Display full token info

2025-02-08 01:55:36 +01:00 · 2025-02-08 01:55:36 +01:00 · ff72f0cae5
commit ff72f0cae5
parent 3eb6dc3dcf
5 changed files with 70 additions and 31 deletions
--- a/src/oidc_test/auth_utils.py
+++ b/src/oidc_test/auth_utils.py
@ -1,3 +1,4 @@
+import re
 from typing import Union, Annotated
 from functools import wraps
 import logging
@ -133,9 +134,18 @@ async def get_current_user(request: Request) -> User:
    return user


+async def get_token_or_none(request: Request) -> OAuth2Token | None:
+    """Return the auth token from the session or None.
+    Can be used in Depends()"""
+    try:
+        return await get_token(request)
+    except HTTPException:
+        return None
+
+
 async def get_token(request: Request) -> OAuth2Token:
-    """Return the token from a request object, from the session.
-    It can be used in Depends()"""
+    """Return the token from the session.
+    Can be used in Depends()"""
    try:
        oidc_provider_settings = oidc_providers_settings[
            request.session.get("oidc_provider_id", "")
--- a/src/oidc_test/main.py
+++ b/src/oidc_test/main.py
@ -34,6 +34,7 @@ from .auth_utils import (
    get_current_user_or_none,
    authlib_oauth,
    get_providers_info,
+    get_token_or_none,
 )
 from .auth_misc import pretty_details
 from .database import TokenNotInDb, db
@ -76,6 +77,7 @@ async def home(
    request: Request,
    user: Annotated[User, Depends(get_current_user_or_none)],
    oidc_provider: Annotated[StarletteOAuth2App | None, Depends(get_oidc_provider_or_none)],
+    token: Annotated[OAuth2Token | None, Depends(get_token_or_none)],
 ) -> HTMLResponse:
    now = datetime.now()
    if oidc_provider and (
@ -101,22 +103,29 @@ async def home(
            logger.info("Invalid token")
            logger.exception(err)

-    return templates.TemplateResponse(
-        name="home.html",
-        request=request,
-        context={
-            "settings": settings.model_dump(),
-            "user": user,
-            "access_token_scope": access_token_scope,
-            "now": now,
-            "oidc_provider": oidc_provider,
-            "oidc_provider_settings": oidc_provider_settings,
-            "resources": resources,
-            "user_info_details": (
-                pretty_details(user, now) if user and settings.oidc.show_session_details else None
-            ),
-        },
-    )
+    context = {
+        "settings": settings.model_dump(),
+        "user": user,
+        "access_token_scope": access_token_scope,
+        "now": now,
+        "oidc_provider": oidc_provider,
+        "oidc_provider_settings": oidc_provider_settings,
+        "resources": resources,
+    }
+    if token is None:
+        context["id_token_parsed"] = None
+        context["access_token_parsed"] = None
+        context["refresh_token_parsed"] = None
+    else:
+        assert oidc_provider is not None
+        assert oidc_provider.name is not None
+        oidc_provider_settings = oidc_providers_settings[oidc_provider.name]
+        context["id_token_parsed"] = pretty_details(user, now)
+        context["access_token_parsed"] = oidc_provider_settings.decode(token["access_token"])
+        context["refresh_token_parsed"] = oidc_provider_settings.decode(
+            token["refresh_token"], verify_signature=False
+        )
+    return templates.TemplateResponse(name="home.html", request=request, context=context)


 # Endpoints for the login / authorization process
--- a/src/oidc_test/settings.py
+++ b/src/oidc_test/settings.py
@ -135,6 +135,7 @@ class Settings(BaseSettings):
    insecure: Insecure = Insecure()
    cors_origins: list[str] = []
    debug_token: bool = False
+    show_token: bool = False

    @classmethod
    def settings_customise_sources(
--- a/src/oidc_test/static/styles.css
+++ b/src/oidc_test/static/styles.css
@ -73,7 +73,6 @@ hr {
 }
 .debug-auth p {
  border-bottom: 1px solid black;
-  text-align: left;
 }
 .debug-auth ul {
  padding: 0;
@ -185,8 +184,9 @@ hr {
  font-family: monospace;
 }

-.resourceResult {
+.resource {
  padding: 0.5em;
+  display: flex;
  gap: 0.5em;
  flex-direction: column;
  width: fit-content;
--- a/src/oidc_test/templates/home.html
+++ b/src/oidc_test/templates/home.html
@ -97,19 +97,38 @@
      </div>
    {% endif %}
  </div>
-  {% if user_info_details %}
-    <hr>
-    <div class="debug-auth">
-      <p>User info</p>
-      <ul>
-        {% for key, value in user_info_details.items() %}
-        <li>
-          <span class="key">{{ key }}</span>: <span class="value">{{ value }}</span>
-        </li>
+  {% if settings.show_token and id_token_parsed %}
+    <div class="token-info">
+      <hr>
+      <div>
+        <h2>id token</h2>
+        <div class="token">
+        {% for key, value in id_token_parsed.items() %}
+          <div>
+            <div class="key">{{ key }}</div>
+            <div class="value">{{ value }}</div>
+          </div>
        {% endfor %}
-      </ul>
+        </div>
+        <h2>access token</h2>
+        <div class="token">
+        {% for key, value in access_token_parsed.items() %}
+          <div>
+            <div class="key">{{ key }}</div>
+            <div class="value">{{ value }}</div>
+          </div>
+        {% endfor %}
+        </div>
+        <h2>refresh token</h2>
+        <div class="token">
+        {% for key, value in refresh_token_parsed.items() %}
+          <div>
+            <div class="key">{{ key }}</div>
+            <div class="value">{{ value }}</div>
+          </div>
+        {% endfor %}
+        </div>
      </div>
-      <div>Now is: {{ now.strftime("%T, %D") }} </div>
    </div>
  {% endif %}
 {% endblock %}