Skip to content

Fix netid: Clerk API fallback with TTL cache#24

Merged
DIodide merged 1 commit intostagingfrom
fix/netid-passing
Apr 1, 2026
Merged

Fix netid: Clerk API fallback with TTL cache#24
DIodide merged 1 commit intostagingfrom
fix/netid-passing

Conversation

@DIodide
Copy link
Copy Markdown
Owner

@DIodide DIodide commented Apr 1, 2026

Problem

Users whose primary Clerk email is Gmail (not Princeton) never got their netid resolved, even if they had a verified @princeton.edu email on their account. Also, the netid cache had no TTL — removing a Princeton email didn't take effect until process restart.

Fix

  • resolve_princeton_netid() now calls Clerk Backend API to check all verified emails when JWT primary email isn't Princeton
  • Cache has 5-minute TTL so email changes propagate without restart
  • Requires CLERK_SECRET_KEY env var on backend (already set on EC2)

🤖 Generated with Claude Code

@DIodide @claude
Fix netid resolution: use Clerk Backend API with TTL cache
622c58b 
The JWT email is the user's primary email (e.g. Gmail), not necessarily
their Princeton email. When the JWT email isn't @princeton.edu, the
backend now calls the Clerk Backend API to check all verified emails on
the account.

- Add resolve_princeton_netid() async function with Clerk API fallback
- Add 5-minute TTL cache so email removals propagate without restart
- Requires CLERK_SECRET_KEY env var on the backend

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@DIodide DIodide merged commit c49f60c into staging Apr 1, 2026
@DIodide DIodide deleted the fix/netid-passing branch April 1, 2026 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DIodide