From ec095a395587c2a3f5bca7d9bfc1e75cad8d37a6 Mon Sep 17 00:00:00 2001
From: Derek Wright <derekmwright@gmail.com>
Date: Thu, 18 Dec 2025 14:04:26 -0500
Subject: [PATCH] fix auth stuff

---
 auth/auth0/handlers.go | 32 +++++++++++++++++++++++++++++---
 auth/auth0/session.go  | 25 +++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 3 deletions(-)
 create mode 100644 auth/auth0/session.go

diff --git a/auth/auth0/handlers.go b/auth/auth0/handlers.go
index 6b497ea..0657e41 100644
--- a/auth/auth0/handlers.go
+++ b/auth/auth0/handlers.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/rand"
 	"encoding/base64"
+	"encoding/json"
 	"net/http"
 	"net/url"
 
@@ -92,14 +93,39 @@ func HandleCallback(deps *deps) http.HandlerFunc {
 			return
 		}
 
-		var profile map[string]any
-		if err = idToken.Claims(&profile); err != nil {
+		var rawClaims map[string]json.RawMessage
+		if err = idToken.Claims(&rawClaims); err != nil {
 			deps.log.Error("unable to decode ID token claims", "error", err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		deps.sessions.Put(r.Context(), "user", profile)
+		var user SessionUser
+		if sub, ok := rawClaims["sub"]; ok {
+			json.Unmarshal(sub, &user)
+		}
+		if name, ok := rawClaims["name"]; ok {
+			json.Unmarshal(name, &user.Name)
+		}
+		if email, ok := rawClaims["email"]; ok {
+			json.Unmarshal(email, &user.Email)
+		}
+		if picture, ok := rawClaims["picture"]; ok {
+			json.Unmarshal(picture, &user.Picture)
+		}
+
+		customMap := make(map[string]json.RawMessage)
+		for k, v := range rawClaims {
+			if k != "sub" && k != "name" && k != "email" && k != "picture" {
+				customMap[k] = v
+			}
+		}
+
+		if len(customMap) > 0 {
+			user.Custom, _ = json.Marshal(customMap)
+		}
+
+		deps.sessions.Put(r.Context(), "user", user)
 		deps.sessions.Put(r.Context(), "access_token", token.AccessToken)
 
 		http.Redirect(w, r, "/", http.StatusFound)
diff --git a/auth/auth0/session.go b/auth/auth0/session.go
new file mode 100644
index 0000000..e9a29e8
--- /dev/null
+++ b/auth/auth0/session.go
@@ -0,0 +1,25 @@
+package auth0
+
+import "encoding/json"
+
+type SessionUser struct {
+	Sub     string `json:"sub"`
+	Name    string `json:"name"`
+	Email   string `json:"email"`
+	Picture string `json:"picture"`
+
+	Custom json.RawMessage `json:"-"`
+}
+
+func (u *SessionUser) CustomClaims() (map[string]any, error) {
+	if len(u.Custom) == 0 {
+		return nil, nil
+	}
+
+	var claims map[string]any
+	if err := json.Unmarshal(u.Custom, &claims); err != nil {
+		return nil, err
+	}
+
+	return claims, nil
+}