mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-01-25 22:19:53 -06:00
c0e0fd2d17
The OIDC callback was failing because parse_id_token() was called without the required 'nonce' parameter, causing authentication to fail with a TypeError. This prevented the issuer (iss) claim from being extracted, which is required for successful OIDC login. Changes: - Check if ID token claims are already available in the token response under 'userinfo' key (parsed by Authlib during authorize_access_token) - If not available, retrieve nonce from session and pass it to parse_id_token() method - This ensures the issuer and subject claims are properly extracted from the ID token instead of only relying on the userinfo endpoint The issuer claim is only present in the ID token, not the userinfo endpoint, so proper ID token parsing is essential for authentication. Fixes #<issue_number>