core/userinfo: remove excess userinfo data (#5137)

internal/handlers/userinfo.go

@@ -1,11 +1,8 @@
 package handlers
 
 import (
-	"encoding/json"
 	"net/http"
 
-	"google.golang.org/protobuf/encoding/protojson"
-
 	"github.com/pomerium/datasource/pkg/directory"
 	"github.com/pomerium/pomerium/internal/httputil"
 	"github.com/pomerium/pomerium/pkg/grpc/identity"
@@ -39,15 +36,9 @@ func (data UserInfoData) ToJSON() map[string]any {
 	m := map[string]any{}
 	m["csrfToken"] = data.CSRFToken
 	m["isImpersonated"] = data.IsImpersonated
-	if bs, err := protojson.Marshal(data.Session); err == nil {
-		m["session"] = json.RawMessage(bs)
-	}
-	if bs, err := protojson.Marshal(data.User); err == nil {
-		m["user"] = json.RawMessage(bs)
-	}
-	if bs, err := protojson.Marshal(data.Profile); err == nil {
-		m["profile"] = json.RawMessage(bs)
-	}
+	m["session"] = data.sessionJSON()
+	m["user"] = data.userJSON()
+	m["profile"] = data.profileJSON()
 	m["isEnterprise"] = data.IsEnterprise
 	if data.DirectoryUser != nil {
 		m["directoryUser"] = data.DirectoryUser
@@ -62,6 +53,62 @@ func (data UserInfoData) ToJSON() map[string]any {
 	return m
 }
 
+func (data UserInfoData) profileJSON() map[string]any {
+	if data.Profile == nil {
+		return nil
+	}
+
+	m := map[string]any{}
+	claims := make(map[string]any)
+	for k, v := range data.Profile.GetClaims().AsMap() {
+		claims[k] = v
+	}
+	m["claims"] = m
+	return m
+}
+
+func (data UserInfoData) sessionJSON() map[string]any {
+	if data.Session == nil {
+		return nil
+	}
+
+	m := map[string]any{}
+	claims := make(map[string]any)
+	for k, vs := range data.Session.GetClaims() {
+		claims[k] = vs.AsSlice()
+	}
+	m["claims"] = claims
+	var deviceCredentials []any
+	for _, dc := range data.Session.GetDeviceCredentials() {
+		deviceCredentials = append(deviceCredentials, map[string]any{
+			"typeId": dc.GetTypeId(),
+			"id":     dc.GetId(),
+		})
+	}
+	m["deviceCredentials"] = deviceCredentials
+	m["expiresAt"] = data.Session.GetExpiresAt().AsTime()
+	m["id"] = data.Session.GetId()
+	m["userId"] = data.Session.GetUserId()
+	return m
+}
+
+func (data UserInfoData) userJSON() map[string]any {
+	if data.User == nil {
+		return nil
+	}
+
+	m := map[string]any{}
+	claims := make(map[string]any)
+	for k, vs := range data.User.GetClaims() {
+		claims[k] = vs.AsSlice()
+	}
+	m["claims"] = claims
+	m["deviceCredentialIds"] = data.User.GetDeviceCredentialIds()
+	m["id"] = data.User.GetId()
+	m["name"] = data.User.GetName()
+	return m
+}
+
 // UserInfo returns a handler that renders the user info page.
 func UserInfo(data UserInfoData) http.Handler {
 	return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {

ui/src/types/index.ts

@@ -14,14 +14,10 @@ export type Group = {
 };
 
 export type Profile = {
-  providerId: string;
-  idToken: string;
-  oauthToken: string;
   claims: Record<string, unknown>;
 };
 
 export type Session = {
-  audience: string[];
   claims: Claims;
   deviceCredentials: Array<{
     typeId: string;
@@ -29,20 +25,6 @@ export type Session = {
   }>;
   expiresAt: string;
   id: string;
-  idToken: {
-    expiresAt: string;
-    issuedAt: string;
-    issuer: string;
-    raw: string;
-    subject: string;
-  };
-  issuedAt: string;
-  oauthToken: {
-    accessToken: string;
-    expiresAt: string;
-    refreshToken: string;
-    tokenType: string;
-  };
   userId: string;
 };