[server] FIx missing User.fullName attribute for SSO users – EXP-365

[AlexTugarev]

Git config prefers User.fullName for git config user.name, see

gitpod/components/server/src/workspace/workspace-starter.ts

Line 550 in 24f7b60

gitSpec.setUsername(user.fullName || identity.authName);

This PR should re-add this values.

Users would have to re-login to get this updated.

Description

Summary generated by Copilot

🤖 Generated by Copilot at 8e2b967

This pull request enhances the integration of OpenID Connect identity providers by improving the documentation of the OIDCCreateSessionPayload interface and updating the user's full name from the claims.

Related Issue(s)

Fixes EXP-365

How to test

• login into you SSO account with Google using https://at-sso-fullname.preview.gitpod-dev.com/login/acme
• start a workspace and see your git config user.name is set properly

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

• 🏷️ Name - at-sso-fullname
• 🔗 URL - at-sso-fullname.preview.gitpod-dev.com/workspaces.
• 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
• 📦 Version - at-sso-fullName-gha.14797

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[akosyakov]

It works as advertised. I'm not sure what could be other consequences though. Where else this name is used?

/hold

please unhold if you think it is safe.

[AlexTugarev]

Thanks for being mindful about implications, @akosyakov.

I'm not sure what could be other consequences though. Where else this name is used?

This PR aligns usage of User.fullName with how it's treaded for SCM based accounts. The mentioned git config setup expects a value at User.fullName, and falls back to Identity.authName. Because this expectation isn't met, i.e. the attribute is not set, we see the auth name for git config user.name.

That said, if fullName would be used in other places preferably as well, this would also be a fix in other locations.

I believe it's questionable, if not bogus, that User.fullName and User.name coexist without a good reason. See the added commends from OIDC spec, where the name claim's description is actually what we'd map to User.fullName. 🤷🏻‍♂️ this has potential to be misleading.

[AlexTugarev]

/unhold

Quickly checked, that re-login does work with no issues.