coder
diff --git a/‎cli/server.go
Lines changed: 2 additions & 0 deletions b/‎cli/server.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 6 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 6 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/coderdtest/oidctest/idp.go
Lines changed: 12 additions & 0 deletions b/‎coderd/coderdtest/oidctest/idp.go
Lines changed: 12 additions & 0 deletions
diff --git a/‎coderd/database/dbfake/dbfake.go
Lines changed: 2 additions & 0 deletions b/‎coderd/database/dbfake/dbfake.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/dbgen/dbgen.go
Lines changed: 2 additions & 0 deletions b/‎coderd/database/dbgen/dbgen.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 2 additions & 1 deletion b/‎coderd/database/dump.sql
Lines changed: 2 additions & 1 deletion
diff --git a/‎coderd/database/migrations/000163_external_auth_extra.down.sql
Lines changed: 1 addition & 0 deletions b/‎coderd/database/migrations/000163_external_auth_extra.down.sql
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/migrations/000163_external_auth_extra.up.sql
Lines changed: 1 addition & 0 deletions b/‎coderd/database/migrations/000163_external_auth_extra.up.sql
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/models.go
Lines changed: 2 additions & 1 deletion b/‎coderd/database/models.go
Lines changed: 2 additions & 1 deletion
@@ -2251,6 +2251,8 @@ func parseExternalAuthProvidersFromEnv(prefix string, environ []string) ([]coder
 			provider.NoRefresh = b
 		case "SCOPES":
 			provider.Scopes = strings.Split(v.Value, " ")
+		case "EXTRA_TOKEN_KEYS":
+			provider.ExtraTokenKeys = strings.Split(v.Value, " ")
 		case "APP_INSTALL_URL":
 			provider.AppInstallURL = v.Value
 		case "APP_INSTALLATIONS_URL":
 
@@ -68,6 +68,7 @@ type FakeIDP struct {
 	// "Authorized Redirect URLs". This can be used to emulate that.
 	hookValidRedirectURL func(redirectURL string) error
 	hookUserInfo         func(email string) (jwt.MapClaims, error)
+	hookMutateToken      func(token map[string]interface{})
 	fakeCoderd           func(req *http.Request) (*http.Response, error)
 	hookOnRefresh        func(email string) error
 	// Custom authentication for the client. This is useful if you want
@@ -112,6 +113,14 @@ func WithRefresh(hook func(email string) error) func(*FakeIDP) {
 	}
 }
 
+// WithExtra returns extra fields that be accessed on the returned Oauth Token.
+// These extra fields can override the default fields (id_token, access_token, etc).
+func WithMutateToken(mutateToken func(token map[string]interface{})) func(*FakeIDP) {
+	return func(f *FakeIDP) {
+		f.hookMutateToken = mutateToken
+	}
+}
+
 func WithCustomClientAuth(hook func(t testing.TB, req *http.Request) (url.Values, error)) func(*FakeIDP) {
 	return func(f *FakeIDP) {
 		f.hookAuthenticateClient = hook
@@ -621,6 +630,9 @@ func (f *FakeIDP) httpHandler(t testing.TB) http.Handler {
 			"expires_in":    int64((time.Minute * 5).Seconds()),
 			"id_token":      f.encodeClaims(t, claims),
 		}
+		if f.hookMutateToken != nil {
+			f.hookMutateToken(token)
+		}
 		// Store the claims for the next refresh
 		f.refreshIDTokenClaims.Store(refreshToken, claims)
 
 
@@ -4246,6 +4246,7 @@ func (q *FakeQuerier) InsertExternalAuthLink(_ context.Context, arg database.Ins
 		OAuthRefreshToken:      arg.OAuthRefreshToken,
 		OAuthRefreshTokenKeyID: arg.OAuthRefreshTokenKeyID,
 		OAuthExpiry:            arg.OAuthExpiry,
+		OAuthExtra:             arg.OAuthExtra,
 	}
 	q.externalAuthLinks = append(q.externalAuthLinks, gitAuthLink)
 	return gitAuthLink, nil
@@ -5301,6 +5302,7 @@ func (q *FakeQuerier) UpdateExternalAuthLink(_ context.Context, arg database.Upd
 		gitAuthLink.OAuthRefreshToken = arg.OAuthRefreshToken
 		gitAuthLink.OAuthRefreshTokenKeyID = arg.OAuthRefreshTokenKeyID
 		gitAuthLink.OAuthExpiry = arg.OAuthExpiry
+		gitAuthLink.OAuthExtra = arg.OAuthExtra
 		q.externalAuthLinks[index] = gitAuthLink
 
 		return gitAuthLink, nil
 
@@ -514,6 +514,7 @@ func UserLink(t testing.TB, db database.Store, orig database.UserLink) database.
 }
 
 func ExternalAuthLink(t testing.TB, db database.Store, orig database.ExternalAuthLink) database.ExternalAuthLink {
+	msg := takeFirst(&orig.OAuthExtra, &pqtype.NullRawMessage{})
 	link, err := db.InsertExternalAuthLink(genCtx, database.InsertExternalAuthLinkParams{
 		ProviderID:             takeFirst(orig.ProviderID, uuid.New().String()),
 		UserID:                 takeFirst(orig.UserID, uuid.New()),
@@ -524,6 +525,7 @@ func ExternalAuthLink(t testing.TB, db database.Store, orig database.ExternalAut
 		OAuthExpiry:            takeFirst(orig.OAuthExpiry, dbtime.Now().Add(time.Hour*24)),
 		CreatedAt:              takeFirst(orig.CreatedAt, dbtime.Now()),
 		UpdatedAt:              takeFirst(orig.UpdatedAt, dbtime.Now()),
+		OAuthExtra:             *msg,
 	})
 
 	require.NoError(t, err, "insert external auth link")
 
@@ -0,0 +1 @@
+ALTER TABLE external_auth_links DROP COLUMN "oauth_extra";
@@ -0,0 +1 @@
+ALTER TABLE external_auth_links ADD COLUMN "oauth_extra" jsonb;
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ALTER TABLE external_auth_links DROP COLUMN "oauth_extra";`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ALTER TABLE external_auth_links ADD COLUMN "oauth_extra" jsonb;`