Handle JWT auth method explicitly in service-utils (#6984)

Author: jnsdls

.changeset/crazy-states-sleep.md

@@ -0,0 +1,5 @@
+---
+"@thirdweb-dev/service-utils": patch
+---
+
+handle jwt auth method explicitly

apps/playground-web/package.json

@@ -28,7 +28,7 @@
     "@radix-ui/react-switch": "^1.2.2",
     "@radix-ui/react-tooltip": "1.2.3",
     "@tanstack/react-query": "5.74.4",
-    "@thirdweb-dev/engine": "^0.0.19",
+    "@thirdweb-dev/engine": "0.0.19",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "date-fns": "4.1.0",

packages/service-utils/src/core/authorize/client.ts

@@ -22,6 +22,11 @@ export function authorizeClient(
     authMethod,
   };
 
+  if (authMethod === "jwt") {
+    // ignore domains and bundleIds for JWT auth, if the token is valid we'll return the authResult
+    return authResult;
+  }
+
   // if there's no project, we'll return the authResult (JWT or teamId auth)
   if (!project) {
     return authResult;

packages/service-utils/src/core/authorize/index.ts

@@ -49,13 +49,13 @@ export async function authorize(
   // Use a separate cache key per auth method.
   const cacheKey = authData.incomingServiceApiKey
     ? // incoming service key + clientId case
-      `key-v2:service-key:${authData.incomingServiceApiKeyHash}:${authData.clientId ?? "default"}`
+      `key-v2:service-key:${authData.incomingServiceApiKeyHash}:${authData.clientId ?? "client_default"}`
     : authData.secretKeyHash
       ? // secret key case
         `key-v2:secret-key:${authData.secretKeyHash}`
       : authData.hashedJWT
         ? // dashboard jwt case
-          `key-v2:dashboard-jwt:${authData.hashedJWT}:${authData.teamId ?? "default"}`
+          `key-v2:dashboard-jwt:${authData.hashedJWT}:${authData.teamId ?? "team_default"}:${authData.clientId ?? "client_default"}`
         : authData.clientId
           ? // clientId case
             `key-v2:client-id:${authData.clientId}`