feat(model): add support for first and last name claims

nexus49 · nexus49 · commit a00c8fae7717 · 2025-09-16T18:08:33.000+02:00
• Introduces new fields for first_name and last_name in the web token
• Implements fallback logic to prioritize first_name/last_name over given_name/family_name
diff --git a/jwt/model.go b/jwt/model.go
@@ -52,6 +52,8 @@ func New(idToken string, signatureAlgorithms []jose.SignatureAlgorithm) (webToke
 	webToken.IssuerAttributes = rawToken.IssuerAttributes
 	webToken.Audiences = rawToken.getAudiences()
 	webToken.Mail = rawToken.getMail()
+	webToken.FirstName = rawToken.getFirstName()
+	webToken.LastName = rawToken.getLastName()
 
 	return
 }
diff --git a/jwt/model_test.go b/jwt/model_test.go
@@ -49,3 +49,102 @@ func TestNew_DeserializationError(t *testing.T) {
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "unable to deserialize claims")
 }
+
+func TestNew_WithFirstNameAndLastName(t *testing.T) {
+	claims := map[string]interface{}{
+		"iss":        "test-issuer",
+		"sub":        "test-subject",
+		"first_name": "John",
+		"last_name":  "Doe",
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(claims))
+	tokenString, err := token.SignedString(joseTestKey)
+	assert.NoError(t, err)
+
+	webToken, err := New(tokenString, signatureAlgorithms)
+	assert.NoError(t, err)
+	assert.Equal(t, "John", webToken.FirstName)
+	assert.Equal(t, "Doe", webToken.LastName)
+}
+
+func TestNew_WithGivenNameAndFamilyName(t *testing.T) {
+	claims := map[string]interface{}{
+		"iss":         "test-issuer",
+		"sub":         "test-subject",
+		"given_name":  "Jonathan",
+		"family_name": "Smith",
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(claims))
+	tokenString, err := token.SignedString(joseTestKey)
+	assert.NoError(t, err)
+
+	webToken, err := New(tokenString, signatureAlgorithms)
+	assert.NoError(t, err)
+	assert.Equal(t, "Jonathan", webToken.FirstName)
+	assert.Equal(t, "Smith", webToken.LastName)
+}
+
+func TestNew_PreferFirstLastNameOverGivenFamilyName(t *testing.T) {
+	claims := map[string]interface{}{
+		"iss":         "test-issuer",
+		"sub":         "test-subject",
+		"first_name":  "John",
+		"last_name":   "Doe",
+		"given_name":  "Jonathan",
+		"family_name": "Smith",
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(claims))
+	tokenString, err := token.SignedString(joseTestKey)
+	assert.NoError(t, err)
+
+	webToken, err := New(tokenString, signatureAlgorithms)
+	assert.NoError(t, err)
+	// Should prefer first_name/last_name over given_name/family_name
+	assert.Equal(t, "John", webToken.FirstName)
+	assert.Equal(t, "Doe", webToken.LastName)
+}
+
+func TestNew_FallbackToGivenFamilyNameWhenFirstLastEmpty(t *testing.T) {
+	claims := map[string]interface{}{
+		"iss":         "test-issuer",
+		"sub":         "test-subject",
+		"first_name":  "",
+		"last_name":   "",
+		"given_name":  "Jonathan",
+		"family_name": "Smith",
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(claims))
+	tokenString, err := token.SignedString(joseTestKey)
+	assert.NoError(t, err)
+
+	webToken, err := New(tokenString, signatureAlgorithms)
+	assert.NoError(t, err)
+	// Should fallback to given_name/family_name when first_name/last_name are empty
+	assert.Equal(t, "Jonathan", webToken.FirstName)
+	assert.Equal(t, "Smith", webToken.LastName)
+}
+
+func TestNew_PartialFallback(t *testing.T) {
+	claims := map[string]interface{}{
+		"iss":         "test-issuer",
+		"sub":         "test-subject",
+		"first_name":  "John",
+		"last_name":   "", // empty
+		"given_name":  "Jonathan",
+		"family_name": "Smith",
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(claims))
+	tokenString, err := token.SignedString(joseTestKey)
+	assert.NoError(t, err)
+
+	webToken, err := New(tokenString, signatureAlgorithms)
+	assert.NoError(t, err)
+	// Should use first_name but fallback to family_name for last name
+	assert.Equal(t, "John", webToken.FirstName)
+	assert.Equal(t, "Smith", webToken.LastName)
+}
diff --git a/jwt/raw.go b/jwt/raw.go
@@ -1,9 +1,11 @@
 package jwt
 
