Automatically decode x-ms-client-principal header

[anthonychu]

Add a user property to the HttpRequest that contains an object representing the logged in user.

If a user is logged in, the platform sets the x-ms-client-principal header, which is in base64 encoded JSON. Both AppService/Functions authentication and Static Web Apps authentication support this header. However, they each have a slightly different schema.

Option 1: automatically decode the header into req.user and leave it to the developer to figure out which type they are working with.

Option 2: automatically decode the header into req.user in a common type. The worker takes care of mapping fields from each schema into the corresponding fields in the common type. The developer can expect the same type no matter which auth the app is using.

[anthonychu]

Option 3, which I think is the one I'd suggest:

• Add a user property to the http request object if x-ms-client-principal exists:

  {
    "type": "AppService", // or "StaticWebApps"
    "id": "b18031c7-46de-49c5-b68a-b562af6876a7",
    "username": "connie.wilson@contoso.com",
    "identityProvider": "aad",
    "claimsPrincipalData": { ... }
  }

• claimsPrincipalData - base64 decoded and JSON parsed x-ms-client-principal
• type - determine based on the properties in claimsPrincipalData

Property	AppService	StaticWebApps
id	x-ms-client-principal-id header	userId in client principal
username	x-ms-client-principal-name header	userDetails in client principal
identityProvider	x-ms-client-principal-idp header	identityProvider in client principal

[hossam-nasr]

Closing this issue, implemented in this PR #483.

Basically following @anthonychu's option 3. In HttpRequest, the user property is added:

/**
  *  Object representing logged-in user, either through
  *  AppService/Functions authentication, or SWA Authentication
  *  null when no such user is logged in.
  */
user: HttpRequestUser | null;

which has the following interface:

/**
 *  Object representing logged-in user, either through
 *  AppService/Functions authentication, or SWA Authentication
 */
export interface HttpRequestUser {
    /**
     * Type of authentication, either AppService or StaticWebApps
     */
    type: HttpRequestUserType;
    /**
     * unique user GUID
     */
    id: string;
    /**
     * unique username
     */
    username: string;
    /**
     * provider of authentication service
     */
    identityProvider: string;
    /**
     * Extra authentication information, dependent on auth type
     * and auth provider
     */
    claimsPrincipalData: {
        [key: string]: any;
    };
}