fix: Override sub with federated_claims.user_id when dex is used

[aali309]

Fixes: #17908

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

🔴 Preview Environment stopped on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🔵 /bns:start to start the environment
• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to remove the environment

[codecov]

Codecov Report

Attention: Patch coverage is 74.13793% with 45 lines in your changes missing coverage. Please review.

Project coverage is 55.24%. Comparing base (8126508) to head (96efc42).
Report is 3 commits behind head on master.

Files with missing lines	Patch %	Lines
cmd/argocd/commands/project_role.go	0.00%	15 Missing ⚠️
util/session/sessionmanager.go	80.00%	11 Missing and 3 partials ⚠️
cmd/argocd/commands/utils/claims.go	52.94%	8 Missing ⚠️
server/server.go	50.00%	7 Missing ⚠️
util/oidc/oidc.go	96.77%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #20683      +/-   ##
==========================================
+ Coverage   55.19%   55.24%   +0.04%     
==========================================
  Files         337      338       +1     
  Lines       57058    57192     +134     
==========================================
+ Hits        31496    31594      +98     
- Misses      22863    22903      +40     
+ Partials     2699     2695       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ishitasequeira]

nit: move the values "federated_claims", "user_id", "sub" to constants.

[ishitasequeira]

Is this downgrade on purpose or the PR just needs a rebase?

[aali309]

Yes did it on purpose when testing virtually, I forgot to revert.

[ishitasequeira]

Overall code change looks good!!

@jannfis @pasha-codefresh do you see any concerns with the change?

[agaudreault]

The change from RegisterClaims to MapClaims makes this PR a lot more impactful and the blast radius is hard to grasp, especially that not the same claims seems to be added in the context object.

[agaudreault]

I don't think we should use MapClaims. See the comment on the RegisterClaims object

// RegisteredClaims are a structured version of the JWT Claims Set,
// restricted to Registered Claim Names, as referenced at
// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
//
// This type can be used on its own, but then additional private and
// public claims embedded in the JWT will not be parsed. The typical usecase
// therefore is to embedded this in a user-defined claim type.

basically, define a new struct

type ArgoClaims struct {
	RegisteredClaims
	OtherClaim string `json:"othet,omitempty"`
	...