chore: include merged claims into the database (#15570)

Merging happens before IDP sync. Storing this will make some SQL queries much simplier.
2025-07-18 14:17:22 +00:00 · 2024-11-18 11:58:19 -06:00
parent 097b84f27b
commit 4fedc7cf3d
3 changed files with 14 additions and 0 deletions
--- a/coderd/database/types.go
+++ b/coderd/database/types.go
@ -214,6 +214,9 @@ func (p AgentIDNamePair) Value() (driver.Value, error) {
 type UserLinkClaims struct {
 	IDTokenClaims  map[string]interface{} `json:"id_token_claims"`
 	UserInfoClaims map[string]interface{} `json:"user_info_claims"`
+	// MergeClaims are computed in Golang. It is the result of merging
+	// the IDTokenClaims and UserInfoClaims. UserInfoClaims take precedence.
+	MergedClaims map[string]interface{} `json:"merged_claims"`
 }

 func (a *UserLinkClaims) Scan(src interface{}) error {
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@ -1326,6 +1326,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		UserClaims: database.UserLinkClaims{
 			IDTokenClaims:  idtokenClaims,
 			UserInfoClaims: userInfoClaims,
+			MergedClaims:   mergedClaims,
 		},
 	}).SetInitAuditRequest(func(params *audit.RequestParams) (*audit.Request[database.User], func()) {
 		return audit.InitRequest[database.User](rw, params)