Add Auth0 AppMetdata Struct

[bbengfort]

Scope of changes

This PR should fix the panic caused when logging in a user that has a nil app_metadata and ensure that the record is correctly populated. It introduces a struct AppMetadata that will allow us to serialize the app_metadata JSON in a structured fashion, ensuring keys and parsing are correct.

Type of change

• bug fix
• new feature
• documentation
• other (describe)

Acceptance criteria

This PR could really use an intense sanity check; particularly second eyes on the user-login logic. Happy to discuss if that would make things easier. I still need to test that this fixes the panic.

Author checklist

• I have manually tested the change and/or added automation in the form of unit tests or integration tests
• I have updated the dependencies list
• I have recompiled and included new protocol buffers to reflect changes I made
• I have added new test fixtures as needed to support added tests
• Check this box if a reviewer can merge this pull request after approval (leave it unchecked if you want to do it yourself)
• I have moved the associated Shortcut story to "Ready for Review"

Reviewer(s) checklist

• Login algorithm makes sense
• It makes sense how we might extend and add to the app_metadata
• The claims using the same struct makes sense
• Did I miss any test cases?

[codecov-commenter]

Codecov Report

Merging #632 (cdf630c) into main (ff8e01f) will decrease coverage by 0.06%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #632      +/-   ##
==========================================
- Coverage   45.85%   45.78%   -0.07%     
==========================================
  Files         543      544       +1     
  Lines       16151    16147       -4     
  Branches     1202     1201       -1     
==========================================
- Hits         7406     7393      -13     
- Misses       7621     7628       +7     
- Partials     1124     1126       +2     

Impacted Files	Coverage Δ
.../github.com/trisacrypto/directory/pkg/bff/users.go	0.00% <0.00%> (-22.23%)	⬇️
...com/trisacrypto/directory/pkg/bff/auth/metadata.go	46.66% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ff8e01f...cdf630c. Read the comment docs.

[pdeziel]

This makes sense to me, I like the fact that we have a variety of test cases for marshaling and unmarshaling the auth0 response. I guess we will have to remember to update those if we add fields to auth0?

[pdeziel]

This makes a lot more sense than indexing into the map, can you update the above comment to reflect that this is a struct with default values now rather than a map?

[bbengfort]

Done!

[pdeziel]

Since we are now syncing the user app metadata at the end, this protects us from partial updates?

[bbengfort]

There should only be two possible cases:

1. The user is logging in for the first time and an organization is created for them
2. The user needs the VASP ids updated from their organization

In case #1 - the following data is saved:

{
  "orgid": "uuid",
  "vasps": {
    "testnet": "",
    "mainnet": "",
  }
}

Case #1 should only happen once.

Because I moved the syncing to the end, case #2 is going to happen on every single login since I removed the MapEqual check. I debated whether or not we should do this -- it is safer, and logins are infrequent. However, we will eventually need some change detection to alert the front-end that the user needs to login again; so this is likely temporary.

[bbengfort]

This makes sense to me, I like the fact that we have a variety of test cases for marshaling and unmarshaling the auth0 response. I guess we will have to remember to update those if we add fields to auth0?

Agreed, if we add more fields we should add more cases; though I do think I went a little overboard with all the different combinations -- we don't have to test every single combination of empty and filled field!