From f4a27dffd4df3554e54bada70395b5d9ee9a906b Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 17:48:56 +0200
Subject: [PATCH] api: log failure state of OIDC token refresh better

---
 api/src/dooris_api/deps.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/api/src/dooris_api/deps.py b/api/src/dooris_api/deps.py
index c1df75a..fa86c1b 100644
--- a/api/src/dooris_api/deps.py
+++ b/api/src/dooris_api/deps.py
@@ -36,13 +36,14 @@ async def get_current_user(
         )
 
     # if we have a refresh token, try to get new tokens
-    if all(i in req.cookies for i in ("refresh_token", "auth_nonce")):
+    elif all(i in req.cookies for i in ("refresh_token", "auth_nonce")):
         logger.debug(
             "user has been previously authenticated, trying to recover with refresh_token"
         )
         auth_start_time = datetime.now(UTC)
         token_resp = oidc_client.exchange_refresh_token(req.cookies["refresh_token"])
         if isinstance(token_resp, TokenSuccessResponse):
+            logger.debug("successfully got new tokens from refresh token")
             persist_auth_state(oidc_client, resp, token_resp, auth_start_time)
 
             # return the newly gotten info
@@ -50,9 +51,13 @@ async def get_current_user(
             return models.CurrentUser(
                 id_token=id_token, raw_id_token=token_resp.id_token
             )
+        else:
+            logger.debug("failed to exchange refresh token for new access token: %s", token_resp)
 
     # otherwise we can't meaningfully recover any user information or the user is simply not authenticated
-    logger.debug("no currently authenticated user")
+    else:
+        logger.debug("no currently authenticated user")
+
     raise exceptions.HttpProblemException.unauthorized(req.url)