diff --git a/internal/server/authn/method/github/server.go b/internal/server/authn/method/github/server.go index 69abcdd462..10275e2b61 100644 --- a/internal/server/authn/method/github/server.go +++ b/internal/server/authn/method/github/server.go @@ -136,26 +136,25 @@ func (s *Server) Callback(ctx context.Context, r *auth.CallbackRequest) (*auth.C } metadata := map[string]string{} - - if githubUserResponse.Name != "" { - metadata[storageMetadataGithubName] = githubUserResponse.Name + set := func(key string, s string) { + if s != "" { + metadata[key] = s + } } - if githubUserResponse.Email != "" { - metadata[storageMetadataGithubEmail] = githubUserResponse.Email - } - - if githubUserResponse.AvatarURL != "" { - metadata[storageMetadataGithubPicture] = githubUserResponse.AvatarURL - } + set(storageMetadataGithubName, githubUserResponse.Name) + set(storageMetadataGithubEmail, githubUserResponse.Email) + set(storageMetadataGithubPicture, githubUserResponse.AvatarURL) if githubUserResponse.ID != 0 { - metadata[storageMetadataGithubSub] = fmt.Sprintf("%d", githubUserResponse.ID) + set(storageMetadataGithubSub, fmt.Sprintf("%d", githubUserResponse.ID)) } - if githubUserResponse.Login != "" { - metadata[storageMetadataGitHubPreferredUsername] = githubUserResponse.Login - } + set(storageMetadataGitHubPreferredUsername, githubUserResponse.Login) + + // consolidate common fields + set(method.StorageMetadataEmail, githubUserResponse.Email) + set(method.StorageMetadataName, githubUserResponse.Name) if len(s.config.Methods.Github.Method.AllowedOrganizations) != 0 { userOrgs, err := getUserOrgs(ctx, token) diff --git a/internal/server/authn/method/github/server_test.go b/internal/server/authn/method/github/server_test.go index ed224bbef8..38cbdbc70a 100644 --- a/internal/server/authn/method/github/server_test.go +++ b/internal/server/authn/method/github/server_test.go @@ -101,10 +101,12 @@ func Test_Server(t *testing.T) { require.NotEmpty(t, callback.ClientToken) require.Equal(t, auth.Method_METHOD_GITHUB, callback.Authentication.Method) require.Equal(t, map[string]string{ - storageMetadataGithubEmail: "user@flipt.io", - storageMetadataGithubName: "fliptuser", - storageMetadataGithubPicture: "https://thispicture.com", - storageMetadataGithubSub: "1234567890", + "io.flipt.auth.github.email": "user@flipt.io", + "io.flipt.auth.email": "user@flipt.io", + "io.flipt.auth.github.name": "fliptuser", + "io.flipt.auth.name": "fliptuser", + "io.flipt.auth.github.picture": "https://thispicture.com", + "io.flipt.auth.github.sub": "1234567890", }, callback.Authentication.Metadata) }) diff --git a/internal/server/authn/method/metadata.go b/internal/server/authn/method/metadata.go index 4446d60098..8a21169be3 100644 --- a/internal/server/authn/method/metadata.go +++ b/internal/server/authn/method/metadata.go @@ -1,3 +1,7 @@ package method -const StorageMetadataRole = "io.flipt.auth.role" +const ( + StorageMetadataRole = "io.flipt.auth.role" + StorageMetadataEmail = "io.flipt.auth.email" + StorageMetadataName = "io.flipt.auth.name" +) diff --git a/internal/server/authn/method/oidc/server.go b/internal/server/authn/method/oidc/server.go index 4caa5f3682..a79ba784e7 100644 --- a/internal/server/authn/method/oidc/server.go +++ b/internal/server/authn/method/oidc/server.go @@ -272,6 +272,9 @@ func (c claims) addToMetadata(m map[string]string) { set(storageMetadataOIDCProfile, c.Profile) set(storageMetadataOIDCPicture, c.Picture) set(storageMetadataOIDCSub, c.Sub) + // consolidate common fields + set(method.StorageMetadataEmail, c.Email) + set(method.StorageMetadataName, c.Name) if c.Verified != nil { m[storageMetadataOIDCEmailVerified] = fmt.Sprintf("%v", *c.Verified) diff --git a/internal/server/authn/method/oidc/server_test.go b/internal/server/authn/method/oidc/server_test.go index eb829b5d19..c19c413b31 100644 --- a/internal/server/authn/method/oidc/server_test.go +++ b/internal/server/authn/method/oidc/server_test.go @@ -349,7 +349,9 @@ func testOIDCFlow(t *testing.T, ctx context.Context, tpAddr, clientAddress strin assert.Equal(t, map[string]string{ "io.flipt.auth.oidc.provider": "google", "io.flipt.auth.oidc.email": "mark@flipt.io", + "io.flipt.auth.email": "mark@flipt.io", "io.flipt.auth.oidc.name": "Mark Phelps", + "io.flipt.auth.name": "Mark Phelps", "io.flipt.auth.oidc.sub": "mark", "io.flipt.auth.role": "admin", }, response.Authentication.Metadata)