Returns the merged OIDC claims for the authenticated user. @Summary Get OIDC claims for the authenticated user @ID get-oidc-claims-for-the-authenticated-user @Security CoderSessionToken @Produce json @Tags Users @Success 200 {object} codersdk.OIDCClaimsResponse @Router /api/v2/users/oidc-claims [ge
(rw http.ResponseWriter, r *http.Request)
| 82 | // @Success 200 {object} codersdk.OIDCClaimsResponse |
| 83 | // @Router /api/v2/users/oidc-claims [get] |
| 84 | func (api *API) userOIDCClaims(rw http.ResponseWriter, r *http.Request) { |
| 85 | var ( |
| 86 | ctx = r.Context() |
| 87 | apiKey = httpmw.APIKey(r) |
| 88 | ) |
| 89 | |
| 90 | user, err := api.Database.GetUserByID(ctx, apiKey.UserID) |
| 91 | if err != nil { |
| 92 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 93 | Message: "Failed to get user.", |
| 94 | Detail: err.Error(), |
| 95 | }) |
| 96 | return |
| 97 | } |
| 98 | |
| 99 | if user.LoginType != database.LoginTypeOIDC { |
| 100 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 101 | Message: "User is not an OIDC user.", |
| 102 | }) |
| 103 | return |
| 104 | } |
| 105 | |
| 106 | //nolint:gocritic // GetUserLinkByUserIDLoginType requires reading |
| 107 | // rbac.ResourceSystem. The endpoint is scoped to the authenticated |
| 108 | // user's own identity via apiKey, so this is safe. |
| 109 | link, err := api.Database.GetUserLinkByUserIDLoginType( |
| 110 | dbauthz.AsSystemRestricted(ctx), |
| 111 | database.GetUserLinkByUserIDLoginTypeParams{ |
| 112 | UserID: user.ID, |
| 113 | LoginType: database.LoginTypeOIDC, |
| 114 | }, |
| 115 | ) |
| 116 | if err != nil { |
| 117 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 118 | Message: "Failed to get user link.", |
| 119 | Detail: err.Error(), |
| 120 | }) |
| 121 | return |
| 122 | } |
| 123 | |
| 124 | claims := link.Claims.MergedClaims |
| 125 | if claims == nil { |
| 126 | claims = map[string]interface{}{} |
| 127 | } |
| 128 | httpapi.Write(ctx, rw, http.StatusOK, codersdk.OIDCClaimsResponse{ |
| 129 | Claims: claims, |
| 130 | }) |
| 131 | } |
| 132 | |
| 133 | // Returns whether the initial user has been created or not. |
| 134 | // |
nothing calls this directly
no test coverage detected