feat: allow storing extra oauth token properties in the database (#10152)

coderd/coderdtest/oidctest/idp.go

@@ -68,6 +68,7 @@ type FakeIDP struct {
 	// "Authorized Redirect URLs". This can be used to emulate that.
 	hookValidRedirectURL func(redirectURL string) error
 	hookUserInfo         func(email string) (jwt.MapClaims, error)
+	hookMutateToken      func(token map[string]interface{})
 	fakeCoderd           func(req *http.Request) (*http.Response, error)
 	hookOnRefresh        func(email string) error
 	// Custom authentication for the client. This is useful if you want
@@ -112,6 +113,14 @@ func WithRefresh(hook func(email string) error) func(*FakeIDP) {
 	}
 }
 
+// WithExtra returns extra fields that be accessed on the returned Oauth Token.
+// These extra fields can override the default fields (id_token, access_token, etc).
+func WithMutateToken(mutateToken func(token map[string]interface{})) func(*FakeIDP) {
+	return func(f *FakeIDP) {
+		f.hookMutateToken = mutateToken
+	}
+}
+
 func WithCustomClientAuth(hook func(t testing.TB, req *http.Request) (url.Values, error)) func(*FakeIDP) {
 	return func(f *FakeIDP) {
 		f.hookAuthenticateClient = hook
@@ -621,6 +630,9 @@ func (f *FakeIDP) httpHandler(t testing.TB) http.Handler {
 			"expires_in":    int64((time.Minute * 5).Seconds()),
 			"id_token":      f.encodeClaims(t, claims),
 		}
+		if f.hookMutateToken != nil {
+			f.hookMutateToken(token)
+		}
 		// Store the claims for the next refresh
 		f.refreshIDTokenClaims.Store(refreshToken, claims)