video-accessibility

History

Vadym Samoilenko 4623b89aeb feat(mt-16): JWT org_ids claim + transient user.org_ids in deps - create_access_token gains optional org_ids: list[str] param; encodes {exp, sub, org_ids, v:2} — org_ids is a prefilter hint only, never used as authorization source of truth (Redis cache is authoritative) - Login, MS login, refresh endpoints: fetch memberships and include org_ids in issued access tokens via _get_user_org_ids() helper - routes_invitations.py accept flow: same org_ids population on token - get_current_user: reads org_ids from payload, attaches as transient user.__dict__["org_ids"] — available to OrgScopedQuery for prefilter - Force logout: rotate JWT_SECRET env var at deployment time (no code change needed; all existing tokens immediately invalidated) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-29 20:46:39 +01:00
..
v1	feat(mt-16): JWT org_ids claim + transient user.org_ids in deps	2026-04-29 20:46:39 +01:00

Vadym Samoilenko 4623b89aeb feat(mt-16): JWT org_ids claim + transient user.org_ids in deps

- create_access_token gains optional org_ids: list[str] param; encodes
  {exp, sub, org_ids, v:2} — org_ids is a prefilter hint only, never
  used as authorization source of truth (Redis cache is authoritative)
- Login, MS login, refresh endpoints: fetch memberships and include
  org_ids in issued access tokens via _get_user_org_ids() helper
- routes_invitations.py accept flow: same org_ids population on token
- get_current_user: reads org_ids from payload, attaches as transient
  user.__dict__["org_ids"] — available to OrgScopedQuery for prefilter
- Force logout: rotate JWT_SECRET env var at deployment time (no code
  change needed; all existing tokens immediately invalidated)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-29 20:46:39 +01:00

feat(mt-16): JWT org_ids claim + transient user.org_ids in deps

2026-04-29 20:46:39 +01:00