Skip to content

fix(auth): stop expiring Plus One identity assertions#43

Merged
JannikJung merged 1 commit into
mainfrom
codex/remove-plus-one-identity-freshness
Jul 1, 2026
Merged

fix(auth): stop expiring Plus One identity assertions#43
JannikJung merged 1 commit into
mainfrom
codex/remove-plus-one-identity-freshness

Conversation

@JannikJung

Copy link
Copy Markdown
Collaborator

Summary

Plus One bootstrap assertions no longer fail only because identity_verified_at is older than the previous receiver freshness window. Skill Library still validates the assertion signature, issuer, audience, subject, required workspace claims, and future-skew bounds; it just stops using link-proof age as an authorization gate.

This keeps old but still-valid Plus One connections from requiring a manual Every relink while preserving the normal token/session and membership checks that actually determine access.

Validation

  • npx vitest run tests/auth/first-party-assertion.test.ts tests/routes/plus-one-oauth-client.test.ts --no-file-parallelism --maxWorkers=1 --maxConcurrency=1
  • npm run build

Compound Engineering
GPT-5 Codex

@JannikJung JannikJung force-pushed the codex/remove-plus-one-identity-freshness branch from cbe6dc0 to 33db1e8 Compare July 1, 2026 17:31
@JannikJung JannikJung merged commit 8289311 into main Jul 1, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant