Skip to content

fix: resolve user ID mismatch in agent routes for device auth flow #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vreshch merged 1 commit into from
Nov 30, 2025
Merged

fix: resolve user ID mismatch in agent routes for device auth flow #12

vreshch merged 1 commit into from
Nov 30, 2025

Conversation

@vreshch
Copy link
Contributor

@vreshch vreshch commented Nov 30, 2025

Problem

When publishing agents via CLI using device code authentication, users receive a User not found error (500 Internal Server Error).

Root Cause

The JWT auth middleware sets req.user.userId, but all agent routes were accessing req.user.id (which is only set during OAuth callback flows).

Solution

Updated all 9 agent route files to correctly access the user ID from both authentication methods:

// Support both JWT auth (userId) and OAuth callback (id/_id)
const userId = req.user?.userId || req.user?.id || req.user?._id?.toString();

Files Changed

  • Required auth routes (with proper validation):

    • publish.ts
    • delete.ts
    • update-metadata.ts

  • Optional auth routes:

    • get-agent.ts
    • search.ts
    • list.ts
    • versions.ts
    • get-version.ts
    • mcp-servers.ts

Testing

  • TypeScript compilation passes with no errors
  • Device code auth flow now correctly resolves the user ID

@vreshch
fix: resolve user ID mismatch in agent routes for device auth flow
08ea548 
The JWT auth middleware sets req.user.userId, but agent routes were
accessing req.user.id (only set during OAuth callback). This caused
'User not found' errors when publishing agents via CLI/device code auth.

Updated all agent routes to support both authentication methods:
- req.user.userId (JWT/device code auth)
- req.user.id or req.user._id (OAuth callback auth)

Affected routes:
- publish.ts, delete.ts, update-metadata.ts (required auth)
- get-agent.ts, search.ts, list.ts, versions.ts, get-version.ts, mcp-servers.ts (optional auth)
@github-actions
Copy link

github-actions bot commented Nov 30, 2025

Pull Request Validation Successful

Step Results:

  • 📦 Install dependencies: true
  • 🔍 Run linting: true
  • 🧪 Run tests: true
  • 🏗️ Build packages: true

🎉 All quality checks passed! Ready to merge.

📋 View workflow run

🐳 Docker Images Built Successfully!

🏷️ Tag: pr-12

  • Backend: ✅ Built
  • Frontend: ✅ Built

📋 View workflow

⏰ Generated at: 2025-11-30T22:32:48.574Z

@vreshch vreshch merged commit 3f992a4 into master Nov 30, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vreshch