(body: Record<string, unknown>)
| 70 | |
| 71 | /** Pull `user.email` out of a token response (WorkOS returns the user inline). */ |
| 72 | const readUserEmail = (body: Record<string, unknown>): string | undefined => { |
| 73 | const user = body.user; |
| 74 | if (user && typeof user === "object" && "email" in user) { |
| 75 | return asString((user as { email?: unknown }).email); |
| 76 | } |
| 77 | return undefined; |
| 78 | }; |
| 79 | |
| 80 | /** |
| 81 | * Decode a JWT access token's claims WITHOUT verifying it. The CLI only uses |
no test coverage detected