api: log failure state of OIDC token refresh better

2026-05-14 17:48:56 +02:00 · 2026-05-14 17:48:56 +02:00 · f4a27dffd4
commit f4a27dffd4
parent 24e2de8c71
1 changed files with 7 additions and 2 deletions
--- a/api/src/dooris_api/deps.py
+++ b/api/src/dooris_api/deps.py
@ -36,13 +36,14 @@ async def get_current_user(
        )
    # if we have a refresh token, try to get new tokens
-    if all(i in req.cookies for i in ("refresh_token", "auth_nonce")):
+    elif all(i in req.cookies for i in ("refresh_token", "auth_nonce")):
        logger.debug(
            "user has been previously authenticated, trying to recover with refresh_token"
        )
        auth_start_time = datetime.now(UTC)
        token_resp = oidc_client.exchange_refresh_token(req.cookies["refresh_token"])
        if isinstance(token_resp, TokenSuccessResponse):
            logger.debug("successfully got new tokens from refresh token")
            persist_auth_state(oidc_client, resp, token_resp, auth_start_time)
            # return the newly gotten info
@ -50,9 +51,13 @@ async def get_current_user(
            return models.CurrentUser(
                id_token=id_token, raw_id_token=token_resp.id_token
            )
        else:
            logger.debug("failed to exchange refresh token for new access token: %s", token_resp)
    # otherwise we can't meaningfully recover any user information or the user is simply not authenticated
    else:
        logger.debug("no currently authenticated user")
    raise exceptions.HttpProblemException.unauthorized(req.url)