feat(model): add support for family and given name claims (#69)

Author: nexus49

jwt/model.go

@@ -37,7 +37,7 @@ type WebToken struct {
 func New(idToken string, signatureAlgorithms []jose.SignatureAlgorithm) (webToken WebToken, err error) {
 	token, parseErr := jwt.ParseSigned(idToken, signatureAlgorithms)
 	if parseErr != nil {
-		err = fmt.Errorf("unable to parse id_token: [%s], %w", idToken, parseErr)
+		err = fmt.Errorf("unable to parse id_token: %w", parseErr)
 		return
 	}
 
@@ -52,6 +52,8 @@ func New(idToken string, signatureAlgorithms []jose.SignatureAlgorithm) (webToke
 	webToken.IssuerAttributes = rawToken.IssuerAttributes
 	webToken.Audiences = rawToken.getAudiences()
 	webToken.Mail = rawToken.getMail()
+	webToken.FirstName = rawToken.getFirstName()
+	webToken.LastName = rawToken.getLastName()
 
 	return
 }

jwt/model_test.go

@@ -11,41 +11,191 @@ import (
 var signatureAlgorithms = []jose.SignatureAlgorithm{jose.HS256}
 var joseTestKey = []byte("0123456789abcdef0123456789abcdef") // 32 bytes
 
-func TestNew(t *testing.T) {
-	issuer := "my-issuer"
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.RegisteredClaims{
-		Issuer: issuer,
-	})
-	tokenString, err := token.SignedString(joseTestKey)
-	assert.NoError(t, err)
-
-	webToken, err := New(tokenString, signatureAlgorithms)
-	assert.NoError(t, err)
-	assert.NotNil(t, webToken)
-	assert.Equal(t, issuer, webToken.Issuer)
-}
+func TestNew_Success(t *testing.T) {
+	tests := []struct {
+		name       string
+		claims     map[string]interface{}
+		expectedWT WebToken
+	}{
+		{
+			name: "basic issuer claim",
+			claims: map[string]interface{}{
+				"iss": "my-issuer",
+			},
+			expectedWT: WebToken{
+				IssuerAttributes: IssuerAttributes{
+					Issuer: "my-issuer",
+				},
+			},
+		},
+		{
+			name: "with first_name and last_name",
+			claims: map[string]interface{}{
+				"iss":        "test-issuer",
+				"sub":        "test-subject",
+				"first_name": "John",
+				"last_name":  "Doe",
+			},
+			expectedWT: WebToken{
+				IssuerAttributes: IssuerAttributes{
+					Issuer:  "test-issuer",
+					Subject: "test-subject",
+				},
+				UserAttributes: UserAttributes{
+					FirstName: "John",
+					LastName:  "Doe",
+				},
+			},
+		},
+		{
+			name: "with given_name and family_name",
+			claims: map[string]interface{}{
+				"iss":         "test-issuer",
+				"sub":         "test-subject",
+				"given_name":  "Jonathan",
+				"family_name": "Smith",
+			},
+			expectedWT: WebToken{
+				IssuerAttributes: IssuerAttributes{
+					Issuer:  "test-issuer",
+					Subject: "test-subject",
+				},
+				UserAttributes: UserAttributes{
+					FirstName: "Jonathan",
+					LastName:  "Smith",
+				},
+			},
+		},
+		{
+			name: "prefer first_name/last_name over given_name/family_name",
+			claims: map[string]interface{}{
+				"iss":         "test-issuer",
+				"sub":         "test-subject",
+				"first_name":  "John",
+				"last_name":   "Doe",
+				"given_name":  "Jonathan",
+				"family_name": "Smith",
+			},
+			expectedWT: WebToken{
+				IssuerAttributes: IssuerAttributes{
+					Issuer:  "test-issuer",
+					Subject: "test-subject",
+				},
+				UserAttributes: UserAttributes{
+					FirstName: "John",
+					LastName:  "Doe",
+				},
+			},
+		},
+		{
+			name: "fallback to given_name/family_name when first_name/last_name are empty",
+			claims: map[string]interface{}{
+				"iss":         "test-issuer",
+				"sub":         "test-subject",
+				"first_name":  "",
+				"last_name":   "",
+				"given_name":  "Jonathan",
+				"family_name": "Smith",
+			},
+			expectedWT: WebToken{
+				IssuerAttributes: IssuerAttributes{
+					Issuer:  "test-issuer",
+					Subject: "test-subject",
+				},
+				UserAttributes: UserAttributes{
+					FirstName: "Jonathan",
+					LastName:  "Smith",
+				},
+			},
+		},
+		{
+			name: "partial fallback - first_name present, last_name empty",
+			claims: map[string]interface{}{
+				"iss":         "test-issuer",
+				"sub":         "test-subject",
+				"first_name":  "John",
+				"last_name":   "",
+				"given_name":  "Jonathan",
+				"family_name": "Smith",
+			},
+			expectedWT: WebToken{
+				IssuerAttributes: IssuerAttributes{
+					Issuer:  "test-issuer",
+					Subject: "test-subject",
+				},
+				UserAttributes: UserAttributes{
+					FirstName: "John",
+					LastName:  "Smith",
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(tt.claims))
+			tokenString, err := token.SignedString(joseTestKey)
+			assert.NoError(t, err)
 
