coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 75 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 75 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 69 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 69 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 12 additions & 5 deletions b/‎coderd/coderd.go
Lines changed: 12 additions & 5 deletions
diff --git a/‎coderd/database/db2sdk/db2sdk.go
Lines changed: 18 additions & 0 deletions b/‎coderd/database/db2sdk/db2sdk.go
Lines changed: 18 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 8 additions & 4 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 8 additions & 4 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 23 additions & 0 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 23 additions & 0 deletions
diff --git a/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/dbmock/dbmock.go
Lines changed: 14 additions & 0 deletions b/‎coderd/database/dbmock/dbmock.go
Lines changed: 14 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 14 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 14 additions & 0 deletions
diff --git a/‎coderd/database/queries/externalauth.sql
Lines changed: 3 additions & 0 deletions b/‎coderd/database/queries/externalauth.sql
Lines changed: 3 additions & 0 deletions
@@ -660,14 +660,21 @@ func New(options *Options) *API {
 			r.Get("/{fileID}", api.fileByID)
 			r.Post("/", api.postFile)
 		})
-		r.Route("/external-auth/{externalauth}", func(r chi.Router) {
+		r.Route("/external-auth", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
-				httpmw.ExtractExternalAuthParam(options.ExternalAuthConfigs),
 			)
-			r.Get("/", api.externalAuthByID)
-			r.Post("/device", api.postExternalAuthDeviceByID)
-			r.Get("/device", api.externalAuthDeviceByID)
+			// Get without a specific external auth ID will return all external auths.
+			r.Get("/", api.listUserExternalAuths)
+			r.Route("/{externalauth}", func(r chi.Router) {
+				r.Use(
+					httpmw.ExtractExternalAuthParam(options.ExternalAuthConfigs),
+				)
+				r.Delete("/", api.deleteExternalAuthByID)
+				r.Get("/", api.externalAuthByID)
+				r.Post("/device", api.postExternalAuthDeviceByID)
+				r.Get("/device", api.externalAuthDeviceByID)
+			})
 		})
 		r.Route("/organizations", func(r chi.Router) {
 			r.Use(
 
@@ -16,6 +16,24 @@ import (
 	"github.com/coder/coder/v2/provisionersdk/proto"
 )
 
+func ExternalAuths(auths []database.ExternalAuthLink) []codersdk.ExternalAuthLink {
+	out := make([]codersdk.ExternalAuthLink, 0, len(auths))
+	for _, auth := range auths {
+		out = append(out, ExternalAuth(auth))
+	}
+	return out
+}
+
+func ExternalAuth(auth database.ExternalAuthLink) codersdk.ExternalAuthLink {
+	return codersdk.ExternalAuthLink{
+		ProviderID:      auth.ProviderID,
+		CreatedAt:       auth.CreatedAt,
+		UpdatedAt:       auth.UpdatedAt,
+		HasRefreshToken: auth.OAuthRefreshToken != "",
+		Expires:         auth.OAuthExpiry,
+	}
+}
+
 func WorkspaceBuildParameters(params []database.WorkspaceBuildParameter) []codersdk.WorkspaceBuildParameter {
 	out := make([]codersdk.WorkspaceBuildParameter, len(params))
 	for i, p := range params {
 
@@ -754,6 +754,13 @@ func (q *querier) DeleteCoordinator(ctx context.Context, id uuid.UUID) error {
 	return q.db.DeleteCoordinator(ctx, id)
 }
 
+func (q *querier) DeleteExternalAuthLink(ctx context.Context, arg database.DeleteExternalAuthLinkParams) error {
+	return deleteQ(q.log, q.auth, func(ctx context.Context, arg database.DeleteExternalAuthLinkParams) (database.ExternalAuthLink, error) {
+		//nolint:gosimple
+		return q.db.GetExternalAuthLink(ctx, database.GetExternalAuthLinkParams{UserID: arg.UserID, ProviderID: arg.ProviderID})
+	}, q.db.DeleteExternalAuthLink)(ctx, arg)
+}
+
 func (q *querier) DeleteGitSSHKey(ctx context.Context, userID uuid.UUID) error {
 	return deleteQ(q.log, q.auth, q.db.GetGitSSHKey, q.db.DeleteGitSSHKey)(ctx, userID)
 }
@@ -996,10 +1003,7 @@ func (q *querier) GetExternalAuthLink(ctx context.Context, arg database.GetExter
 }
 
 func (q *querier) GetExternalAuthLinksByUserID(ctx context.Context, userID uuid.UUID) ([]database.ExternalAuthLink, error) {
-	if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceSystem); err != nil {
-		return nil, err
-	}
-	return q.db.GetExternalAuthLinksByUserID(ctx, userID)
+	return fetchWithPostFilter(q.auth, q.db.GetExternalAuthLinksByUserID)(ctx, userID)
 }
 
 func (q *querier) GetFileByHashAndCreator(ctx context.Context, arg database.GetFileByHashAndCreatorParams) (database.File, error) {
 
