better logging

GitTimeraider · web-flow · commit 4a9d87979314 · 2025-11-14T13:37:22.000+01:00
diff --git a/app/routes.py b/app/routes.py
@@ -1036,7 +1036,31 @@ def oidc_callback():
         user_info = token.get('userinfo')
         if not user_info:
             # Try to get userinfo from the token
-            user_info = oidc_client.parse_id_token(token)
+            try:
+                user_info = oidc_client.parse_id_token(token)
+            except Exception as parse_error:
+                current_app.logger.error(f"Failed to parse ID token: {parse_error}")
+                # Try fetching userinfo from endpoint if available
+                if oidc_config.userinfo_endpoint:
+                    try:
+                        import requests
+                        access_token = token.get('access_token')
+                        if access_token:
+                            response = requests.get(
+                                oidc_config.userinfo_endpoint,
+                                headers={'Authorization': f'Bearer {access_token}'},
+                                timeout=10
+                            )
+                            if response.status_code == 200:
+                                user_info = response.json()
+                            else:
+                                current_app.logger.error(f"UserInfo endpoint returned {response.status_code}: {response.text}")
+                    except Exception as userinfo_error:
+                        current_app.logger.error(f"Failed to fetch userinfo: {userinfo_error}")
+                
+                if not user_info:
+                    flash('Failed to retrieve user information from identity provider.', 'error')
+                    return redirect(url_for('main.login'))
         
         # Get mapping configuration from session
         mapping_field = session.get('oidc_mapping_field', 'email')
@@ -1099,6 +1123,6 @@ def oidc_callback():
         return redirect(url_for('main.dashboard'))
         
     except Exception as e:
-        current_app.logger.error(f"Error in OIDC callback: {e}")
-        flash('An error occurred during login. Please try again or contact your administrator.', 'error')
+        current_app.logger.error(f"Error in OIDC callback: {e}", exc_info=True)
+        flash(f'An error occurred during login: {str(e)}. Please try again or contact your administrator.', 'error')
         return redirect(url_for('main.login'))
