LG-6204/LG-6220: capture user pii in a signed JWT and pass to frontend

[solipet]

Captures the current state of the user's pii (and a few other session state variables) and packs them in a JWT that is used to initialize the React app for the new IdV flow.

As we work our way back in the flow from the end, we will eventually be managing the user PII in the client, though we will be passing the JWT back and forth since it will contain the verified data and will be signed by the server.

The pii in the JWT is added to the initial values that are given to the React app.

[aduth]

I seem to recall you mentioning we might not need this?

Suggested change

	data[:issuer] = service_provider.issuer if service_provider

[solipet]

Yup - I completely removed the SP from the tokenizer in 8a4cac1cb ee036db05 b3501a7f9

[aduth]

Separately, we should start thinking about how to only include the user bundle and remove personalKey. That being said, we'll probably still need it as long as personal key is the only enabled step, if we ship it before others.

[solipet]

Yup, eventually we won't even need the bundle - this is all temporary.

[aduth]

LGTM 🚀

Confirmed the PII makes it into the flow:

[aduth]

As discussed in our working session, really tempting to pull in Lodash here:

Suggested change

	const camelCase = (string: string) =>
	string.replace(/[^a-z]([a-z])/gi, (_match, nextLetter) => nextLetter.toUpperCase());
	const jwtData = JSON.parse(atob(initialValues.userBundleToken.split('.')[1]));
	const pii = Object.fromEntries(
	Object.entries(jwtData.pii).map(([key, value]) => [camelCase(key), value]),
	);
	import { mapKeys, camelCase } from 'lodash-es';
	const jwtData = JSON.parse(atob(initialValues.userBundleToken.split('.')[1]));
	const pii = mapKeys(jwtData.pii, camelCase);

• https://lodash.com/docs/4.17.15#mapKeys
• https://lodash.com/docs/4.17.15#camelCase