adebaumann/shorefront
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

debug: log userinfo keys and groups claim in OIDC callback
All checks were successful
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 45s
Details
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 1m31s
Details

Browse Source
This commit is contained in:
Adrian A. Baumann
2026-03-01 01:16:26 +01:00
parent 6b340f50cb
commit 740983277f
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/app/api/auth.py
View File

@@ -25,6 +25,12 @@ async def oidc_callback(request: Request, db: Session = Depends(get_db)) -> Redi
userinfo = token.get("userinfo") or {} userinfo = token.get("userinfo") or {}
groups = userinfo.get("groups", []) groups = userinfo.get("groups", [])
import logging as _logging
_logging.getLogger("shorefront.auth").warning(
"OIDC callback — userinfo keys: %s | groups claim: %r",
list(userinfo.keys()),
groups,
)
if FIREWALL_ADMINS_GROUP not in groups: if FIREWALL_ADMINS_GROUP not in groups:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not in firewall admins group") raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not in firewall admins group")

2
helm/shorefront/values.yaml
View File

@@ -42,4 +42,4 @@ keycloak:
redirectUri: https://shorefront.baumann.gr/api/auth/oidc/callback redirectUri: https://shorefront.baumann.gr/api/auth/oidc/callback
containers: containers:
version: "0.005" version: "0.006"