Skip to content

Commit

Permalink
add audDisplayName attribute in the source of an identity
Browse files Browse the repository at this point in the history
  • Loading branch information
@livetocode
livetocode committed Sep 25, 2024
1 parent 78fe076 commit f7e10aa
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 11 deletions.
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@villedemontreal/jwt-validator",
"version": "5.10.2",
"version": "5.10.3",
"description": "Module to validate JWT (JSON Web Tokens)",
"main": "dist/src/index.js",
"typings": "dist/src",
Expand Down
18 changes: 11 additions & 7 deletions src/models/identities.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -429,16 +429,20 @@ export type ServiceAccountAttributes =
*/
export type IdentitySource = {
/**
* The audience of the JWT, which is usually the clientID our appId.
* The audience of the JWT, which is usually the clientID of our appId.
*/
aud: string;
/**
* Which service issued the JWT that we parsed into an identity.
* The display name of the audience of the JWT, which is usually the name of our app.
*/
audDisplayName?: string;
/**
* Specifies which service issued the JWT that we parsed into an identity.
* Usually, this would be 'security-identity-token-api'.
*/
issuer: string;
/**
* Which IDP produced the access token that was submitted to TokenAPI.
* Specifies which IDP produced the access token that was submitted to TokenAPI.
* For EntraID, this would be https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0,
* for Azure AD B2C https://connexion.montreal.ca,
* for Gluu employee https://idp.montreal.ca,
Expand All @@ -447,22 +451,22 @@ export type IdentitySource = {
*/
accessTokenIssuer?: string;
/**
* Which claim was used for the unique ID of the identity.
* Specifies which claim was used for the unique ID of the identity.
* This could be: userName, email, mtlIdentityId, aud, sub
*/
claim: string;
/**
* The internal ID that would provide access to the user object in the IDP itself.
* Specifies the internal ID that would provide access to the user object in the IDP itself.
* For Azure, this would be the 'oid' (or objectID) and for Gluu this would be the inum (or sub).
*/
internalId: string;
/**
* The realm that produced the access token.
* Specifies the realm that produced the access token.
* This could be: employees, citizens, anonymous
*/
realm: string;
/**
* The name of the environment that produced the JWT.
* Specifies the name of the environment that produced the JWT.
* This could be: lab, dev, accept, prod
*/
env?: string;
Expand Down
29 changes: 28 additions & 1 deletion src/utils/createIdentityFromJwt.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand All @@ -81,7 +82,7 @@ describe('createIdentityFromJwt', () => {
});
// console.log(JSON.stringify(identity));
expect(JSON.stringify(identity)).to.eql(
`{"type":"user","id":"udoejo3","displayName":"John DOE","attributes":{"type":"employee","email":"john.doe@montreal.ca","username":"udoejo3","registrationNumber":"100674051","department":"421408000000","firstName":"John","lastName":"DOE","accountProfile":"vdm","isGeneric":false},"source":{"aud":"e5dd632b-cb97-48d7-a310-5147be717cde","issuer":"security-identity-token-api","accessTokenIssuer":"https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0","env":"dev","realm":"employees","claim":"userName","internalId":"0b64042a-9cce-42dc-b645-cd721cbbc179"}}`
`{"type":"user","id":"udoejo3","displayName":"John DOE","attributes":{"type":"employee","email":"john.doe@montreal.ca","username":"udoejo3","registrationNumber":"100674051","department":"421408000000","firstName":"John","lastName":"DOE","accountProfile":"vdm","isGeneric":false},"source":{"aud":"e5dd632b-cb97-48d7-a310-5147be717cde","audDisplayName":"infra-auth-auth-playground-dev","issuer":"security-identity-token-api","accessTokenIssuer":"https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0","env":"dev","realm":"employees","claim":"userName","internalId":"0b64042a-9cce-42dc-b645-cd721cbbc179"}}`
);
});

Expand Down Expand Up @@ -136,6 +137,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -196,6 +198,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -255,6 +258,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -312,6 +316,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -368,6 +373,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -423,6 +429,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -483,6 +490,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -541,6 +549,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -594,6 +603,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -639,6 +649,7 @@ describe('createIdentityFromJwt', () => {
issuer: 'security-identity-token-api',
accessTokenIssuer: 'security-identity-anonymous-token-api',
aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0010',
audDisplayName: 'Account Identity Managment',
env: 'dev',
realm: 'anonymous',
claim: 'userName',
Expand Down Expand Up @@ -683,6 +694,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-cde5147be717',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'aud',
Expand Down Expand Up @@ -730,6 +742,7 @@ describe('createIdentityFromJwt', () => {
issuer: 'security-identity-token-api',
accessTokenIssuer: 'https://auth.dev.interne.montreal.ca',
aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0130',
audDisplayName: 'DiagnosticsCanary',
env: 'dev',
realm: 'citizens',
claim: 'userName',
Expand Down Expand Up @@ -784,6 +797,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://connexion.dev.montreal.ca/1543b575-116b-4325-a0bf-3ccdd7925321/v2.0/',
aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
audDisplayName: 'infra-auth-auth-playground',
env: 'dev',
realm: 'citizens',
claim: 'mtlIdentityId',
Expand Down Expand Up @@ -839,6 +853,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
audDisplayName: 'infra-auth-auth-playground',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -881,6 +896,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
audDisplayName: 'infra-auth-auth-playground',
env: 'dev',
realm: 'employees',
claim: 'sub',
Expand Down Expand Up @@ -923,6 +939,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1',
audDisplayName: 'infra-auth-auth-playground',
env: 'dev',
realm: 'employees',
claim: 'sub',
Expand Down Expand Up @@ -982,6 +999,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1041,6 +1059,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1100,6 +1119,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1158,6 +1178,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'email',
Expand Down Expand Up @@ -1216,6 +1237,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1274,6 +1296,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1332,6 +1355,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1390,6 +1414,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1449,6 +1474,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down Expand Up @@ -1505,6 +1531,7 @@ describe('createIdentityFromJwt', () => {
accessTokenIssuer:
'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0',
aud: 'e5dd632b-cb97-48d7-a310-5147be717cde',
audDisplayName: 'infra-auth-auth-playground-dev',
env: 'dev',
realm: 'employees',
claim: 'userName',
Expand Down
11 changes: 11 additions & 0 deletions src/utils/createIdentityFromJwt.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
const realm = getStringClaim(jwt, 'realm');
const aud = getStringClaim(jwt, 'aud');
const sub = getStringClaim(jwt, 'sub');
const audDisplayName = getOptionalStringClaim(jwt, 'displayName');
const oid = getOptionalStringClaim(jwt, 'oid');
const env = getOptionalStringClaim(jwt, 'env');
const userType = getOptionalStringClaim(jwt, 'userType') ?? 'citizen';
Expand All @@ -83,6 +84,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand All @@ -109,6 +111,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -137,6 +140,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -170,6 +174,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -214,6 +219,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -260,6 +266,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -301,6 +308,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -341,6 +349,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -385,6 +394,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down Expand Up @@ -417,6 +427,7 @@ export function createIdentityFromJwt(jwt: any): Identity {
},
source: {
aud,
audDisplayName,
issuer,
accessTokenIssuer,
env,
Expand Down

0 comments on commit f7e10aa

Please sign in to comment.