feat: remove username from payload and userdata

BREAKING CHANGE: This change REMOVES the `username` attribute from auth token payloads and therefore also from userData in @stacks/connect. Hence, there is NO MORE username verification done by @stacks/connect automatically.

packages/auth/src/messages.ts

@@ -159,7 +159,6 @@ export async function decryptPrivateKey(
  * @param  {String} privateKey the identity key of the Blockstack ID generating
  * the authentication response
  * @param  {Object} profile the profile object for the Blockstack ID
- * @param  {String} username the username of the Blockstack ID if any, otherwise `null`
  * @param  {AuthMetadata} metadata an object containing metadata sent as part of the authentication
  * response including `email` if requested and available and a URL to the profile
  * @param  {String} coreToken core session token when responding to a legacy auth request
@@ -181,7 +180,6 @@ export async function makeAuthResponse(
   privateKey: string,
   // eslint-disable-next-line @typescript-eslint/ban-types
   profile: {} = {},
-  username: string | null = null,
   metadata: AuthMetadata | null,
   coreToken: string | null = null,
   appPrivateKey: string | null = null,
@@ -232,7 +230,6 @@ export async function makeAuthResponse(
       public_keys: [publicKey],
       appPrivateKeyFromWalletSalt,
       profile,
-      username,
       core_token: coreTokenPayload,
     },
     additionalProperties

packages/auth/src/userData.ts

@@ -2,8 +2,6 @@
  *  Returned from the [[UserSession.loadUserData]] function.
  */
 export interface UserData {
-  // public: the blockstack ID (for example: stackerson.id or alice.blockstack.id)
-  username: string;
   // public: the email address for the user. only available if the `email`
   // scope is requested, and if the user has entered a valid email into
   // their profile.

packages/auth/src/userSession.ts

@@ -297,7 +297,6 @@ export class UserSession {
     }
 
     const userData: UserData = {
-      username: tokenPayload.username as string,
       profile: tokenPayload.profile,
       email: tokenPayload.email as string,
       decentralizedID: tokenPayload.iss,

packages/auth/tests/auth.test.ts

@@ -165,7 +165,7 @@ test('invalid auth request - invalid manifest uri', async () => {
 });
 
 test('makeAuthResponse && verifyAuthResponse', async () => {
-  const authResponse = await makeAuthResponse(privateKey, sampleProfiles.ryan, null, null);
+  const authResponse = await makeAuthResponse(privateKey, sampleProfiles.ryan, null);
   expect(authResponse).toBeTruthy();
 
   const decodedToken = decodeToken(authResponse);
@@ -179,7 +179,9 @@ test('makeAuthResponse && verifyAuthResponse', async () => {
   expect(JSON.stringify((decodedToken.payload as any).profile)).toEqual(
     JSON.stringify(sampleProfiles.ryan)
   );
-  expect((decodedToken.payload as any).username).toBe(null);
+
+  // username was removed from payload
+  expect('username' in (decodedToken.payload as any)).toBeFalsy();
 
   await verifyAuthResponse(authResponse).then(verifiedResult => {
     expect(verifiedResult).toBe(true);
@@ -199,7 +201,6 @@ test('auth response with invalid or empty appPrivateKeyFromWalletSalt', async ()
     null,
     null,
     null,
-    null,
     undefined,
     null,
     null,
@@ -223,7 +224,6 @@ test('auth response with valid appPrivateKeyFromWalletSalt', async () => {
     null,
     null,
     null,
-    null,
     undefined,
     null,
     null,
@@ -245,7 +245,7 @@ test('auth response with valid appPrivateKeyFromWalletSalt', async () => {
 test('auth response with username', async () => {
   fetchMock.mockResponse(JSON.stringify(sampleNameRecords.ryan));
 
-  const authResponse = await makeAuthResponse(privateKey, sampleProfiles.ryan, 'ryan.id', null);
+  const authResponse = await makeAuthResponse(privateKey, sampleProfiles.ryan, null);
 
   await verifyAuthResponse(authResponse).then(verifiedResult => {
     expect(verifiedResult).toBe(true);
@@ -270,7 +270,6 @@ test('auth response with invalid private key', async () => {
   const authResponse = await makeAuthResponse(
     privateKey,
     sampleProfiles.ryan,
-    'ryan.id',
     metadata,
     undefined,
     appPrivateKey,
@@ -312,7 +311,6 @@ test('handlePendingSignIn with authResponseToken', async () => {
   const authResponse = await makeAuthResponse(
     privateKey,
     sampleProfiles.ryan,
-    'ryan.id',
     metadata,
     undefined,
     appPrivateKey,
@@ -340,7 +338,6 @@ test('handlePendingSignIn 2', async () => {
   const authResponse = await makeAuthResponse(
     privateKey,
     sampleProfiles.ryan,
-    'ryan.id',
     metadata,
     undefined,
     appPrivateKey,
@@ -387,7 +384,6 @@ test('handlePendingSignIn with existing user session', async () => {
   const authResponse = await makeAuthResponse(
     privateKey,
     sampleProfiles.ryan,
-    'ryan.id',
     metadata,
     undefined,
     appPrivateKey,
@@ -453,7 +449,6 @@ test('handlePendingSignIn with authResponseToken, transit key and custom Blockst
   const authResponse = await makeAuthResponse(
     privateKey,
     sampleProfiles.ryan,
-    'ryan.id',
     metadata,
     undefined,
     appPrivateKey,
@@ -503,7 +498,6 @@ test(
     const authResponse = await makeAuthResponse(
       privateKey,
       sampleProfiles.ryan,
-      'ryan.id',
       metadata,
       undefined,
       appPrivateKey,

packages/keychain/src/identity.ts

@@ -96,7 +96,6 @@ export class Identity implements IdentifyInterface {
         ...(this.profile || {}),
         stxAddress,
       },
-      this.defaultUsername || '',
       {
         profileUrl,
       },

packages/wallet-sdk/src/models/account.ts

@@ -118,7 +118,6 @@ export const makeAuthResponse = async ({
         mainnet: getStxAddress({ account, transactionVersion: TransactionVersion.Mainnet }),
       },
     },
-    account.username || '',
     {
       profileUrl,
     },