OAuth2 tweaks

2026-02-06 10:47:04 +00:00 · 2025-12-02 01:11:17 +01:00 · 2025-12-02 01:11:17 +01:00 · 4a5239e5aa
commit 4a5239e5aa
parent f450946ca6
3 changed files with 26 additions and 0 deletions
--- a/server/controllers/RequestController.ts
+++ b/server/controllers/RequestController.ts
@ -45,8 +45,17 @@ export class OBPController {
    const path = request.query.path
    const oauthConfig = session['clientConfig']

+    // Debug logging
+    console.log('RequestController.get - Path:', path)
+    console.log('RequestController.get - Has session:', !!session)
+    console.log('RequestController.get - Has clientConfig:', !!oauthConfig)
+    console.log('RequestController.get - Has oauth2:', !!oauthConfig?.oauth2)
+    console.log('RequestController.get - Has accessToken:', !!oauthConfig?.oauth2?.accessToken)
+    console.log('RequestController.get - Session keys:', Object.keys(session || {}))
+
    // Check if user is authenticated
    if (!oauthConfig || !oauthConfig.oauth2?.accessToken) {
+      console.log('RequestController.get - User not authenticated')
      return response.status(401).json({
        code: 401,
        message: 'OBP-20001: User not logged in. Authentication is required!'
--- a/server/controllers/UserController.ts
+++ b/server/controllers/UserController.ts
@ -61,6 +61,8 @@ export class UserController {
    delete session['oauth2_token_timestamp']
    delete session['oauth2_user_info']
    delete session['oauth2_user']
+    delete session['clientConfig']
+    delete session['opeyConfig']

    // Destroy the session completely
    session.destroy((err: any) => {
--- a/server/middlewares/OAuth2CallbackMiddleware.ts
+++ b/server/middlewares/OAuth2CallbackMiddleware.ts
@ -263,6 +263,21 @@ export default class OAuth2CallbackMiddleware implements ExpressMiddlewareInterf
      console.log('OAuth2CallbackMiddleware: Fetching user info')
      const userInfo = await this.oauth2Service.getUserInfo(tokens.accessToken)

+      // Debug: Decode access token to see what user ID OBP-API will see
+      try {
+        const accessTokenDecoded: any = jwt.decode(tokens.accessToken)
+        console.log('\n\n========================================')
+        console.log('🔍 ACCESS TOKEN DECODED - THIS IS WHAT OBP-API SEES')
+        console.log('========================================')
+        console.log('  sub (user ID):', accessTokenDecoded?.sub)
+        console.log('  email:', accessTokenDecoded?.email)
+        console.log('  preferred_username:', accessTokenDecoded?.preferred_username)
+        console.log('  Full payload:', JSON.stringify(accessTokenDecoded, null, 2))
+        console.log('========================================\n\n')
+      } catch (error) {
+        console.warn('OAuth2CallbackMiddleware: Failed to decode access token:', error)
+      }
+
      // Store tokens in session
      session['oauth2_access_token'] = tokens.accessToken
      session['oauth2_refresh_token'] = tokens.refreshToken || null