From 5eb953199778189e961a5004d7839e2a6d845903 Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Tue, 29 Apr 2025 17:36:02 +0200
Subject: [PATCH] auth: directly use user data from id_token (no user_info
 request)

---
 scopes/web/auth/oidc.py | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/scopes/web/auth/oidc.py b/scopes/web/auth/oidc.py
index 3376cbd..feaaa52 100644
--- a/scopes/web/auth/oidc.py
+++ b/scopes/web/auth/oidc.py
@@ -142,13 +142,12 @@ class Authenticator(DummyFolder):
         tokenUrl = self.params['op_uris']['token_endpoint']
         tokenResponse = requests.post(tokenUrl, data=args)
         tdata =  tokenResponse.json()
-        print('*** token response', tdata)
-        claims = self.getIdTokenData(tdata['id_token'])
-        print('*** token id claims', claims)
-        headers = dict(Authorization='Bearer ' + tdata['access_token'])
-        userInfoUrl = self.params['op_uris']['userinfo_endpoint']
-        userInfo = requests.get(userInfoUrl, headers=headers)
-        userData = userInfo.json()
+        #print('*** token response', tdata)
+        userData = self.getIdTokenData(tdata['id_token'])
+        #print('*** token id claims', userData)
+        #headers = dict(Authorization='Bearer ' + tdata['access_token'])
+        #userInfoUrl = self.params['op_uris']['userinfo_endpoint']
+        #userData = requests.get(userInfoUrl, headers=headers).json()
         #print('*** user data', userData)
         groupInfo = userData.get('urn:zitadel:iam:org:project:roles', {})
         #print('*** group info', groupInfo)