feat: add endpoint and CLI for users to view their own OIDC claims (#23053)

- Adds a new API endpoint `GET /api/v2/users/oidc-claims` that returns only the **merged claims** (not the separate id_token/userinfo breakdown). Scoped exclusively to the authenticated user's own identity — no user parameter, so users cannot view each other's claims. - Adds a new CLI command:** `coder users oidc-claims` that hits the above endpoint. - The existing owner-only debug endpoint is preserved unchanged for admins who need the full claim breakdown. > 🤖 This PR was created with the help of Coder Agents, and will be reviewed by my human. 🧑‍💻
2026-06-02 20:48:20 +00:00 · 2026-03-18 22:10:04 +00:00
parent a6856320f9
commit be1c06dec9
15 changed files with 524 additions and 19 deletions
@@ -8,16 +8,17 @@ USAGE:
  Aliases: user

 SUBCOMMANDS:
-    activate      Update a user's status to 'active'. Active users can fully
-                  interact with the platform
-    create        Create a new user.
-    delete        Delete a user by username or user_id.
-    edit-roles    Edit a user's roles by username or id
-    list          Prints the list of users.
-    show          Show a single user. Use 'me' to indicate the currently
-                  authenticated user.
-    suspend       Update a user's status to 'suspended'. A suspended user cannot
-                  log into the platform
+    activate       Update a user's status to 'active'. Active users can fully
+                   interact with the platform
+    create         Create a new user.
+    delete         Delete a user by username or user_id.
+    edit-roles     Edit a user's roles by username or id
+    list           Prints the list of users.
+    oidc-claims    Display the OIDC claims for the authenticated user.
+    show           Show a single user. Use 'me' to indicate the currently
+                   authenticated user.
+    suspend        Update a user's status to 'suspended'. A suspended user
+                   cannot log into the platform

 ———
 Run `coder --help` for a list of global options.
@@ -0,0 +1,24 @@
+coder v0.0.0-devel
+
+USAGE:
+  coder users oidc-claims [flags]
+
+  Display the OIDC claims for the authenticated user.
+
+    - Display your OIDC claims:
+  
+       $ coder users oidc-claims
+  
+    - Display your OIDC claims as JSON:
+  
+       $ coder users oidc-claims -o json
+
+OPTIONS:
+  -c, --column [key|value] (default: key,value)
+          Columns to display in table output.
+
+  -o, --output table|json (default: table)
+          Output format.
+
+———
+Run `coder --help` for a list of global options.