 type rawClaims struct {
-	RawAudiences interface{} `json:"aud"` // RawAudiences could be a []string or string depending on the serialization in IdP site
-	RawEmail     string      `json:"email,omitempty"`
-	RawMail      string      `json:"mail,omitempty"`
+	RawAudiences  interface{} `json:"aud"` // RawAudiences could be a []string or string depending on the serialization in IdP site
+	RawEmail      string      `json:"email,omitempty"`
+	RawMail       string      `json:"mail,omitempty"`
+	RawGivenName  string      `json:"given_name,omitempty"`
+	RawFamilyName string      `json:"family_name,omitempty"`
 }
 
 type rawWebToken struct {
@@ -20,6 +22,22 @@ func (r rawWebToken) getMail() (mail string) {
 	return
 }
 
+func (r rawWebToken) getLastName() (lastName string) {
+	lastName = r.LastName
+	if lastName == "" {
+		lastName = r.RawFamilyName
+	}
+	return
+}
+
+func (r rawWebToken) getFirstName() (firstName string) {
+	firstName = r.FirstName
+	if firstName == "" {
+		firstName = r.RawGivenName
+	}
+	return
+}
+
 func (r rawWebToken) getAudiences() (audiences []string) {
 	switch audienceList := r.RawAudiences.(type) {
 	case string:
diff --git a/jwt/raw_test.go b/jwt/raw_test.go
@@ -37,3 +37,93 @@ func TestParseAudiencesString(t *testing.T) {
 	assert.Contains(t, parsedAudiences, "audience1")
 	assert.Equal(t, len(parsedAudiences), 1)
 }
+
+func TestGetFirstName_PreferFirstName(t *testing.T) {
+	token := rawWebToken{
+		UserAttributes: UserAttributes{
+			FirstName: "John",
+		},
+		rawClaims: rawClaims{
+			RawGivenName: "Jonathan",
+		},
+	}
+
+	firstName := token.getFirstName()
+
+	assert.Equal(t, "John", firstName)
+}
+
+func TestGetFirstName_FallbackToRawGivenName(t *testing.T) {
+	token := rawWebToken{
+		UserAttributes: UserAttributes{
+			FirstName: "",
+		},
+		rawClaims: rawClaims{
+			RawGivenName: "Jonathan",
+		},
+	}
+
+	firstName := token.getFirstName()
+
+	assert.Equal(t, "Jonathan", firstName)
+}
+
+func TestGetFirstName_BothEmpty(t *testing.T) {
+	token := rawWebToken{
+		UserAttributes: UserAttributes{
+			FirstName: "",
+		},
+		rawClaims: rawClaims{
+			RawGivenName: "",
+		},
+	}
+
+	firstName := token.getFirstName()
+
+	assert.Equal(t, "", firstName)
+}
+
+func TestGetLastName_PreferLastName(t *testing.T) {
+	token := rawWebToken{
+		UserAttributes: UserAttributes{
+			LastName: "Doe",
+		},
+		rawClaims: rawClaims{
+			RawFamilyName: "Smith",
+		},
+	}
+
+	lastName := token.getLastName()
+
+	assert.Equal(t, "Doe", lastName)
+}
+
+func TestGetLastName_FallbackToRawFamilyName(t *testing.T) {
+	token := rawWebToken{
+		UserAttributes: UserAttributes{
+			LastName: "",
+		},
+		rawClaims: rawClaims{
+			RawFamilyName: "Smith",
+		},
+	}
+
+	lastName := token.getLastName()
+
+	assert.Equal(t, "Smith", lastName)
+}
+
+func TestGetLastName_BothEmpty(t *testing.T) {
+	token := rawWebToken{
+		UserAttributes: UserAttributes{
+			LastName: "",
+		},
+		rawClaims: rawClaims{
+			RawFamilyName: "",
+		},
+	}
+
+	lastName := token.getLastName()
+
+	assert.Equal(t, "", lastName)
+}

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,8 @@ func New(idToken string, signatureAlgorithms []jose.SignatureAlgorithm) (webToke`
`52`	`52`	`webToken.IssuerAttributes = rawToken.IssuerAttributes`
`53`	`53`	`webToken.Audiences = rawToken.getAudiences()`
`54`	`54`	`webToken.Mail = rawToken.getMail()`
	`55`	`+ webToken.FirstName = rawToken.getFirstName()`
	`56`	`+ webToken.LastName = rawToken.getLastName()`
`55`	`57`
`56`	`58`	`return`
`57`	`59`	`}`