From 3637879f90a733946111870346efae44e04d8d33 Mon Sep 17 00:00:00 2001
From: le king fu <lekingfu@protonmail.com>
Date: Sat, 30 May 2026 14:10:14 -0400
Subject: [PATCH] fix(web): resolve display name from userInfo, not just claims
 (#70)

getAuthenticatedUser only read ID token claims, where `name` is often
absent, so the web app showed the user's email instead of their name
after SSO. Fetch the userInfo endpoint and resolve the display name with
the same fallback order as the vitrine (la-compagnie-maximus#80):
userInfo.name -> userInfo.username -> claims.name -> claims.username,
with the email fallback applied in the layout. Email now also prefers
userInfo over claims.

Single source of truth in auth.ts (only producer of `name`, consumed
solely by layout.tsx -> Header). layout.tsx and Header.tsx verified,
left unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 web/src/lib/auth.ts | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/web/src/lib/auth.ts b/web/src/lib/auth.ts
index 0907cfb..f3bf3a0 100644
--- a/web/src/lib/auth.ts
+++ b/web/src/lib/auth.ts
@@ -4,16 +4,26 @@ import { logtoConfig } from './logto';
 
 export const getAuthenticatedUser = cache(async () => {
   try {
-    const context = await getLogtoContext(logtoConfig);
+    const context = await getLogtoContext(logtoConfig, { fetchUserInfo: true });
 
     if (!context.isAuthenticated || !context.claims?.sub) {
       return null;
     }
 
+    const { claims, userInfo } = context;
+
+    // Mirror the vitrine's display-name resolution (la-compagnie-maximus#80):
+    // prefer the userInfo endpoint over ID token claims, falling back to email
+    // in the layout. The `name` claim is often absent from the ID token while
+    // present in userInfo, which is why the user saw their email instead of "Max".
     return {
-      userId: context.claims.sub,
-      email: context.claims.email,
-      name: context.claims.name,
+      userId: claims.sub,
+      email: userInfo?.email || claims.email,
+      name:
+        userInfo?.name ||
+        userInfo?.username ||
+        claims.name ||
+        claims.username,
     };
   } catch (error) {
     console.error('[auth] getLogtoContext error:', error);
-- 
2.45.2