asaS

2026-03-04 22:25:31 +01:00
parent 13a45c0c55
commit c4b317d047
2 changed files with 14 additions and 2 deletions
--- a/public/page/auth_callback.php
+++ b/public/page/auth_callback.php
@@ -37,6 +37,7 @@ $client->validateIdToken($claims, $nonce);
 unset($_SESSION['oidc_nonce']);

 $groups = $client->groupsFromClaims($claims);
+$accessClaims = null;
 if (!$groups && $accessToken !== '') {
    try {
        $accessClaims = $client->decodeJwt($accessToken);
@@ -62,8 +63,15 @@ if (defined('APP_AUTH_DEBUG') && APP_AUTH_DEBUG) {
        'email' => $user['email'],
        'name' => $user['name'],
        'groups' => $groups,
-        'iss' => $claims['iss'] ?? null,
-        'aud' => $claims['aud'] ?? null,
+        'id_token_claims' => $claims,
+        'access_token_claims' => $accessToken ? ($accessClaims ?? null) : null,
+        'token_meta' => [
+            'has_id_token' => $idToken !== '',
+            'has_access_token' => $accessToken !== '',
+            'expires_in' => $token['expires_in'] ?? null,
+            'refresh_expires_in' => $token['refresh_expires_in'] ?? null,
+            'scope' => $token['scope'] ?? null,
+        ],
        'claim_source' => !empty($groups) ? 'id_token_or_access_token' : 'none',
    ];
    @file_put_contents(__DIR__ . '/../../debug/oidc_login.log', json_encode($log) . PHP_EOL, FILE_APPEND);
--- a/public/page/debug.php
+++ b/public/page/debug.php
@@ -39,6 +39,10 @@ if (isset($_GET['raw']) && $_GET['raw'] === '1') {
  <h1 style="margin-top:.75rem;">Debug Logs</h1>
  <p class="muted">Hier kannst du temporäre Log-Files aus dem <code>debug/</code>-Ordner ansehen.</p>

+  <div style="margin-top:.5rem;">
+    <a class="nav-link" href="/debug?file=oidc_login.log">OIDC Login</a>
+  </div>
+
  <div style="margin-top:1rem;" class="grid">
    <div class="card" style="background:var(--panel-2);">
      <strong>Logs</strong>