kyte-php v4.4.5
Bug Fix + Feature: JWT login parity with HMAC session response
Three changes for JWT login on apps with custom user_model:
-
Account fallback for app-scoped users.
JwtEndpoint::loginbailed with 401 whenuser->kyte_accountwas 0. App-scoped User models don't carry that FK directly — the user belongs to the Application, and the Application carries the account FK. Fall back to$app->kyte_accountwhen the user has no direct account. -
HMAC-parity response shape. Adds
uid,account_id, anddata(user payload, with protected fields stripped, wrapped perUSE_SESSION_MAP) to the JWT login response. Customer frontends consumingsession.data[0].fieldnameorsession.uidwere silently failing under JWT because the payload was tokens-only. -
FK expansion in
data. Mirrors HMAC'sSESSION_RETURN_FKbehavior —user.orgis now expanded into the full Org object ({id:2, org_type:'LP', ...}) instead of returned as the raw integer FK. Bounded recursion at depth 3 to handle (rare) cyclic FKs. Frontends doinguser.org.org_typenow work.
Known follow-up: FK expansion is N+1 — see Tempo card #171 for optimization.
No schema changes. Composer upgrade is sufficient.