From e8dff5b28786bb48eac47b67450d2ff1f37fc8e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=B0=95=EB=AF=BC=EC=84=9D?= <minsuk4820@naver.com>
Date: Wed, 15 Apr 2026 19:30:01 +0900
Subject: [PATCH] fix: improve auth handler template in integrate skill

- Add role field to JWT payload return for user role propagation
- Use specific @auth.on.threads.* decorators instead of catch-all @auth.on
- Rename add_owner to filter_by_owner for clarity
---
 .claude/skills/integrate/auth-nextauth.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.claude/skills/integrate/auth-nextauth.md b/.claude/skills/integrate/auth-nextauth.md
index feba76f..4029ed8 100644
--- a/.claude/skills/integrate/auth-nextauth.md
+++ b/.claude/skills/integrate/auth-nextauth.md
@@ -100,6 +100,7 @@ async def authenticate(authorization: str | None) -> Auth.types.MinimalUserDict:
 
         return {
             "identity": payload["sub"],
+            "role": payload.get("role"),
             "email": payload.get("email"),
             "display_name": payload.get("name"),
             "is_authenticated": True,
@@ -109,8 +110,12 @@ async def authenticate(authorization: str | None) -> Auth.types.MinimalUserDict:
         raise AUTH_EXCEPTION
 
 
-@auth.on
-async def add_owner(ctx: Auth.types.AuthContext, value: dict) -> dict:
+@auth.on.threads.create
+@auth.on.threads.read
+@auth.on.threads.update
+@auth.on.threads.delete
+@auth.on.threads.search
+async def filter_by_owner(ctx: Auth.types.AuthContext, value: dict) -> dict:
     """Isolate threads per user."""
     filters = {"owner": ctx.user.identity}
     metadata = value.setdefault("metadata", {})