fix: no valid session check

Author: rob-at-cortex

packages/auth/src/payload-jwt/authenticateRequest.ts

@@ -200,7 +200,7 @@ export async function authenticateIdentity({
 
     const session = await verifyToken(authHeader.replace('Bearer ', ''))
 
-    if ((!session?.sub || !session.extra) && !session?.agent_id)
+    if (!session?.sub && (!session?.extra || !session?.agent_id))
         throw createAuthError('No valid session found', 401)
 
     const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID!