// Resolve credentials (same flow as action handlers).
|
|
907
|
+
// Extract userId from the request body (forwarded by the proxy)
|
|
908
|
+
// or from the JWT `sub` claim so the auth server resolves OAuth
|
|
909
|
+
// credentials for the *actual* caller — not the "system" default.
|
|
907
910
|
const credCtx = buildCredentialCtx(def.name, authToken);
|
|
908
|
-
const
|
|
911
|
+
const userId = req.body?.userId ?? req.auth?.sub ?? undefined;
|
|
912
|
+
const credentials = await credCtx.resolveCredentials(undefined, userId);
|
|
909
913
|
// Extract and normalize the scope identifiers from the request body.
|
|
910
914
|
// The UI posts `{ config, remoteId, remoteType }`. Both may be null
|
|
911
915
|
// for legacy / unscoped lookups. We keep them typed so handlers
|
package/package.json
CHANGED