From ed26fb4d19b9c9a2b46c6cc55aac7bffb4619c5b Mon Sep 17 00:00:00 2001
From: Stevche Radevski <sradevski@live.com>
Date: Wed, 4 Sep 2024 17:23:31 +0200
Subject: [PATCH] fix: Check actor type on account creation, fix github entity
 id (#8996)

---
 packages/core/js-sdk/src/auth/index.ts                     | 2 +-
 .../src/http/middlewares/authenticate-middleware.ts        | 7 ++++++-
 .../modules/providers/auth-github/src/services/github.ts   | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/packages/core/js-sdk/src/auth/index.ts b/packages/core/js-sdk/src/auth/index.ts
index 23c9b75828..95f08c014e 100644
--- a/packages/core/js-sdk/src/auth/index.ts
+++ b/packages/core/js-sdk/src/auth/index.ts
@@ -59,7 +59,7 @@ export class Auth {
       this.client.setToken(token as string)
     }
 
-    return token
+    return token as string
   }
 
   // The callback expects all query parameters from the Oauth callback to be passed to the backend, and the provider is in charge of parsing and validating them
diff --git a/packages/framework/framework/src/http/middlewares/authenticate-middleware.ts b/packages/framework/framework/src/http/middlewares/authenticate-middleware.ts
index d7a0aa781a..dec1151bdb 100644
--- a/packages/framework/framework/src/http/middlewares/authenticate-middleware.ts
+++ b/packages/framework/framework/src/http/middlewares/authenticate-middleware.ts
@@ -87,7 +87,12 @@ export const authenticate = (
     }
 
     // If the entity is authenticated, but there is no registered actor yet, we can continue (eg. in the case of a user invite) if allow unregistered is set
-    if (authContext?.auth_identity_id && options.allowUnregistered) {
+    // We also don't want to allow creating eg. a customer with a token created for a `user` provider.
+    if (
+      authContext?.auth_identity_id &&
+      options.allowUnregistered &&
+      actorTypes.includes(authContext?.actor_type)
+    ) {
       req_.auth_context = authContext
       return next()
     }
diff --git a/packages/modules/providers/auth-github/src/services/github.ts b/packages/modules/providers/auth-github/src/services/github.ts
index 9f3715c9b8..fb26c69fcc 100644
--- a/packages/modules/providers/auth-github/src/services/github.ts
+++ b/packages/modules/providers/auth-github/src/services/github.ts
@@ -148,7 +148,7 @@ export class GithubAuthService extends AbstractAuthModuleProvider {
       },
     }).then((r) => r.json())
 
-    const entity_id = user.id
+    const entity_id = user.id.toString()
     const userMetadata = {
       profile_url: user.url,
       avatar: user.avatar_url,