SSO: store extra user information in the home database

[fflorent]

I start this discussion, with the hope to get some feedback.

At the ANCT, we would like to store some extra user information in the database, with the aim to detect through queries some illegitimate users who use our instance and remove access a posteriori.

We have thought of introducing some extra column in the users table which would just store JSON objects. The properties to store in the extra object could be defined in the environment variable (that could be crucial for admins so they comply with the GDPR if they have to).

[fflorent]

Also it might be interesting to expose the extra object so it can be used in the ACL formulas. (I say might because part of me is reluctant to expose this information to anyone, even if we ask to the administrator to be careful because a document owner can access it)

[paulfitz]

This may overlap somewhat with the options column:

grist-core/app/gen-server/entity/User.ts

Lines 52 to 53 in e8789e6

	@Column({name: 'options', type: nativeValues.jsonEntityType, nullable: true})
	public options: UserOptions | null;

Which so far stores this kind of information:

grist-core/app/common/UserAPI.ts

Lines 167 to 178 in e8789e6

	// Non-core options for a user.
	export interface UserOptions {
	// Whether signing in with Google is allowed. Defaults to true if unset.
	allowGoogleLogin?: boolean;
	// The "sub" (subject) from the JWT issued by the password-based authentication provider.
	authSubject?: string;
	// Whether user is a consultant. Consultant users can be added to sites
	// without being counted for billing. Defaults to false if unset.
	isConsultant?: boolean;
	// Locale selected by the user. Defaults to 'en' if unset.
	locale?: string;
	}

Maybe you could carve out an area within it for what you want?

[fflorent]

Started working on this (timeboxed), I could add the extra info (user.options.extra) but it is not saved yet.