-func TestNewAndFail(t *testing.T) {
-	tokenString := "just a string"
-	_, err := New(tokenString, signatureAlgorithms)
-	assert.Error(t, err)
+			webToken, err := New(tokenString, signatureAlgorithms)
+			assert.NoError(t, err)
+			assert.NotNil(t, webToken)
+			assert.Equal(t, tt.expectedWT.Issuer, webToken.Issuer)
+			assert.Equal(t, tt.expectedWT.Subject, webToken.Subject)
+			assert.Equal(t, tt.expectedWT.FirstName, webToken.FirstName)
+			assert.Equal(t, tt.expectedWT.LastName, webToken.LastName)
+		})
+	}
 }
 
-func TestNew_DeserializationError(t *testing.T) {
-	// Create a valid JWT header and signature, but with a payload that is not valid JSON
-	// or cannot be unmarshaled into the expected struct.
-	// We'll use jose to construct a token with a payload that is not a JSON object.
-	invalidPayload := "not-a-json-object"
-	signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.HS256, Key: joseTestKey}, nil)
-	assert.NoError(t, err)
+func TestNew_Errors(t *testing.T) {
+	tests := []struct {
+		name          string
+		tokenString   string
+		setupToken    func() (string, error)
+		expectedError string
+	}{
+		{
+			name:          "invalid token string",
+			tokenString:   "just a string",
+			expectedError: "unable to parse id_token",
+		},
+		{
+			name: "deserialization error with invalid payload",
+			setupToken: func() (string, error) {
+				// Create a valid JWT header and signature, but with a payload that is not valid JSON
+				invalidPayload := "not-a-json-object"
+				signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.HS256, Key: joseTestKey}, nil)
+				if err != nil {
+					return "", err
+				}
+
+				object, err := signer.Sign([]byte(invalidPayload))
+				if err != nil {
+					return "", err
+				}
+
+				return object.CompactSerialize()
+			},
+			expectedError: "unable to deserialize claims",
+		},
+	}
 
-	object, err := signer.Sign([]byte(invalidPayload))
-	assert.NoError(t, err)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var tokenString string
+			var err error
 
-	tokenString, err := object.CompactSerialize()
-	assert.NoError(t, err)
+			if tt.setupToken != nil {
+				tokenString, err = tt.setupToken()
+				assert.NoError(t, err)
+			} else {
+				tokenString = tt.tokenString
+			}
 
-	_, err = New(tokenString, signatureAlgorithms)
-	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "unable to deserialize claims")
+			_, err = New(tokenString, signatureAlgorithms)
+			assert.Error(t, err)
+			assert.Contains(t, err.Error(), tt.expectedError)
+		})
+	}
 }

jwt/raw.go

@@ -1,9 +1,13 @@
 package jwt
 
+import "strings"
+
 type rawClaims struct {
-	RawAudiences interface{} `json:"aud"` // RawAudiences could be a []string or string depending on the serialization in IdP site
-	RawEmail     string      `json:"email,omitempty"`
-	RawMail      string      `json:"mail,omitempty"`
+	RawAudiences  interface{} `json:"aud"` // RawAudiences could be a []string or string depending on the serialization in IdP site
+	RawEmail      string      `json:"email,omitempty"`
+	RawMail       string      `json:"mail,omitempty"`
+	RawGivenName  string      `json:"given_name,omitempty"`
+	RawFamilyName string      `json:"family_name,omitempty"`
 }
 
 type rawWebToken struct {
@@ -13,9 +17,25 @@ type rawWebToken struct {
 }
 
 func (r rawWebToken) getMail() (mail string) {
-	mail = r.RawMail
+	mail = strings.TrimSpace(r.RawMail)
 	if mail == "" {
-		mail = r.RawEmail
+		mail = strings.TrimSpace(r.RawEmail)
+	}
+	return
+}
+
+func (r rawWebToken) getLastName() (lastName string) {
+	lastName = strings.TrimSpace(r.LastName)
+	if lastName == "" {
+		lastName = strings.TrimSpace(r.RawFamilyName)
+	}
+	return
+}
+
+func (r rawWebToken) getFirstName() (firstName string) {
+	firstName = strings.TrimSpace(r.FirstName)
+	if firstName == "" {
+		firstName = strings.TrimSpace(r.RawGivenName)
 	}
 	return
 }