From 9e00b82bdf6c65f29e4ebba62f4eb0dd5398bc19 Mon Sep 17 00:00:00 2001
From: Cristian Le <git@lecris.me>
Date: Wed, 5 May 2021 08:49:03 +0900
Subject: [PATCH] Revert `oidc_test.go`

Moving the `preferred_username` to a separate PR
---
 authority/provisioner/oidc_test.go   | 5 -----
 authority/provisioner/provisioner.go | 2 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/authority/provisioner/oidc_test.go b/authority/provisioner/oidc_test.go
index 85c6b1a9..9c4b3f4c 100644
--- a/authority/provisioner/oidc_test.go
+++ b/authority/provisioner/oidc_test.go
@@ -514,8 +514,6 @@ func TestOIDC_AuthorizeSSHSign(t *testing.T) {
 	assert.FatalError(t, err)
 	failGetIdentityToken, err := generateSimpleToken("the-issuer", p5.ClientID, &keys.Keys[0])
 	assert.FatalError(t, err)
-	okPreferredUsername, err := generateOIDCToken("subject", "the-issuer", p1.ClientID, "name@smallstep.com", "lecris", time.Now(), &keys.Keys[0])
-	assert.FatalError(t, err)
 	// Admin email not in domains
 	okAdmin, err := generateOIDCToken("subject", "the-issuer", p3.ClientID, "root@example.com", "", time.Now(), &keys.Keys[0])
 	assert.FatalError(t, err)
@@ -576,9 +574,6 @@ func TestOIDC_AuthorizeSSHSign(t *testing.T) {
 		{"ok-emptyPrincipals-getIdentity", p4, args{okGetIdentityToken, SignSSHOptions{}, pub},
 			&SignSSHOptions{CertType: "user", Principals: []string{"max", "mariano"},
 				ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(userDuration))}, http.StatusOK, false, false},
-		{"ok-preferred-username", p1, args{okPreferredUsername, SignSSHOptions{CertType: "user", KeyID: "name@smallstep.com", Principals: []string{"lecris"}}, pub},
-			&SignSSHOptions{CertType: "user", Principals: []string{"lecris", "name", "name@smallstep.com"},
-				ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(userDuration))}, http.StatusOK, false, false},
 		{"ok-options", p1, args{t1, SignSSHOptions{CertType: "user", Principals: []string{"name"}}, pub},
 			&SignSSHOptions{CertType: "user", Principals: []string{"name", "name@smallstep.com"},
 				ValidAfter: NewTimeDuration(tm), ValidBefore: NewTimeDuration(tm.Add(userDuration))}, http.StatusOK, false, false},
diff --git a/authority/provisioner/provisioner.go b/authority/provisioner/provisioner.go
index 6ffab03d..c05d68ab 100644
--- a/authority/provisioner/provisioner.go
+++ b/authority/provisioner/provisioner.go
@@ -346,7 +346,7 @@ func DefaultIdentityFunc(ctx context.Context, p Interface, email string, usernam
 	switch k := p.(type) {
 	case *OIDC:
 		// OIDC principals would be:
-		// 1. Preferred usernames.
+		// ~~1. Preferred usernames.~~ Note: Under discussion, currently disabled
 		// 2. Sanitized local.
 		// 3. Raw local (if different).
 		// 4. Email address.