MCPcopy Index your code
hub / github.com/coder/coder / userOIDCClaims

Method userOIDCClaims

coderd/users.go:84–131  ·  view source on GitHub ↗

Returns the merged OIDC claims for the authenticated user. @Summary Get OIDC claims for the authenticated user @ID get-oidc-claims-for-the-authenticated-user @Security CoderSessionToken @Produce json @Tags Users @Success 200 {object} codersdk.OIDCClaimsResponse @Router /api/v2/users/oidc-claims [ge

(rw http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

82// @Success 200 {object} codersdk.OIDCClaimsResponse
83// @Router /api/v2/users/oidc-claims [get]
84func (api *API) userOIDCClaims(rw http.ResponseWriter, r *http.Request) {
85 var (
86 ctx = r.Context()
87 apiKey = httpmw.APIKey(r)
88 )
89
90 user, err := api.Database.GetUserByID(ctx, apiKey.UserID)
91 if err != nil {
92 httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
93 Message: "Failed to get user.",
94 Detail: err.Error(),
95 })
96 return
97 }
98
99 if user.LoginType != database.LoginTypeOIDC {
100 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
101 Message: "User is not an OIDC user.",
102 })
103 return
104 }
105
106 //nolint:gocritic // GetUserLinkByUserIDLoginType requires reading
107 // rbac.ResourceSystem. The endpoint is scoped to the authenticated
108 // user's own identity via apiKey, so this is safe.
109 link, err := api.Database.GetUserLinkByUserIDLoginType(
110 dbauthz.AsSystemRestricted(ctx),
111 database.GetUserLinkByUserIDLoginTypeParams{
112 UserID: user.ID,
113 LoginType: database.LoginTypeOIDC,
114 },
115 )
116 if err != nil {
117 httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
118 Message: "Failed to get user link.",
119 Detail: err.Error(),
120 })
121 return
122 }
123
124 claims := link.Claims.MergedClaims
125 if claims == nil {
126 claims = map[string]interface{}{}
127 }
128 httpapi.Write(ctx, rw, http.StatusOK, codersdk.OIDCClaimsResponse{
129 Claims: claims,
130 })
131}
132
133// Returns whether the initial user has been created or not.
134//

Callers

nothing calls this directly

Calls 7

APIKeyFunction · 0.92
WriteFunction · 0.92
AsSystemRestrictedFunction · 0.92
ContextMethod · 0.65
GetUserByIDMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected