Cleanup

src/oidc_test/main.py

@@ -66,7 +66,7 @@ for provider in settings.oidc.providers:
         name=provider.id,
         server_metadata_url=provider.openid_configuration,
         client_kwargs={
-            "scope": "openid email",  # offline_access profile",
+            "scope": "openid email offline_access profile",
         },
         client_id=provider.client_id,
         client_secret=provider.client_secret,
@@ -170,7 +170,7 @@ async def auth(request: Request, oidc_provider_id: str) -> RedirectResponse:
     except OAuthError as error:
         raise HTTPException(status.HTTP_401_UNAUTHORIZED, detail=error.error)
     # Remember the oidc_provider in the session
-    # logger.debug(f"Scope: {token['scope']}")
+    # logger.info(f"Scope: {token['scope']}")
     request.session["oidc_provider_id"] = oidc_provider_id
     #
     # One could process the full decoded token which contains extra information
@@ -351,9 +351,14 @@ async def get_introspect(
     token: Annotated[OAuth2Token, Depends(get_token)],
 ) -> JSONResponse:
     assert request is not None  # Just to keep QA checks happy
+    if (url := oidc_provider.server_metadata.get("introspection_endpoint")) is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="No intrispection endpoint found for the OIDC provider",
+        )
     if (
         response := await oidc_provider.post(
-            oidc_provider.server_metadata["introspection_endpoint"],
+            url,
             token=token,
             data={"token": token["access_token"]},
         )