refactor: rename idp fields to provider naming

app/security/idp_jwt.py

@@ -9,13 +9,13 @@ from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 
 from app.core.config import get_settings
-from app.schemas.auth import KeycloakPrincipal
+from app.schemas.auth import ProviderPrincipal
 
 bearer_scheme = HTTPBearer(auto_error=False)
 logger = logging.getLogger(__name__)
 
 
-class KeycloakTokenVerifier:
+class ProviderTokenVerifier:
     def __init__(
         self,
         issuer: str | None,
@@ -99,7 +99,7 @@ class KeycloakTokenVerifier:
             return base_url.rstrip("/") + "/realms/master/protocol/openid-connect/userinfo"
         return None
 
-    def _enrich_from_userinfo(self, principal: KeycloakPrincipal, token: str) -> KeycloakPrincipal:
+    def _enrich_from_userinfo(self, principal: ProviderPrincipal, token: str) -> ProviderPrincipal:
         if principal.email and (principal.name or principal.preferred_username) and principal.groups:
             return principal
         if not self.userinfo_endpoint:
@@ -132,7 +132,7 @@ class KeycloakTokenVerifier:
         payload_groups = data.get("groups")
         if isinstance(payload_groups, list):
             groups = [str(g) for g in payload_groups if str(g)]
-        enriched = KeycloakPrincipal(
+        enriched = ProviderPrincipal(
             sub=principal.sub,
             email=email,
             name=name,
@@ -169,7 +169,7 @@ class KeycloakTokenVerifier:
         token = resp.json().get("access_token")
         return str(token) if token else None
 
-    def _enrich_groups_from_admin(self, principal: KeycloakPrincipal) -> KeycloakPrincipal:
+    def _enrich_groups_from_admin(self, principal: ProviderPrincipal) -> ProviderPrincipal:
         if principal.groups:
             return principal
         if not self.base_url or not self.realm:
@@ -204,7 +204,7 @@ class KeycloakTokenVerifier:
                     groups.append(name)
         if not groups:
             return principal
-        return KeycloakPrincipal(
+        return ProviderPrincipal(
             sub=principal.sub,
             email=principal.email,
             name=principal.name,
@@ -212,7 +212,7 @@ class KeycloakTokenVerifier:
             groups=groups,
         )
 
-    def verify_access_token(self, token: str) -> KeycloakPrincipal:
+    def verify_access_token(self, token: str) -> ProviderPrincipal:
         try:
             header = jwt.get_unverified_header(token)
             algorithm = str(header.get("alg", "")).upper()
@@ -255,7 +255,7 @@ class KeycloakTokenVerifier:
         if not sub:
             raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="token_missing_sub")
 
-        principal = KeycloakPrincipal(
+        principal = ProviderPrincipal(
             sub=sub,
             email=claims.get("email"),
             name=claims.get("name"),
@@ -266,9 +266,9 @@ class KeycloakTokenVerifier:
 
 
 @lru_cache
-def _get_verifier() -> KeycloakTokenVerifier:
+def _get_verifier() -> ProviderTokenVerifier:
     settings = get_settings()
-    return KeycloakTokenVerifier(
+    return ProviderTokenVerifier(
         issuer=settings.idp_issuer,
         jwks_url=settings.idp_jwks_url,
         audience=settings.idp_audience,
@@ -286,7 +286,7 @@ def _get_verifier() -> KeycloakTokenVerifier:
 
 def require_authenticated_principal(
     credentials: HTTPAuthorizationCredentials | None = Depends(bearer_scheme),
-) -> KeycloakPrincipal:
+) -> ProviderPrincipal:
     if credentials is None or credentials.scheme.lower() != "bearer":
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="missing_bearer_token")