Export filterDefaultIdTokenClaims and update beforeSessionSaved docs

[frederikprijck]

📋 Changes

We have the following code here:

if (this.beforeSessionSaved) {
    const updatedSession = await this.beforeSessionSaved(
      session,
      oidcRes.id_token ?? null
    );
    session = {
      ...updatedSession,
      internal: session.internal
    };
  } else {
    session.user = filterClaims(idTokenClaims);
 }

What we can see here is that if the user does not pass a beforeSessionSaved handler, the session.user is set to a filtered list of claims to only contain the default tokens.

However, when a beforeSessionSaved handler is passed, the claims aren't filtered, and the session.user object passed to this.beforeSessionSaved has a non-filtered list of claims.

This means, that the following code would include all claims:

export const auth0 = new Auth0Client({
  async beforeSessionSaved(session, idToken) {
    return session
  },
})

However, this isn't clear from the docs. Additionally, if a user wants to only include a single claim, they currently need to ensure they provide all the default claims manually:

export const auth0 = new Auth0Client({
  async beforeSessionSaved(session, idToken) {
    return {
      ...session,
      user: {
        sub: session.user.sub,
        name: session.user.name,
        nickname: session.user.nickname,
        given_name: session.user.given_name,
        family_name: session.user.family_name,
        picture: session.user.picture,
        email: session.user.email,
        email_verified: session.user.email_verified,
        org_id: session.user.org_id,
        foo: session.user.foo, // add the foo claim
      },
    }
  },
})

This is way to complicated and not the kind of experience we want. Therefore this PR exports the filterClaims (and renames it to filterDefaultIdTokenClaims, so it can be used in custom beforeSessionSaved handlers accordingly.

📎 References

🎯 Testing

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.61%. Comparing base (0ed21d1) to head (6218768).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2119   +/-   ##
=======================================
  Coverage   82.61%   82.61%           
=======================================
  Files          21       21           
  Lines        2042     2042           
  Branches      358      358           
=======================================
  Hits         1687     1687           
  Misses        348      348           
  Partials        7        7           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[deepu105]

refactor fixes

[guabu]

Changes LGTM, just left a small comment 👍 It might be worth considering exporting DEFAULT_ALLOWED_CLAIMS to allow the developer to implement their own filter method based on the default profile claims.