From ff72f0cae585858e400a9bc8f7d3fe1727035c44 Mon Sep 17 00:00:00 2001
From: phil <phil.dev@philome.mooo.com>
Date: Sat, 8 Feb 2025 01:55:36 +0100
Subject: [PATCH] Display full token info

---
 src/oidc_test/auth_utils.py       | 14 +++++++++--
 src/oidc_test/main.py             | 41 +++++++++++++++++++------------
 src/oidc_test/settings.py         |  1 +
 src/oidc_test/static/styles.css   |  4 +--
 src/oidc_test/templates/home.html | 41 ++++++++++++++++++++++---------
 5 files changed, 70 insertions(+), 31 deletions(-)

diff --git a/src/oidc_test/auth_utils.py b/src/oidc_test/auth_utils.py
index 3303e58..26f3779 100644
--- a/src/oidc_test/auth_utils.py
+++ b/src/oidc_test/auth_utils.py
@@ -1,3 +1,4 @@
+import re
 from typing import Union, Annotated
 from functools import wraps
 import logging
@@ -133,9 +134,18 @@ async def get_current_user(request: Request) -> User:
     return user
 
 
+async def get_token_or_none(request: Request) -> OAuth2Token | None:
+    """Return the auth token from the session or None.
+    Can be used in Depends()"""
+    try:
+        return await get_token(request)
+    except HTTPException:
+        return None
+
+
 async def get_token(request: Request) -> OAuth2Token:
-    """Return the token from a request object, from the session.
-    It can be used in Depends()"""
+    """Return the token from the session.
+    Can be used in Depends()"""
     try:
         oidc_provider_settings = oidc_providers_settings[
             request.session.get("oidc_provider_id", "")
diff --git a/src/oidc_test/main.py b/src/oidc_test/main.py
index 47d0c39..4a037eb 100644
--- a/src/oidc_test/main.py
+++ b/src/oidc_test/main.py
@@ -34,6 +34,7 @@ from .auth_utils import (
     get_current_user_or_none,
     authlib_oauth,
     get_providers_info,
+    get_token_or_none,
 )
 from .auth_misc import pretty_details
 from .database import TokenNotInDb, db
@@ -76,6 +77,7 @@ async def home(
     request: Request,
     user: Annotated[User, Depends(get_current_user_or_none)],
     oidc_provider: Annotated[StarletteOAuth2App | None, Depends(get_oidc_provider_or_none)],
+    token: Annotated[OAuth2Token | None, Depends(get_token_or_none)],
 ) -> HTMLResponse:
     now = datetime.now()
     if oidc_provider and (
@@ -101,22 +103,29 @@ async def home(
             logger.info("Invalid token")
             logger.exception(err)
 
-    return templates.TemplateResponse(
-        name="home.html",
-        request=request,
-        context={
-            "settings": settings.model_dump(),
-            "user": user,
-            "access_token_scope": access_token_scope,
-            "now": now,
-            "oidc_provider": oidc_provider,
-            "oidc_provider_settings": oidc_provider_settings,
-            "resources": resources,
-            "user_info_details": (
-                pretty_details(user, now) if user and settings.oidc.show_session_details else None
-            ),
-        },
-    )
+    context = {
+        "settings": settings.model_dump(),
+        "user": user,
+        "access_token_scope": access_token_scope,
+        "now": now,
+        "oidc_provider": oidc_provider,
+        "oidc_provider_settings": oidc_provider_settings,
+        "resources": resources,
+    }
+    if token is None:
+        context["id_token_parsed"] = None
+        context["access_token_parsed"] = None
+        context["refresh_token_parsed"] = None
+    else:
+        assert oidc_provider is not None
+        assert oidc_provider.name is not None
+        oidc_provider_settings = oidc_providers_settings[oidc_provider.name]
+        context["id_token_parsed"] = pretty_details(user, now)
+        context["access_token_parsed"] = oidc_provider_settings.decode(token["access_token"])
+        context["refresh_token_parsed"] = oidc_provider_settings.decode(
+            token["refresh_token"], verify_signature=False
+        )
+    return templates.TemplateResponse(name="home.html", request=request, context=context)
 
 
 # Endpoints for the login / authorization process
diff --git a/src/oidc_test/settings.py b/src/oidc_test/settings.py
index b601739..e448c1e 100644
--- a/src/oidc_test/settings.py
+++ b/src/oidc_test/settings.py
@@ -135,6 +135,7 @@ class Settings(BaseSettings):
     insecure: Insecure = Insecure()
     cors_origins: list[str] = []
     debug_token: bool = False
+    show_token: bool = False
 
     @classmethod
     def settings_customise_sources(
diff --git a/src/oidc_test/static/styles.css b/src/oidc_test/static/styles.css
index 6262d79..367ea99 100644
--- a/src/oidc_test/static/styles.css
+++ b/src/oidc_test/static/styles.css
@@ -73,7 +73,6 @@ hr {
 }
 .debug-auth p {
   border-bottom: 1px solid black;
-  text-align: left;
 }
 .debug-auth ul {
   padding: 0;
@@ -185,8 +184,9 @@ hr {
   font-family: monospace;
 }
 
-.resourceResult {
+.resource {
   padding: 0.5em;
+  display: flex;
   gap: 0.5em;
   flex-direction: column;
   width: fit-content;
diff --git a/src/oidc_test/templates/home.html b/src/oidc_test/templates/home.html
index 92b7068..9da5392 100644
--- a/src/oidc_test/templates/home.html
+++ b/src/oidc_test/templates/home.html
@@ -97,19 +97,38 @@
       </div>
     {% endif %}
   </div>
-  {% if user_info_details %}
-    <hr>
-    <div class="debug-auth">
-      <p>User info</p>
-      <ul>
-        {% for key, value in user_info_details.items() %}
-        <li>
-          <span class="key">{{ key }}</span>: <span class="value">{{ value }}</span>
-        </li>
+  {% if settings.show_token and id_token_parsed %}
+    <div class="token-info">
+      <hr>
+      <div>
+        <h2>id token</h2>
+        <div class="token">
+        {% for key, value in id_token_parsed.items() %}
+          <div>
+            <div class="key">{{ key }}</div>
+            <div class="value">{{ value }}</div>
+          </div>
         {% endfor %}
-      </ul>
+        </div>
+        <h2>access token</h2>
+        <div class="token">
+        {% for key, value in access_token_parsed.items() %}
+          <div>
+            <div class="key">{{ key }}</div>
+            <div class="value">{{ value }}</div>
+          </div>
+        {% endfor %}
+        </div>
+        <h2>refresh token</h2>
+        <div class="token">
+        {% for key, value in refresh_token_parsed.items() %}
+          <div>
+            <div class="key">{{ key }}</div>
+            <div class="value">{{ value }}</div>
+          </div>
+        {% endfor %}
+        </div>
       </div>
-      <div>Now is: {{ now.strftime("%T, %D") }} </div>
     </div>
   {% endif %}
 {% endblock %}