MCPcopy Index your code
hub / github.com/coder/coder / accessTokenClaims

Method accessTokenClaims

coderd/userauth.go:1567–1591  ·  view source on GitHub ↗
(ctx context.Context, rw http.ResponseWriter, state httpmw.OAuth2State, logger slog.Logger)

Source from the content-addressed store, hash-verified

1565}
1566
1567func (api *API) accessTokenClaims(ctx context.Context, rw http.ResponseWriter, state httpmw.OAuth2State, logger slog.Logger) (accessTokenClaims map[string]interface{}, ok bool) {
1568 // Assume the access token is a jwt, and signed by the provider.
1569 accessToken, err := api.OIDCConfig.Verifier.Verify(ctx, state.Token.AccessToken)
1570 if err != nil {
1571 logger.Error(ctx, "oauth2: unable to verify access token as secondary claims source", slog.Error(err))
1572 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
1573 Message: "Failed to verify access token.",
1574 Detail: fmt.Sprintf("sourcing secondary claims from access token: %s", err.Error()),
1575 })
1576 return nil, false
1577 }
1578
1579 rawClaims := make(map[string]any)
1580 err = accessToken.Claims(&rawClaims)
1581 if err != nil {
1582 logger.Error(ctx, "oauth2: unable to unmarshal access token claims", slog.Error(err))
1583 httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
1584 Message: "Failed to unmarshal access token claims.",
1585 Detail: err.Error(),
1586 })
1587 return nil, false
1588 }
1589
1590 return rawClaims, true
1591}
1592
1593func (api *API) userInfoClaims(ctx context.Context, rw http.ResponseWriter, state httpmw.OAuth2State, logger slog.Logger) (userInfoClaims map[string]interface{}, ok bool) {
1594 userInfoClaims = make(map[string]interface{})

Callers 1

userOIDCMethod · 0.95

Calls 2

WriteFunction · 0.92
ErrorMethod · 0.45

Tested by

no test coverage detected