fix(auth0): map given_name/family_name to User (#430)#643
Open
yabanci wants to merge 1 commit into
Open
Conversation
The auth0 provider's userFromReader only extracted name, nickname, email, sub, and picture from the /userinfo response, dropping the OIDC-standard given_name and family_name claims that Auth0 returns alongside them. goth.User.FirstName and goth.User.LastName ended up empty even though the data was right there in the response. Add the two fields to auth0UserResp and map them in userFromReader, matching how the Google provider already handles the same OIDC claims (providers/google/google.go). Other Auth0-specific fields without a typed slot on goth.User (email_verified, locale, updated_at) remain accessible via user.RawData as before. Extended Test_FetchUser to assert both the new mapping and that unmapped fields stay readable via RawData.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Closes #430.
providers/auth0/auth0.go:userFromReaderonly extracted a subset of the OIDC claims returned by Auth0's/userinfoendpoint:given_nameandfamily_name— standard OIDC claims that Auth0 returns alongsidename/email/sub— were silently dropped, even thoughgoth.UserhasFirstNameandLastNamefields ready for them. The reporter (@justman00) hit this while wiring Auth0 to agoth.Userconsumer.Change
Add the two fields to
auth0UserRespand map them inuserFromReader. Matches how the Google provider already handles the same OIDC claims (providers/google/google.go:googleUser):Scope
The reporter also listed
email_verified,locale, andupdated_atas unmapped. None of these has a typed slot ongoth.User(noEmailVerified, noLocale), so promoting them to typed fields would require adding fields to the sharedgoth.Userstruct — out of scope for an Auth0-specific bug fix, and visible to every provider. Those claims already land inuser.RawDataand remain readable from there. I added an assertion toTest_FetchUserto lock that contract in so future refactors don't silently drop them.Backward compatibility
Strictly additive — no existing field's mapping is touched. Callers that read
user.FirstName/user.LastNamefrom Auth0 used to get empty strings and now get the real values. Callers that don't read them are unaffected.Tests
Extended
Test_FetchUserto:given_name/family_namein the sample/userinforesponse.namefromgiven_name/family_nameso each assertion exercises a distinct claim (the existing sample used the email address forname, which hid this exact class of bug).u.FirstName == "Test",u.LastName == "User".u.RawData["email_verified"] == falseto lock the RawData fallback contract.Verified the new assertions fail on master (
FirstName/LastNamecome back empty), pass with the fix applied. Fullgo test ./...is green across all 50+ providers;go vet ./...is clean.