-- accounts: cdrop-side thin account data (AUTH.md 2.1). Keyed on user_id (= OIDC -- sub). No credentials live here; password / second factor stay at the OAuth -- provider. Upserted on every successful OIDC exchange. -- -- ASCII only: sqlc 1.31.x miscomputes byte offsets on multibyte comments and -- corrupts every generated SQL const in the file. Keep this file pure ASCII. -- name: UpsertAccount :exec INSERT INTO accounts (user_id, match_key, display_name, avatar_url, roles, provider, created_at, last_login_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON CONFLICT(user_id) DO UPDATE SET match_key = excluded.match_key, display_name = excluded.display_name, avatar_url = excluded.avatar_url, roles = excluded.roles, provider = excluded.provider, last_login_at = excluded.last_login_at; -- name: GetAccount :one SELECT user_id, match_key, display_name, avatar_url, roles, provider, created_at, last_login_at FROM accounts WHERE user_id = ?;