The GitHub Actions job "Required Checks" on texera.git/main has succeeded. Run started by GitHub user Yicong-Huang (triggered by Yicong-Huang).
Head commit for run: 786a9207962858e37c29d726e2df290dcaf4a267 / Yicong Huang <[email protected]> refactor(auth): align JWT claim parsing across microservices and amber (#4896) ### What changes were proposed in this PR? Two JWT parsing paths drifted apart, and the codebase had two `JwtConsumer` instances built with byte-identical config: - `common/auth/JwtParser` (microservices) read 5 claims and dropped `googleAvatar` — even though `JwtAuth.jwtClaims` writes it on every token. - `amber/.../UserAuthenticator` read those 5 plus `comment`, `accountCreation` — neither of which the issuer ever writes, so always `null` in real tokens. Also dropped `googleAvatar`. Consolidate into a single `JwtParser.claimsToSessionUser(JwtClaims): SessionUser` in `common/auth`. Make `JwtParser.parseToken` reuse `JwtAuth.jwtConsumer` (one consumer instance left in the codebase). Rewrite `UserAuthenticator.authenticate` as a 1-line delegate so amber and the microservices produce identical `SessionUser` objects from the same token. `UserAuthenticator` itself stays in amber — it's a Dropwizard 1.3 `Authenticator[JwtContext, SessionUser]` adapter for the toastshaman library. Once amber's Dropwizard upgrade unblocks the move to the common `JwtAuthFilter`, this whole adapter goes away. Side robustness fix: jose4j returns `Long` for integer claims after JSON round-trip but `setClaim` keeps `Integer` in memory. Widening `userId` via `getClaimValue("userId", classOf[Number]).intValue()` makes directly-built and parsed claims behave the same. ### Any related issues, documentation, discussions? Closes #4895 ### How was this PR tested? `JwtParserSpec` (new, 4 cases): asserts every issued claim is populated (including `googleAvatar`), the non-issued `User` slots stay `null`, an end-to-end round-trip via `JwtAuth.jwtToken -> JwtParser.parseToken` reconstructs the user, and a structurally invalid token returns empty. `sbt Auth/test` 11/11 green; `AccessControlService`, `ConfigService`, `FileService`, `ComputingUnitManagingService`, `WorkflowExecutionService` all compile clean; `Auth/scalafmtCheckAll` and `Auth/scalafixAll --check` clean. ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (Opus 4.7) Report URL: https://github.com/apache/texera/actions/runs/25303025166 With regards, GitHub Actions via GitBox
