feat(api): generically add add oidc userInfo

Author: P-Jeremy

api/src/identity-access-management/application/oidc-provider/oidc-provider.controller.js

@@ -42,14 +42,8 @@ async function authenticateOidcUser(request, h) {
   // TODO utiliser un message en anglais au lieu du français
   const message = "L'utilisateur n'a pas de compte Pix";
   const responseCode = 'SHOULD_VALIDATE_CGU';
-  const { authenticationKey, givenName, familyName, email } = result;
-  const meta = { authenticationKey, givenName, familyName };
 
-  if (email) {
-    Object.assign(meta, { email });
-  }
-
-  throw new UnauthorizedError(message, responseCode, meta);
+  throw new UnauthorizedError(message, responseCode, result);
 }
 
 /**

api/src/identity-access-management/domain/usecases/authenticate-oidc-user.usecase.js

@@ -1,5 +1,9 @@
+import lodash from 'lodash';
+
 import { ForbiddenAccess } from '../../../shared/domain/errors.js';
 
+const { omit } = lodash;
+
 /**
  * @typedef {function} authenticateOidcUser
  * @param {Object} params
@@ -63,8 +67,17 @@ async function authenticateOidcUser({
 
   if (!user) {
     const authenticationKey = await authenticationSessionService.save({ userInfo, sessionContent });
-    const { firstName: givenName, lastName: familyName, email } = userInfo;
-    return { authenticationKey, givenName, familyName, email, isAuthenticationComplete: false };
+
+    const userClaims = omit(userInfo, ['externalIdentityId']);
+
+    return {
+      authenticationKey,
+      userClaims,
+      isAuthenticationComplete: false,
+      // TODO: The properties givenName and familyName are kept for backward compatibility with the Front. They will be removed soon.
+      givenName: userClaims.firstName,
+      familyName: userClaims.lastName,
+    };
   }
 
   await _assertUserHasAccessToApplication({ requestedApplication, user, adminMemberRepository });

api/tests/identity-access-management/unit/application/oidc-provider.controller.test.js

@@ -83,10 +83,20 @@ describe('Unit | Identity Access Management | Application | Controller | oidc-pr
       it('returns UnauthorizedError', async function () {
         // given
         const authenticationKey = 'aaa-bbb-ccc';
-        const givenName = 'Mélusine';
-        const familyName = 'TITEGOUTTE';
+        const firstName = 'Mélusine';
+        const lastName = 'TITEGOUTTE';
         const email = 'melu@example.net';
-        usecases.authenticateOidcUser.resolves({ authenticationKey, givenName, familyName, email });
+        const userClaims = {
+          firstName,
+          lastName,
+          email,
+        };
+        usecases.authenticateOidcUser.resolves({
+          authenticationKey,
+          userClaims,
+          givenName: firstName,
+          familyName: lastName,
+        });
 
         // when
         const error = await catchErr(oidcProviderController.authenticateOidcUser)(request, hFake);
@@ -95,7 +105,12 @@ describe('Unit | Identity Access Management | Application | Controller | oidc-pr
         expect(error).to.be.an.instanceOf(UnauthorizedError);
         expect(error.message).to.equal("L'utilisateur n'a pas de compte Pix");
         expect(error.code).to.equal('SHOULD_VALIDATE_CGU');
-        expect(error.meta).to.deep.equal({ authenticationKey, givenName, familyName, email });
+        expect(error.meta).to.deep.equal({
+          authenticationKey,
+          userClaims,
+          givenName: firstName,
+          familyName: lastName,
+        });
       });
     });
   });

api/tests/identity-access-management/unit/domain/usecases/authenticate-oidc-user.usecase.test.js

@@ -231,9 +231,13 @@ describe('Unit | Identity Access Management | Domain | UseCase | authenticate-oi
         expect(authenticationSessionService.save).to.have.been.calledWithExactly({ userInfo, sessionContent });
         expect(result).to.deep.equal({
           authenticationKey,
+          userClaims: {
+            firstName: 'Mélusine',
+            lastName: 'TITEGOUTTE',
+            email: 'melu@example.net',
+          },
           givenName: 'Mélusine',
           familyName: 'TITEGOUTTE',
-          email: 'melu@example.net',
           isAuthenticationComplete: false,
         });
       });