Remove tenant experiment

- tenancy must be tied to a client ID

connector/hsdp/extend_payload.go

@@ -4,8 +4,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"strings"
-
-	"golang.org/x/exp/slices"
 )
 
 func (c *HSDPConnector) ExtendPayload(scopes []string, payload []byte, cdata []byte) ([]byte, error) {
@@ -32,25 +30,6 @@ func (c *HSDPConnector) ExtendPayload(scopes []string, payload []byte, cdata []b
 		if scope == "hsp:iam:token" {
 			originalClaims["tkn"] = string(cd.AccessToken)
 		}
-
-		// Experimental tenant scoping
-		if strings.HasPrefix(scope, "tenant:") {
-			group := strings.TrimPrefix(scope, "tenant:")
-			if slices.Contains(c.tenantGroups, group) {
-				var tenants []string
-				// Iterate through introspect and add OrgID as tenant when matched
-				for _, org := range cd.Introspect.Organizations.OrganizationList {
-					for _, orgGroup := range org.Groups {
-						if group == orgGroup {
-							tenants = append(tenants, org.OrganizationID)
-						}
-					}
-				}
-				if len(tenants) > 0 {
-					originalClaims[scope] = tenants
-				}
-			}
-		}
 	}
 	originalClaims["mid"] = cd.Introspect.Organizations.ManagingOrganization
 	originalClaims["tid"] = trustedOrgID

connector/hsdp/hsdp_test.go

@@ -40,13 +40,12 @@ func TestHandleCallback(t *testing.T) {
 			expectUserID:   "subvalue",
 			expectUserName: "username",
 			token: map[string]interface{}{
-				"sub":               "subvalue",
-				"name":              "namevalue",
-				"username":          "username",
-				"email":             "emailvalue",
-				"given_name":        "givenname",
-				"family_name":       "familyname",
-				"tenant:logreaders": []string{"foo", "bar"},
+				"sub":         "subvalue",
+				"name":        "namevalue",
+				"username":    "username",
+				"email":       "emailvalue",
+				"given_name":  "givenname",
+				"family_name": "familyname",
 			},
 		},
 	}