adebaumann/shorefront
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

debug: decode and log raw ID token payload in OIDC callback

Browse Source
This commit is contained in:
Adrian A. Baumann
2026-03-01 01:24:06 +01:00
parent 388e945343
commit 59d9b438a1
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/app/api/auth.py
View File

@@ -25,6 +25,20 @@ async def oidc_callback(request: Request, db: Session = Depends(get_db)) -> Redi
userinfo = token.get("userinfo") or {} userinfo = token.get("userinfo") or {}
groups = userinfo.get("groups", []) groups = userinfo.get("groups", [])
import logging as _logging, base64 as _b64, json as _json
_log = _logging.getLogger("shorefront.auth")
_log.warning("userinfo keys: %s | groups: %r", list(userinfo.keys()), groups)
_raw = token.get("id_token", "")
if _raw:
try:
_payload = _raw.split(".")[1]
_payload += "=" * (-len(_payload) % 4)
_id_claims = _json.loads(_b64.b64decode(_payload))
_log.warning("ID token claims: %s", _id_claims)
except Exception as _e:
_log.warning("Could not decode id_token: %s", _e)
if FIREWALL_ADMINS_GROUP not in groups: if FIREWALL_ADMINS_GROUP not in groups:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not in firewall admins group") raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not in firewall admins group")