Prioritize JWT over service API keys in authentication

jnsdls · jnsdls · commit 91b22849bcdc · 2025-05-12T22:11:25.000+02:00
diff --git a/.changeset/shaky-eels-shine.md b/.changeset/shaky-eels-shine.md
@@ -0,0 +1,5 @@
+---
+"@thirdweb-dev/service-utils": patch
+---
+
+Prioritize JWT over service API keys in authentication
diff --git a/packages/service-utils/src/core/api.ts b/packages/service-utils/src/core/api.ts
@@ -258,12 +258,17 @@ export async function fetchTeamAndProject(
         method: "GET",
         headers: {
           ...(authData.secretKey ? { "x-secret-key": authData.secretKey } : {}),
-          ...(authData.jwt ? { Authorization: `Bearer ${authData.jwt}` } : {}),
-          // use the incoming service api key if it exists, otherwise use the service api key
-          // this is done to ensure that the incoming service API key is VALID in the first place
-          "x-service-api-key": incomingServiceApiKey
-            ? incomingServiceApiKey
-            : serviceApiKey,
+          ...(authData.jwt
+            ? { Authorization: `Bearer ${authData.jwt}` }
+            : // if the JWT is not present ww'll use service api keys, if there is a JWT present we'll always use the JWT
+              {
+                // use the incoming service api key if it exists, otherwise use the service api key
+                // this is done to ensure that the incoming service API key is VALID in the first place
+                "x-service-api-key": incomingServiceApiKey
+                  ? incomingServiceApiKey
+                  : serviceApiKey,
+              }),
+
           "content-type": "application/json",
         },
       });

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@thirdweb-dev/service-utils": patch
 +---
++
 +Prioritize JWT over service API keys in authentication