Decode access token, refactor

src/oidc_test/main.py

@@ -187,11 +187,20 @@ async def auth(request: Request, oidc_provider_id: str) -> RedirectResponse:
         # Build and remember the user in the session
         request.session["user_sub"] = sub
         # Store the user in the database
+        try:
+            oidc_provider_settings = oidc_providers_settings[oidc_provider_id]
+            access_token = oidc_provider_settings.decode(token["access_token"])
+        except Exception:
+            raise HTTPException(
+                status.HTTP_401_UNAUTHORIZED,
+                detail="Cannot decode token or verify its signature",
+            )
         user = await db.add_user(
             sub,
             user_info=userinfo,
             oidc_provider=oidc_provider,
             user_info_from_endpoint=user_info_from_endpoint,
+            access_token=access_token,
         )
         # Add the id_token to the session
         request.session["token"] = token["id_token"]
@@ -213,14 +222,14 @@ async def account(
     oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)],
 ) -> RedirectResponse:
     if (
-        provider := oidc_providers_settings.get(
+        oidc_provider_settings := oidc_providers_settings.get(
             request.session.get("oidc_provider_id", "")
         )
     ) is None:
         raise HTTPException(
-            status.HTTP_406_NOT_ACCEPTABLE, detail="No oidc provider setting"
+            status.HTTP_406_NOT_ACCEPTABLE, detail="No oidc provider settings"
         )
-    return RedirectResponse(f"{provider.account_url}")
+    return RedirectResponse(f"{oidc_provider_settings.account_url}")
 
 
 @app.get("/logout")