chore: consolidate some auth metadata to make creating policies simpl…

…er (#3106)

internal/server/authn/method/github/server.go

@@ -136,26 +136,25 @@ func (s *Server) Callback(ctx context.Context, r *auth.CallbackRequest) (*auth.C
 	}
 
 	metadata := map[string]string{}
-
-	if githubUserResponse.Name != "" {
-		metadata[storageMetadataGithubName] = githubUserResponse.Name
+	set := func(key string, s string) {
+		if s != "" {
+			metadata[key] = s
+		}
 	}
 
-	if githubUserResponse.Email != "" {
-		metadata[storageMetadataGithubEmail] = githubUserResponse.Email
-	}
-
-	if githubUserResponse.AvatarURL != "" {
-		metadata[storageMetadataGithubPicture] = githubUserResponse.AvatarURL
-	}
+	set(storageMetadataGithubName, githubUserResponse.Name)
+	set(storageMetadataGithubEmail, githubUserResponse.Email)
+	set(storageMetadataGithubPicture, githubUserResponse.AvatarURL)
 
 	if githubUserResponse.ID != 0 {
-		metadata[storageMetadataGithubSub] = fmt.Sprintf("%d", githubUserResponse.ID)
+		set(storageMetadataGithubSub, fmt.Sprintf("%d", githubUserResponse.ID))
 	}
 
-	if githubUserResponse.Login != "" {
-		metadata[storageMetadataGitHubPreferredUsername] = githubUserResponse.Login
-	}
+	set(storageMetadataGitHubPreferredUsername, githubUserResponse.Login)
+
+	// consolidate common fields
+	set(method.StorageMetadataEmail, githubUserResponse.Email)
+	set(method.StorageMetadataName, githubUserResponse.Name)
 
 	if len(s.config.Methods.Github.Method.AllowedOrganizations) != 0 {
 		userOrgs, err := getUserOrgs(ctx, token)

internal/server/authn/method/github/server_test.go

@@ -101,10 +101,12 @@ func Test_Server(t *testing.T) {
 		require.NotEmpty(t, callback.ClientToken)
 		require.Equal(t, auth.Method_METHOD_GITHUB, callback.Authentication.Method)
 		require.Equal(t, map[string]string{
-			storageMetadataGithubEmail:   "[email protected]",
-			storageMetadataGithubName:    "fliptuser",
-			storageMetadataGithubPicture: "https://thispicture.com",
-			storageMetadataGithubSub:     "1234567890",
+			"io.flipt.auth.github.email":   "[email protected]",
+			"io.flipt.auth.email":          "[email protected]",
+			"io.flipt.auth.github.name":    "fliptuser",
+			"io.flipt.auth.name":           "fliptuser",
+			"io.flipt.auth.github.picture": "https://thispicture.com",
+			"io.flipt.auth.github.sub":     "1234567890",
 		}, callback.Authentication.Metadata)
 	})
 

internal/server/authn/method/metadata.go

@@ -1,3 +1,7 @@
 package method
 
-const StorageMetadataRole = "io.flipt.auth.role"
+const (
+	StorageMetadataRole  = "io.flipt.auth.role"
+	StorageMetadataEmail = "io.flipt.auth.email"
+	StorageMetadataName  = "io.flipt.auth.name"
+)

internal/server/authn/method/oidc/server.go

@@ -272,6 +272,9 @@ func (c claims) addToMetadata(m map[string]string) {
 	set(storageMetadataOIDCProfile, c.Profile)
 	set(storageMetadataOIDCPicture, c.Picture)
 	set(storageMetadataOIDCSub, c.Sub)
+	// consolidate common fields
+	set(method.StorageMetadataEmail, c.Email)
+	set(method.StorageMetadataName, c.Name)
 
 	if c.Verified != nil {
 		m[storageMetadataOIDCEmailVerified] = fmt.Sprintf("%v", *c.Verified)

internal/server/authn/method/oidc/server_test.go

@@ -349,7 +349,9 @@ func testOIDCFlow(t *testing.T, ctx context.Context, tpAddr, clientAddress strin
 		assert.Equal(t, map[string]string{
 			"io.flipt.auth.oidc.provider": "google",
 			"io.flipt.auth.oidc.email":    "[email protected]",
+			"io.flipt.auth.email":         "[email protected]",
 			"io.flipt.auth.oidc.name":     "Mark Phelps",
+			"io.flipt.auth.name":          "Mark Phelps",
 			"io.flipt.auth.oidc.sub":      "mark",
 			"io.flipt.auth.role":          "admin",
 		}, response.Authentication.Metadata)