From f7e10aa084e9bcf794c44513845d68e7b4716636 Mon Sep 17 00:00:00 2001 From: Morgan Martinet Date: Wed, 25 Sep 2024 11:42:54 -0400 Subject: [PATCH] add audDisplayName attribute in the source of an identity --- package-lock.json | 4 ++-- package.json | 2 +- src/models/identities.ts | 18 +++++++++------ src/utils/createIdentityFromJwt.test.ts | 29 ++++++++++++++++++++++++- src/utils/createIdentityFromJwt.ts | 11 ++++++++++ 5 files changed, 53 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index f08a662..9e38741 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@villedemontreal/jwt-validator", - "version": "5.10.2", + "version": "5.10.3", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@villedemontreal/jwt-validator", - "version": "5.10.2", + "version": "5.10.3", "license": "MIT", "dependencies": { "@types/nock": "10.0.3", diff --git a/package.json b/package.json index 3c8b60f..5c0eaf5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@villedemontreal/jwt-validator", - "version": "5.10.2", + "version": "5.10.3", "description": "Module to validate JWT (JSON Web Tokens)", "main": "dist/src/index.js", "typings": "dist/src", diff --git a/src/models/identities.ts b/src/models/identities.ts index be2ab02..1ad2980 100644 --- a/src/models/identities.ts +++ b/src/models/identities.ts @@ -429,16 +429,20 @@ export type ServiceAccountAttributes = */ export type IdentitySource = { /** - * The audience of the JWT, which is usually the clientID our appId. + * The audience of the JWT, which is usually the clientID of our appId. */ aud: string; /** - * Which service issued the JWT that we parsed into an identity. + * The display name of the audience of the JWT, which is usually the name of our app. + */ + audDisplayName?: string; + /** + * Specifies which service issued the JWT that we parsed into an identity. * Usually, this would be 'security-identity-token-api'. */ issuer: string; /** - * Which IDP produced the access token that was submitted to TokenAPI. + * Specifies which IDP produced the access token that was submitted to TokenAPI. * For EntraID, this would be https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0, * for Azure AD B2C https://connexion.montreal.ca, * for Gluu employee https://idp.montreal.ca, @@ -447,22 +451,22 @@ export type IdentitySource = { */ accessTokenIssuer?: string; /** - * Which claim was used for the unique ID of the identity. + * Specifies which claim was used for the unique ID of the identity. * This could be: userName, email, mtlIdentityId, aud, sub */ claim: string; /** - * The internal ID that would provide access to the user object in the IDP itself. + * Specifies the internal ID that would provide access to the user object in the IDP itself. * For Azure, this would be the 'oid' (or objectID) and for Gluu this would be the inum (or sub). */ internalId: string; /** - * The realm that produced the access token. + * Specifies the realm that produced the access token. * This could be: employees, citizens, anonymous */ realm: string; /** - * The name of the environment that produced the JWT. + * Specifies the name of the environment that produced the JWT. * This could be: lab, dev, accept, prod */ env?: string; diff --git a/src/utils/createIdentityFromJwt.test.ts b/src/utils/createIdentityFromJwt.test.ts index 5dcb354..82fea35 100644 --- a/src/utils/createIdentityFromJwt.test.ts +++ b/src/utils/createIdentityFromJwt.test.ts @@ -73,6 +73,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -81,7 +82,7 @@ describe('createIdentityFromJwt', () => { }); // console.log(JSON.stringify(identity)); expect(JSON.stringify(identity)).to.eql( - `{"type":"user","id":"udoejo3","displayName":"John DOE","attributes":{"type":"employee","email":"john.doe@montreal.ca","username":"udoejo3","registrationNumber":"100674051","department":"421408000000","firstName":"John","lastName":"DOE","accountProfile":"vdm","isGeneric":false},"source":{"aud":"e5dd632b-cb97-48d7-a310-5147be717cde","issuer":"security-identity-token-api","accessTokenIssuer":"https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0","env":"dev","realm":"employees","claim":"userName","internalId":"0b64042a-9cce-42dc-b645-cd721cbbc179"}}` + `{"type":"user","id":"udoejo3","displayName":"John DOE","attributes":{"type":"employee","email":"john.doe@montreal.ca","username":"udoejo3","registrationNumber":"100674051","department":"421408000000","firstName":"John","lastName":"DOE","accountProfile":"vdm","isGeneric":false},"source":{"aud":"e5dd632b-cb97-48d7-a310-5147be717cde","audDisplayName":"infra-auth-auth-playground-dev","issuer":"security-identity-token-api","accessTokenIssuer":"https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0","env":"dev","realm":"employees","claim":"userName","internalId":"0b64042a-9cce-42dc-b645-cd721cbbc179"}}` ); }); @@ -136,6 +137,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -196,6 +198,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -255,6 +258,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -312,6 +316,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -368,6 +373,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -423,6 +429,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -483,6 +490,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -541,6 +549,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -594,6 +603,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -639,6 +649,7 @@ describe('createIdentityFromJwt', () => { issuer: 'security-identity-token-api', accessTokenIssuer: 'security-identity-anonymous-token-api', aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0010', + audDisplayName: 'Account Identity Managment', env: 'dev', realm: 'anonymous', claim: 'userName', @@ -683,6 +694,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-cde5147be717', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'aud', @@ -730,6 +742,7 @@ describe('createIdentityFromJwt', () => { issuer: 'security-identity-token-api', accessTokenIssuer: 'https://auth.dev.interne.montreal.ca', aud: '@!4025.CA62.9BB6.16C5!0001!2212.0010!0008!2212.0130', + audDisplayName: 'DiagnosticsCanary', env: 'dev', realm: 'citizens', claim: 'userName', @@ -784,6 +797,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://connexion.dev.montreal.ca/1543b575-116b-4325-a0bf-3ccdd7925321/v2.0/', aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1', + audDisplayName: 'infra-auth-auth-playground', env: 'dev', realm: 'citizens', claim: 'mtlIdentityId', @@ -839,6 +853,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1', + audDisplayName: 'infra-auth-auth-playground', env: 'dev', realm: 'employees', claim: 'userName', @@ -881,6 +896,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1', + audDisplayName: 'infra-auth-auth-playground', env: 'dev', realm: 'employees', claim: 'sub', @@ -923,6 +939,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'a496befa-db7d-45a6-ac7a-11471816b8f1', + audDisplayName: 'infra-auth-auth-playground', env: 'dev', realm: 'employees', claim: 'sub', @@ -982,6 +999,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1041,6 +1059,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1100,6 +1119,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1158,6 +1178,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'email', @@ -1216,6 +1237,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1274,6 +1296,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1332,6 +1355,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1390,6 +1414,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1449,6 +1474,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', @@ -1505,6 +1531,7 @@ describe('createIdentityFromJwt', () => { accessTokenIssuer: 'https://login.microsoftonline.com/9f15d2dc-8753-4f83-aac2-a58288d3a4bc/v2.0', aud: 'e5dd632b-cb97-48d7-a310-5147be717cde', + audDisplayName: 'infra-auth-auth-playground-dev', env: 'dev', realm: 'employees', claim: 'userName', diff --git a/src/utils/createIdentityFromJwt.ts b/src/utils/createIdentityFromJwt.ts index a2375cd..befa4be 100644 --- a/src/utils/createIdentityFromJwt.ts +++ b/src/utils/createIdentityFromJwt.ts @@ -60,6 +60,7 @@ export function createIdentityFromJwt(jwt: any): Identity { const realm = getStringClaim(jwt, 'realm'); const aud = getStringClaim(jwt, 'aud'); const sub = getStringClaim(jwt, 'sub'); + const audDisplayName = getOptionalStringClaim(jwt, 'displayName'); const oid = getOptionalStringClaim(jwt, 'oid'); const env = getOptionalStringClaim(jwt, 'env'); const userType = getOptionalStringClaim(jwt, 'userType') ?? 'citizen'; @@ -83,6 +84,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -109,6 +111,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -137,6 +140,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -170,6 +174,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -214,6 +219,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -260,6 +266,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -301,6 +308,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -341,6 +349,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -385,6 +394,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env, @@ -417,6 +427,7 @@ export function createIdentityFromJwt(jwt: any): Identity { }, source: { aud, + audDisplayName, issuer, accessTokenIssuer, env,