From 13a45c0c5536413cdbd452ed33c3172c5ca993c8 Mon Sep 17 00:00:00 2001
From: Lars Gebhardt-Kusche <lars@kusche.berlin>
Date: Wed, 4 Mar 2026 22:22:16 +0100
Subject: [PATCH] adasd

---
 config/prod/settings.php      |  1 +
 config/staging/settings.php   |  1 +
 public/page/auth_callback.php | 14 ++++++++++++++
 3 files changed, 16 insertions(+)

diff --git a/config/prod/settings.php b/config/prod/settings.php
index b891fe4..26304fc 100755
--- a/config/prod/settings.php
+++ b/config/prod/settings.php
@@ -24,3 +24,4 @@
     define('APP_OIDC_ADMIN_GROUP', 'admin');
     define('APP_OIDC_USER_GROUP', 'family');
     define('APP_DEBUG_TOOL', false);
+    define('APP_AUTH_DEBUG', false);
diff --git a/config/staging/settings.php b/config/staging/settings.php
index 700ab20..9f02897 100755
--- a/config/staging/settings.php
+++ b/config/staging/settings.php
@@ -24,3 +24,4 @@
     define('APP_OIDC_ADMIN_GROUP', 'admin');
     define('APP_OIDC_USER_GROUP', 'family');
     define('APP_DEBUG_TOOL', true);
+    define('APP_AUTH_DEBUG', true);
diff --git a/public/page/auth_callback.php b/public/page/auth_callback.php
index 89a37cf..d249a67 100644
--- a/public/page/auth_callback.php
+++ b/public/page/auth_callback.php
@@ -55,4 +55,18 @@ $user = [
 
 $_SESSION['auth_user'] = $user;
 
+if (defined('APP_AUTH_DEBUG') && APP_AUTH_DEBUG) {
+    $log = [
+        'ts' => date('c'),
+        'sub' => $user['sub'],
+        'email' => $user['email'],
+        'name' => $user['name'],
+        'groups' => $groups,
+        'iss' => $claims['iss'] ?? null,
+        'aud' => $claims['aud'] ?? null,
+        'claim_source' => !empty($groups) ? 'id_token_or_access_token' : 'none',
+    ];
+    @file_put_contents(__DIR__ . '/../../debug/oidc_login.log', json_encode($log) . PHP_EOL, FILE_APPEND);
+}
+
 redirect('/');