Skip to content

fix(identity): correct audiusSdk accessor in authMiddleware (.full.users -> .users)#14482

Merged
dylanjeffers merged 1 commit into
mainfrom
fix/identity-auth-sdk-timeout
Jun 16, 2026
Merged

fix(identity): correct audiusSdk accessor in authMiddleware (.full.users -> .users)#14482
dylanjeffers merged 1 commit into
mainfrom
fix/identity-auth-sdk-timeout

Conversation

@dylanjeffers

@dylanjeffers dylanjeffers commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Problem

Users report failing/janky signups, with POST https://identityservice.audius.co/users/update misbehaving (Slack thread).

authMiddleware (which gates /users/update, /record_ip, and every other authenticated endpoint) backfills blockchainUserId/handle for any identity Users row that lacks them — i.e. every guest / freshly signed-up user. It did this via:

req.app.get('audiusSdk').full.users.getUserAccount({ ... })

But the @audius/sdk instance has no .full namespaceusers is a top-level API (audiusSdk.users.getUserAccount). So .full is undefined and .users throws a synchronous TypeError on every new-user auth request.

Confirmed in prod logs:

TypeError: Cannot read properties of undefined (reading 'users')
    at authMiddleware (build/src/authMiddleware.js:97:68)
msg: "Failed to update blockchainUserId/handle"

The surrounding try/catch swallowed it and called next(), so the request proceeded but the backfill silently never happened — new identity rows never got blockchainUserId/handle set.

Why it started now

The bad accessor came in with the monorepo import of identity-service (#14388, 5/22), which rewrote authMiddleware to use @audius/sdk. It was dormant until #14474 (6/15) shipped loadAudiusSdk.cjs into the build, so the SDK actually initialized and this line began firing — matching the regression window. (identity hadn't been deployed in a while; 6/15 was the first monorepo image promoted to prod.)

I verified prod is in the benign config otherwise: environment=production is set in identity-service-secret, so the SDK targets prod discovery — the issue is purely the wrong accessor, not SDK misconfig.

Fix

Use the correct accessor audiusSdk.users.getUserAccount in both authMiddleware and parameterizedAuthMiddleware. One-token change per call site.

Notes

Verification

  • Confirmed getUserAccount lives on the top-level UsersApi (audiusSdk.users) and there is no .full in the SDK instance shape (@audius/sdk index.d.ts).
  • Confirmed response shape res.data.user is still correct (UserAccountResponse.data: Account, Account.user: User).
  • Confirmed prod environment=production.

After deploy, the TypeError ... reading 'users' log should disappear and Failed to update blockchainUserId/handle should drop to near-zero.

🤖 Generated with Claude Code

@changeset-bot

changeset-bot Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 91d317b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@dylanjeffers dylanjeffers force-pushed the fix/identity-auth-sdk-timeout branch from 7ed67a3 to 7838f7d Compare June 16, 2026 19:43
@dylanjeffers dylanjeffers changed the title fix(identity): bound SDK getUserAccount lookup in authMiddleware fix(identity): correct audiusSdk accessor in authMiddleware (.full.users -> .users) Jun 16, 2026
@dylanjeffers @claude
fix(identity): correct audiusSdk accessor in authMiddleware (.full.us…
91d317b 
…ers -> .users)

authMiddleware backfills blockchainUserId/handle for users whose identity
row lacks them (the state of any guest / freshly signed-up user) by calling
the SDK. It used `req.app.get('audiusSdk').full.users.getUserAccount(...)`,
but the @audius/sdk instance has no `.full` namespace - `users` is a
top-level API. So `.full` is undefined and `.users` throws a synchronous
TypeError ("Cannot read properties of undefined (reading 'users')") on
EVERY new-user auth request (/users/update, /record_ip, etc).

Confirmed in prod logs:
  TypeError: Cannot read properties of undefined (reading 'users')
    at authMiddleware (build/src/authMiddleware.js:97:68)
  msg: "Failed to update blockchainUserId/handle"

The bad accessor came in with the monorepo import (#14388) and only began
firing once #14474 (6/15) made loadAudiusSdk.cjs available so the SDK
actually initialized - matching the signup regression window. The
surrounding try/catch swallowed the error and called next(), so the
backfill silently never happened for new users.

Fix: use the correct accessor `audiusSdk.users.getUserAccount`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dylanjeffers dylanjeffers force-pushed the fix/identity-auth-sdk-timeout branch from 7838f7d to 91d317b Compare June 16, 2026 19:53
@dylanjeffers dylanjeffers merged commit ad185ab into main Jun 16, 2026
8 checks passed
@dylanjeffers dylanjeffers deleted the fix/identity-auth-sdk-timeout branch June 16, 2026 20:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dylanjeffers