chore: add warning log if misconfigured groups oidc

Emyrk · Emyrk · commit e553d87c6b57 · 2023-06-06T09:23:46.000-05:00
This is not perfect, but if we find a 'groups' claim and it is not
configured, put out a warning log to give some information
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -675,6 +675,12 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	// This conditional is purely to warn the user they might have misconfigured their OIDC
+	// configuration.
+	if _, groupClaimExists := claims["groups"]; !usingGroups && groupClaimExists {
+		api.Logger.Warn(ctx, "'groups' claim was returned, but 'oidc-group-field' is not set, check your coder oidc settings.")
+	}
+
 	// The username is a required property in Coder. We make a best-effort
 	// attempt at using what the claims provide, but if that fails we will
 	// generate a random username.

Original file line number	Diff line number	Diff line change
`@@ -675,6 +675,12 @@ func (api API) userOIDC(rw http.ResponseWriter, r http.Request) {`
`675`	`675`	`}`
`676`	`676`	`}`
`677`	`677`
	`678`	`+ // This conditional is purely to warn the user they might have misconfigured their OIDC`
	`679`	`+ // configuration.`
	`680`	`+ if _, groupClaimExists := claims["groups"]; !usingGroups && groupClaimExists {`
	`681`	`+ api.Logger.Warn(ctx, "'groups' claim was returned, but 'oidc-group-field' is not set, check your coder oidc settings.")`
	`682`	`+ }`
	`683`	`+`
`678`	`684`	`// The username is a required property in Coder. We make a best-effort`
`679`	`685`	`// attempt at using what the claims provide, but if that fails we will`
`680`	`686`	`// generate a random username.`