From 740983277fbad400d017828a5d3909bf22c406a2 Mon Sep 17 00:00:00 2001
From: "Adrian A. Baumann" <ade@adebaumann.com>
Date: Sun, 1 Mar 2026 01:16:26 +0100
Subject: [PATCH] debug: log userinfo keys and groups claim in OIDC callback

---
 backend/app/api/auth.py     | 6 ++++++
 helm/shorefront/values.yaml | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py
index adb4869..433e162 100644
--- a/backend/app/api/auth.py
+++ b/backend/app/api/auth.py
@@ -25,6 +25,12 @@ async def oidc_callback(request: Request, db: Session = Depends(get_db)) -> Redi
 
     userinfo = token.get("userinfo") or {}
     groups = userinfo.get("groups", [])
+    import logging as _logging
+    _logging.getLogger("shorefront.auth").warning(
+        "OIDC callback — userinfo keys: %s | groups claim: %r",
+        list(userinfo.keys()),
+        groups,
+    )
     if FIREWALL_ADMINS_GROUP not in groups:
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not in firewall admins group")
 
diff --git a/helm/shorefront/values.yaml b/helm/shorefront/values.yaml
index 29242f3..b97bde1 100644
--- a/helm/shorefront/values.yaml
+++ b/helm/shorefront/values.yaml
@@ -42,4 +42,4 @@ keycloak:
   redirectUri: https://shorefront.baumann.gr/api/auth/oidc/callback
 
 containers:
-  version: "0.005"
+  version: "0.006"