From 9ad4e55e821040fac15aab3913b5f65f90395031 Mon Sep 17 00:00:00 2001
From: Nikos Douvlis <nikosdouvlis@gmail.com>
Date: Wed, 18 Mar 2026 15:24:10 +0200
Subject: [PATCH] feat(shared): Add oiat field to JwtHeader type

Session Minter uses oiat (original_issued_at) in the JWT header to
track when token claims were last assembled from the DB. Edge
re-mints copy this value forward, so consumers can determine claim
freshness regardless of how many times the token was re-signed.

Marked @internal so developers don't depend on this field.
---
 .changeset/session-minter-oiat-type.md | 5 +++++
 packages/shared/src/types/jwtv2.ts     | 2 ++
 2 files changed, 7 insertions(+)
 create mode 100644 .changeset/session-minter-oiat-type.md

diff --git a/.changeset/session-minter-oiat-type.md b/.changeset/session-minter-oiat-type.md
new file mode 100644
index 00000000000..860ee52193c
--- /dev/null
+++ b/.changeset/session-minter-oiat-type.md
@@ -0,0 +1,5 @@
+---
+'@clerk/shared': patch
+---
+
+Add `oiat` (original_issued_at) field to `JwtHeader` type for Session Minter monotonic token freshness checks.
diff --git a/packages/shared/src/types/jwtv2.ts b/packages/shared/src/types/jwtv2.ts
index f03d6738333..1d8af24d979 100644
--- a/packages/shared/src/types/jwtv2.ts
+++ b/packages/shared/src/types/jwtv2.ts
@@ -25,6 +25,8 @@ export interface JwtHeader {
   'x5t#S256'?: string;
   x5t?: string;
   x5c?: string | string[];
+  /** @internal - used by Session Minter for monotonic token freshness checks. Do not depend on this field. */
+  oiat?: number;
 }
 
 declare global {