@@ -1027,6 +1027,29 @@ func (*FakeQuerier) DeleteCoordinator(context.Context, uuid.UUID) error {
 	return ErrUnimplemented
 }
 
+func (q *FakeQuerier) DeleteExternalAuthLink(_ context.Context, arg database.DeleteExternalAuthLinkParams) error {
+	err := validateDatabaseType(arg)
+	if err != nil {
+		return err
+	}
+
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	for index, key := range q.externalAuthLinks {
+		if key.UserID != arg.UserID {
+			continue
+		}
+		if key.ProviderID != arg.ProviderID {
+			continue
+		}
+		q.externalAuthLinks[index] = q.externalAuthLinks[len(q.externalAuthLinks)-1]
+		q.externalAuthLinks = q.externalAuthLinks[:len(q.externalAuthLinks)-1]
+		return nil
+	}
+	return sql.ErrNoRows
+}
+
 func (q *FakeQuerier) DeleteGitSSHKey(_ context.Context, userID uuid.UUID) error {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()
 
@@ -1,6 +1,9 @@
 -- name: GetExternalAuthLink :one
 SELECT * FROM external_auth_links WHERE provider_id = $1 AND user_id = $2;
 
+-- name: DeleteExternalAuthLink :exec
+DELETE FROM external_auth_links WHERE provider_id = $1 AND user_id = $2;
+
 -- name: GetExternalAuthLinksByUserID :many
 SELECT * FROM external_auth_links WHERE user_id = $1;
Original file line number	Diff line number	Diff line change
`@@ -754,6 +754,13 @@ func (q *querier) DeleteCoordinator(ctx context.Context, id uuid.UUID) error {`
`754`	`754`	`return q.db.DeleteCoordinator(ctx, id)`
`755`	`755`	`}`
`756`	`756`
	`757`	`+func (q *querier) DeleteExternalAuthLink(ctx context.Context, arg database.DeleteExternalAuthLinkParams) error {`
	`758`	`+ return deleteQ(q.log, q.auth, func(ctx context.Context, arg database.DeleteExternalAuthLinkParams) (database.ExternalAuthLink, error) {`
	`759`	`+ //nolint:gosimple`
	`760`	`+ return q.db.GetExternalAuthLink(ctx, database.GetExternalAuthLinkParams{UserID: arg.UserID, ProviderID: arg.ProviderID})`
	`761`	`+ }, q.db.DeleteExternalAuthLink)(ctx, arg)`
	`762`	`+}`
	`763`	`+`
`757`	`764`	`func (q *querier) DeleteGitSSHKey(ctx context.Context, userID uuid.UUID) error {`
`758`	`765`	`return deleteQ(q.log, q.auth, q.db.GetGitSSHKey, q.db.DeleteGitSSHKey)(ctx, userID)`
`759`	`766`	`}`
`@@ -996,10 +1003,7 @@ func (q *querier) GetExternalAuthLink(ctx context.Context, arg database.GetExter`
`996`	`1003`	`}`
`997`	`1004`
`998`	`1005`	`func (q *querier) GetExternalAuthLinksByUserID(ctx context.Context, userID uuid.UUID) ([]database.ExternalAuthLink, error) {`
`999`		`- if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceSystem); err != nil {`
`1000`		`- return nil, err`
`1001`		`- }`
`1002`		`- return q.db.GetExternalAuthLinksByUserID(ctx, userID)`
	`1006`	`+ return fetchWithPostFilter(q.auth, q.db.GetExternalAuthLinksByUserID)(ctx, userID)`
`1003`	`1007`	`}`
`1004`	`1008`
`1005`	`1009`	`func (q *querier) GetFileByHashAndCreator(ctx context.Context, arg database.GetFileByHashAndCreatorParams) (database.File, error) {`