auth: Fix user claim name and remove client_id

The right claim for the username is _preffered_username_. Also, `client_id` is removed because we don't need it. Signed-off-by: Cosmin Tupangiu <[email protected]>
kubev2v · Dec 17, 2024 · 0a8401b · 0a8401b
1 parent be8b922
commit 0a8401b
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 13 deletions.
diff --git a/internal/auth/rhsso_authenticator.go b/internal/auth/rhsso_authenticator.go
@@ -55,9 +55,8 @@ func (rh *RHSSOAuthenticator) parseToken(userToken *jwt.Token) (User, error) {
 	}
 
 	return User{
-		Username:     claims["username"].(string),
+		Username:     claims["preffered_username"].(string),
 		Organization: claims["org_id"].(string),
-		ClientID:     claims["client_id"].(string),
 		Token:        userToken,
 	}, nil
 }

diff --git a/internal/auth/rhsso_authenticator_test.go b/internal/auth/rhsso_authenticator_test.go
@@ -26,7 +26,6 @@ var _ = Describe("sso authentication", func() {
 			user, err := authenticator.Authenticate(sToken)
 			Expect(err).To(BeNil())
 			Expect(user.Username).To(Equal("batman"))
-			Expect(user.ClientID).To(Equal("batman_id"))
 			Expect(user.Organization).To(Equal("GothamCity"))
 		})
 
@@ -95,16 +94,14 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 func generateValidToken() (string, func(t *jwt.Token) (any, error)) {
 	type TokenClaims struct {
-		Username string `json:"username"`
-		ClientID string `json:"client_id"`
+		Username string `json:"preffered_username"`
 		OrgID    string `json:"org_id"`
 		jwt.RegisteredClaims
 	}
 
 	// Create claims with multiple fields populated
 	claims := TokenClaims{
 		"batman",
-		"batman_id",
 		"GothamCity",
 		jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
@@ -132,8 +129,7 @@ func generateValidToken() (string, func(t *jwt.Token) (any, error)) {
 
 func generateInvalidValidToken(missingClaim string) (string, func(t *jwt.Token) (any, error)) {
 	type TokenClaims struct {
-		Username string `json:"username"`
-		ClientID string `json:"client_id"`
+		Username string `json:"preffered_username"`
 		OrgID    string `json:"org_id"`
 		jwt.RegisteredClaims
 	}
@@ -156,7 +152,6 @@ func generateInvalidValidToken(missingClaim string) (string, func(t *jwt.Token)
 	// Create claims with multiple fields populated
 	claims := TokenClaims{
 		"batman",
-		"batman_id",
 		"GothamCity",
 		registedClaims,
 	}
@@ -176,16 +171,14 @@ func generateInvalidValidToken(missingClaim string) (string, func(t *jwt.Token)
 
 func generateInvalidTokenWrongSigningMethod() (string, func(t *jwt.Token) (any, error)) {
 	type TokenClaims struct {
-		Username string `json:"username"`
-		ClientID string `json:"client_id"`
+		Username string `json:"preffered_username"`
 		OrgID    string `json:"org_id"`
 		jwt.RegisteredClaims
 	}
 
 	// Create claims with multiple fields populated
 	claims := TokenClaims{
 		"batman",
-		"batman_id",
 		"GothamCity",
 		jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),

diff --git a/internal/auth/user.go b/internal/auth/user.go
@@ -27,6 +27,5 @@ func newContext(ctx context.Context, u User) context.Context {
 type User struct {
 	Username     string
 	Organization string
-	ClientID     string
 	Token        *jwt.Token
 }