diff --git a/public/page/auth_callback.php b/public/page/auth_callback.php
index d249a67..c62d195 100644
--- a/public/page/auth_callback.php
+++ b/public/page/auth_callback.php
@@ -37,6 +37,7 @@ $client->validateIdToken($claims, $nonce);
 unset($_SESSION['oidc_nonce']);
 
 $groups = $client->groupsFromClaims($claims);
+$accessClaims = null;
 if (!$groups && $accessToken !== '') {
     try {
         $accessClaims = $client->decodeJwt($accessToken);
@@ -62,8 +63,15 @@ if (defined('APP_AUTH_DEBUG') && APP_AUTH_DEBUG) {
         'email' => $user['email'],
         'name' => $user['name'],
         'groups' => $groups,
-        'iss' => $claims['iss'] ?? null,
-        'aud' => $claims['aud'] ?? null,
+        'id_token_claims' => $claims,
+        'access_token_claims' => $accessToken ? ($accessClaims ?? null) : null,
+        'token_meta' => [
+            'has_id_token' => $idToken !== '',
+            'has_access_token' => $accessToken !== '',
+            'expires_in' => $token['expires_in'] ?? null,
+            'refresh_expires_in' => $token['refresh_expires_in'] ?? null,
+            'scope' => $token['scope'] ?? null,
+        ],
         'claim_source' => !empty($groups) ? 'id_token_or_access_token' : 'none',
     ];
     @file_put_contents(__DIR__ . '/../../debug/oidc_login.log', json_encode($log) . PHP_EOL, FILE_APPEND);
diff --git a/public/page/debug.php b/public/page/debug.php
index 303ba82..0e54e9e 100644
--- a/public/page/debug.php
+++ b/public/page/debug.php
@@ -39,6 +39,10 @@ if (isset($_GET['raw']) && $_GET['raw'] === '1') {
   <h1 style="margin-top:.75rem;">Debug Logs</h1>
   <p class="muted">Hier kannst du temporäre Log-Files aus dem <code>debug/</code>-Ordner ansehen.</p>
 
+  <div style="margin-top:.5rem;">
+    <a class="nav-link" href="/debug?file=oidc_login.log">OIDC Login</a>
+  </div>
+
   <div style="margin-top:1rem;" class="grid">
     <div class="card" style="background:var(--panel-2);">
       <strong>Logs</strong>