Manage user roles via OAuth and update user informations with every login

[agreiner007]

Hey, we are using OAuth to login via a custom provider to our statamic page.
We want a way to manage the roles of an user in statamic via our custom provider.
Currently we use this custom provider set up in statamic:

<?php

namespace App\C;

use GuzzleHttp\RequestOptions;
use SocialiteProviders\Manager\OAuth2\AbstractProvider;
use SocialiteProviders\Manager\OAuth2\User;

class CProvider extends AbstractProvider
{
    protected function getAuthUrl($state): string
    {
        return $this->buildAuthUrlFromBase(
            'http://c.test/oauth/authorize',
            $state
        );
    }

    protected function getTokenUrl(): string
    {
        return 'http://c.test/oauth/access_token';
    }

    protected function getUserByToken($token)
    {
        $response = $this->getHttpClient()->get(
            'http://c.test/oauth/userinfo',
            [
                RequestOptions::HEADERS => [
                    'Authorization' => 'Bearer '.$token,
                ],
            ]
        );

        return json_decode((string) $response->getBody(), true);
    }

    protected function mapUserToObject(array $user): \Laravel\Socialite\Two\User|User
    {
        return (new User())->setRaw($user)->map([
            'id' => $user['data']['id'],
            'nickname' => $user['data']['firstName'],
            'name' => $user['data']['firstName'] . ' ' . $user['data']['lastName'],
            'email' => $user['data']['email'],
            'avatar' => $user['data']['imageUrl'] ?? null,
        ]);
    }
}

and we added this to register in the AppServiceProvider:

OAuth::provider('c')->withUserData(function ($user) {
            return [
                'name' => $user->getName(),
                'avatar' => $user->getEmail().'.png',
                'created_at' => now()->format('Y-m-d'),
                'roles' => ['admin']
            ];
        });

So what is the right way here to set the roles of an user?
Another thing we noticed was:
If the users information e.g. name changed at our custom providers end, how will the changes propagate to statamic?
This will be crucial if we manage user roles at our custom provider.

Is OAuth even the right workflow here?
Thanks for your answers 🙂

[edalzell]

So what is the right way here to set the roles of an user?

Not quite sure what you're asking

[agreiner007]

Sorry for the bad description of my problem.
Our custom provider should be used to configure what the user is allowed to do in statamic (the users role e.g. admin).
We can simply check the user data in AppServiceProvider in OAuth::provider('c')->withUserData(function ($user)... to set the users role.

[edalzell]

If the users information e.g. name changed at our custom providers end, how will the changes propagate to statamic?

When they log in via oauth, you get the full user right? Can you check that against the statamic user and update if needed?

[agreiner007]

Yes I can do that. I wasn't sure whats the right way to do this. Or if there is common way to do a user update after a new OAuth login.