Issue #2815 - Fix privacy provider table coverage for auth_oidc_sid

auth/oidc/classes/privacy/provider.php

@@ -76,6 +76,11 @@ public static function get_metadata(collection $collection): collection {
                 'refreshtoken',
                 'idtoken',
             ],
+            'auth_oidc_sid' => [
+                'userid',
+                'sid',
+                'timecreated',
+            ],
         ];
 
         foreach ($tables as $table => $fields) {
@@ -116,6 +121,13 @@ public static function get_contexts_for_userid(int $userid): contextlist {
         $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER];
         $contextlist->add_from_sql($sql, $params);
 
+        $sql = "SELECT ctx.id
+                  FROM {auth_oidc_sid} si
+                  JOIN {context} ctx ON ctx.instanceid = si.userid AND ctx.contextlevel = :contextlevel
+                 WHERE si.userid = :userid";
+        $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER];
+        $contextlist->add_from_sql($sql, $params);
+
         return $contextlist;
     }
 
@@ -151,6 +163,15 @@ public static function get_users_in_context(\core_privacy\local\request\userlist
                        AND ctx.contextlevel = :contextuser
                  WHERE ctx.id = :contextid";
         $userlist->add_from_sql('userid', $sql, $params);
+
+        $sql = "SELECT ctx.instanceid as userid
+                  FROM {auth_oidc_sid} si
+                  JOIN {context} ctx
+                       ON ctx.instanceid = si.userid
+                       AND ctx.contextlevel = :contextuser
+                 WHERE ctx.id = :contextid";
+        $userlist->add_from_sql('userid', $sql, $params);
+
     }
 
     /**
@@ -184,6 +205,7 @@ protected static function get_table_user_map(\stdClass $user): array {
         $tables = [
             'auth_oidc_prevlogin' => ['userid' => $user->id],
             'auth_oidc_token' => ['userid' => $user->id],
+            'auth_oidc_sid' => ['userid' => $user->id],
         ];
         return $tables;
     }
@@ -224,6 +246,7 @@ private static function delete_user_data(int $userid) {
         global $DB;
         $DB->delete_records('auth_oidc_prevlogin', ['userid' => $userid]);
         $DB->delete_records('auth_oidc_token', ['userid' => $userid]);
+        $DB->delete_records('auth_oidc_sid', ['userid' => $userid]);
     }
 
     /**

auth/oidc/lang/en/auth_oidc.php

@@ -301,6 +301,10 @@
 $string['privacy:metadata:auth_oidc_token:expiry'] = 'The token expiry';
 $string['privacy:metadata:auth_oidc_token:refreshtoken'] = 'The refresh token';
 $string['privacy:metadata:auth_oidc_token:idtoken'] = 'The ID token';
+$string['privacy:metadata:auth_oidc_sid'] = 'Stores sid from IdP';
+$string['privacy:metadata:auth_oidc_sid:userid'] = 'The user ID of the Moodle user';
+$string['privacy:metadata:auth_oidc_sid:sid'] = 'The sid from IdP';
+$string['privacy:metadata:auth_oidc_sid:timecreated'] = 'The time created';
 
 // In the following strings, $a refers to a customizable name for the identity manager. For example, this could be
 // "Microsoft 365", "OpenID Connect", etc.