Populate AccountType in auth shim from mcdsl

Now that mcdsl/auth.TokenInfo carries AccountType (from the updated MCIAS validate response), the MCR auth shim passes it through to Claims.AccountType. Policy engine rules matching on account type now work correctly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 17:45:21 -07:00
parent 78f3eae651
commit 1454f56adb
1 changed files with 3 additions and 2 deletions
--- a/internal/auth/client.go
+++ b/internal/auth/client.go
@@ -57,7 +57,8 @@ func (c *Client) ValidateToken(token string) (*Claims, error) {
 		return nil, ErrMCIASUnavailable
 	}
 	return &Claims{
-		Subject: info.Username,
-		Roles:   info.Roles,
+		Subject:     info.Username,
+		AccountType: info.AccountType,
+		Roles:       info.Roles,
 	}, nil
 }