Skip to content

Droid/Factory login is a false negative when auth/me no longer returns userProfile.id #626

Open
Open
Droid/Factory login is a false negative when auth/me no longer returns userProfile.id#626
@CrystalChen1017

Description

@CrystalChen1017
CrystalChen1017
opened on Mar 31, 2026

Summary
Droid/Factory login appears to fail in CodexBar 0.19.0 with:

Not logged in to Factory. Please log in via the CodexBar menu.

But the actual Factory auth is successful. The failure happens later when CodexBar calls:

POST /api/organization/subscription/usage

with a missing/null userId.
Environment
CodexBar: 0.19.0
macOS: macOS
Browser: Chrome
Factory account is logged in and browser cookies/local storage are present
auth.factory.ai cookies include session, access-token, __recent_auth
Chrome local storage includes workos:refresh-token
What I observed
CodexBar successfully gets a valid bearer token and can call:

GET https://api.factory.ai/api/app/auth/me

That request returns 200.

However, the later usage request fails if userId is missing:

POST https://api.factory.ai/api/organization/subscription/usage
Request body that fails
{"useCache":true}
or

{"useCache":true,"userId":null}

Response

{
"detail": "Must be manager to get usage for other users",
"status": 403,
"title": "Forbidden"
}

Request body that succeeds

{"useCache":true,"userId":"user_..."}

This returns 200 with usage data.

Likely root cause

It looks like CodexBar expects auth/me.userProfile.id, but Factory's current auth/me response no longer includes id
under userProfile.

In my current response shape, top-level keys are:

  • featureFlags
  • organization
  • userProfile

And userProfile contains keys like:

  • email
  • role
  • status
  • threads
  • droidPreferences

but not id.

Because of that, CodexBar likely derives userId = nil, then sends a usage request without the correct user id, which
Factory treats as "other users" access and rejects with 403.

Suggested fix

For the Factory provider, when building the request body for /api/organization/subscription/usage, fall back to the
bearer JWT sub claim if auth/me.userProfile.id is missing.

That would make the request use the current user id even when the auth/me schema changes.

Why the current error is misleading

The current UI/CLI error says:

Not logged in to Factory. Please log in via the CodexBar menu.

But login is actually successful. The real failure is a schema mismatch causing the usage request body to omit userId.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions