feat(auth): Extract more information from OIDC token (#2097)

Signed-off-by: Javier Rodriguez <[email protected]>

Author: javirln

app/cli/cmd/organization_describe.go

@@ -44,7 +44,7 @@ func newOrganizationDescribeCmd() *cobra.Command {
 func contextTableOutput(config *action.ConfigContextItem) error {
 	gt := newTableWriter()
 	gt.SetTitle("Current Context")
-	gt.AppendRow(table.Row{"Logged in as", config.CurrentUser.Email})
+	gt.AppendRow(table.Row{"Logged in as", config.CurrentUser.PrintUserProfileWithEmail()})
 	gt.AppendSeparator()
 
 	if m := config.CurrentMembership; m != nil {

app/cli/cmd/organization_member_list.go

@@ -52,7 +52,7 @@ func orgMembershipsTableOutput(items []*action.MembershipItem) error {
 	t.AppendHeader(table.Row{"ID", "Email", "Role", "Joined At"})
 
 	for _, i := range items {
-		t.AppendRow(table.Row{i.ID, i.User.Email, i.Role, i.CreatedAt.Format(time.RFC822)})
+		t.AppendRow(table.Row{i.ID, i.User.PrintUserProfileWithEmail(), i.Role, i.CreatedAt.Format(time.RFC822)})
 		t.AppendSeparator()
 	}
 

app/cli/internal/action/config_current_context.go

@@ -37,8 +37,29 @@ type ConfigContextItem struct {
 }
 
 type UserItem struct {
-	ID, Email string
-	CreatedAt *time.Time
+	ID, Email, FirstName, LastName string
+	CreatedAt                      *time.Time
+}
+
+// PrintUserProfileWithEmail formats the user's profile with their email.
+func (u *UserItem) PrintUserProfileWithEmail() string {
+	var name string
+
+	// Build name based on available parts
+	switch {
+	case u.FirstName != "" && u.LastName != "":
+		name = u.FirstName + " " + u.LastName
+	case u.FirstName != "":
+		name = u.FirstName
+	case u.LastName != "":
+		name = u.LastName
+	}
+
+	// If we have a name, format with email, otherwise just return email
+	if name != "" {
+		return name + " <" + u.Email + ">"
+	}
+	return u.Email
 }
 
 func (action *ConfigCurrentContext) Run() (*ConfigContextItem, error) {
@@ -65,6 +86,8 @@ func pbUserItemToAction(in *pb.User) *UserItem {
 	return &UserItem{
 		ID:        in.Id,
 		Email:     in.Email,
+		FirstName: in.FirstName,
+		LastName:  in.LastName,
 		CreatedAt: toTimePtr(in.CreatedAt.AsTime()),
 	}
 }

app/controlplane/api/controlplane/v1/response_messages.pb.go

@@ -222,6 +222,8 @@ message User {
   string id = 1;
   string email = 2;
   google.protobuf.Timestamp created_at = 3;
+  string first_name = 4;
+  string last_name = 5;
 }
 
 message OrgMembershipItem {

app/controlplane/api/controlplane/v1/response_messages.proto

@@ -260,6 +260,8 @@ type upstreamOIDCclaims struct {
 	// https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-use-email-signin
 	// https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference
 	PreferredUsername string `json:"preferred_username"`
+	FamilyName        string `json:"family_name"`
+	GivenName         string `json:"given_name"`
 }
 
 // Will retrieve the email from the preferred username if it's a valid email
@@ -304,7 +306,10 @@ func callbackHandler(svc *AuthService, w http.ResponseWriter, r *http.Request) *
 	}
 
 	// Create user if needed
-	u, err := svc.userUseCase.FindOrCreateByEmail(ctx, claims.preferredEmail())
+	u, err := svc.userUseCase.UpsertByEmail(ctx, claims.preferredEmail(), &biz.UpsertByEmailOpts{
+		FirstName: &claims.GivenName,
+		LastName:  &claims.FamilyName,
+	})
 	if err != nil {
 		return newOauthResp(http.StatusInternalServerError, fmt.Errorf("failed to find or create user: %w", err), false)
 	}
@@ -432,7 +437,7 @@ func setOauthCookie(w http.ResponseWriter, name, value string) {
 
 func generateAndLogDevUser(userUC *biz.UserUseCase, log *log.Helper, authConfig *conf.Auth) error {
 	// Create user if needed
-	u, err := userUC.FindOrCreateByEmail(context.Background(), authConfig.DevUser)
+	u, err := userUC.UpsertByEmail(context.Background(), authConfig.DevUser, nil)
 	if err != nil {
 		return sl.LogAndMaskErr(err, log)
 	}

app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts

@@ -67,7 +67,7 @@ func (s *ContextService) Current(ctx context.Context, _ *pb.ContextServiceCurren
 		}
 	} else if currentUser != nil {
 		res.CurrentUser = &pb.User{
-			Id: currentUser.ID, Email: currentUser.Email, CreatedAt: timestamppb.New(*currentUser.CreatedAt),
+			Id: currentUser.ID, Email: currentUser.Email, FirstName: currentUser.FirstName, LastName: currentUser.LastName, CreatedAt: timestamppb.New(*currentUser.CreatedAt),
 		}
 
 		// For regular users, we need to load the membership manually
@@ -121,7 +121,7 @@ func bizOrgToPb(m *biz.Organization) *pb.OrgItem {
 }
 
 func bizUserToPb(u *biz.User) *pb.User {
-	return &pb.User{Id: u.ID, Email: u.Email, CreatedAt: timestamppb.New(*u.CreatedAt)}
+	return &pb.User{Id: u.ID, Email: u.Email, CreatedAt: timestamppb.New(*u.CreatedAt), FirstName: u.FirstName, LastName: u.LastName}
 }
 
 func bizPolicyViolationBlockingStrategyToPb(blockOnPolicyViolation bool) pb.OrgItem_PolicyViolationBlockingStrategy {