{% extends "base.html" %} {% from "components/ui.html" import page_header, breadcrumb_nav, button, filter_badge %} {% block title %}{{ _('OIDC Debug Dashboard') }} - {{ app_name }}{% endblock %} {% block content %} {% set breadcrumbs = [ {'text': _('Admin'), 'url': url_for('admin.admin_dashboard')}, {'text': _('OIDC Settings')} ] %} {{ page_header( icon_class='fas fa-shield-alt', title_text=_('OIDC Debug Dashboard'), subtitle_text=_('Inspect configuration, provider metadata and OIDC users'), breadcrumbs=breadcrumbs, actions_html='' + _('Test Configuration') + '' ) }}

{{ _('OIDC Configuration') }}

{{ _('Status') }}
{% if oidc_config.enabled %} {{ _('Enabled') }} {% else %} {{ _('Disabled') }} {% endif %}
{{ _('Auth Method') }}
{{ oidc_config.auth_method }}
{{ _('Issuer') }}
{% if oidc_config.issuer %}{{ oidc_config.issuer }}{% else %}{{ _('Not configured') }}{% endif %}
{{ _('Client ID') }}
{% if oidc_config.client_id %}{{ oidc_config.client_id }}{% else %}{{ _('Not configured') }}{% endif %}
{{ _('Client Secret') }}
{% if oidc_config.client_secret_set %}{{ _('Set') }}{% else %}{{ _('Not set') }}{% endif %}
{{ _('Redirect URI') }}
{% if oidc_config.redirect_uri %}{{ oidc_config.redirect_uri }}{% else %}{{ _('Auto-generated') }}{% endif %}
{{ _('Scopes') }}
{{ oidc_config.scopes }}

{{ _('Claim Mapping') }}

{{ _('Username Claim') }}
{{ oidc_config.username_claim }}
{{ _('Email Claim') }}
{{ oidc_config.email_claim }}
{{ _('Full Name Claim') }}
{{ oidc_config.full_name_claim }}
{{ _('Groups Claim') }}
{{ oidc_config.groups_claim }}
{{ _('Admin Group') }}
{% if oidc_config.admin_group %}{{ oidc_config.admin_group }}{% else %}{{ _('Not configured') }}{% endif %}
{{ _('Admin Emails') }}
{% if oidc_config.admin_emails %}{% for email in oidc_config.admin_emails %}{{ email }}{% endfor %}{% else %}{{ _('Not configured') }}{% endif %}
{{ _('Post-Logout URI') }}
{% if oidc_config.post_logout_redirect %}{{ oidc_config.post_logout_redirect }}{% else %}{{ _('Auto-generated') }}{% endif %}
{% if oidc_config.enabled and oidc_config.issuer %}

{{ _('Provider Metadata') }}

{% if metadata_error %}
{{ _('Error loading metadata:') }} {{ metadata_error }}
{% if well_known_url %}

{{ _('Discovery endpoint:') }} {{ well_known_url }}

{% endif %} {% elif metadata %}
{{ _('Successfully loaded provider metadata') }}

{{ _('Endpoints') }}

{% if metadata.authorization_endpoint %}
{{ _('Authorization') }}
{{ metadata.authorization_endpoint }}
{% endif %} {% if metadata.token_endpoint %}
{{ _('Token') }}
{{ metadata.token_endpoint }}
{% endif %} {% if metadata.userinfo_endpoint %}
{{ _('UserInfo') }}
{{ metadata.userinfo_endpoint }}
{% endif %} {% if metadata.end_session_endpoint %}
{{ _('End Session') }}
{{ metadata.end_session_endpoint }}
{% endif %} {% if metadata.jwks_uri %}
{{ _('JWKS URI') }}
{{ metadata.jwks_uri }}
{% endif %}

{{ _('Supported Features') }}

{% if metadata.scopes_supported %}
{{ _('Scopes') }}
{{ metadata.scopes_supported|join(', ') }}
{% endif %} {% if metadata.response_types_supported %}
{{ _('Response Types') }}
{{ metadata.response_types_supported|join(', ') }}
{% endif %} {% if metadata.grant_types_supported %}
{{ _('Grant Types') }}
{{ metadata.grant_types_supported|join(', ') }}
{% endif %} {% if metadata.token_endpoint_auth_methods_supported %}
{{ _('Auth Methods') }}
{{ metadata.token_endpoint_auth_methods_supported|join(', ') }}
{% endif %} {% if metadata.claims_supported %}
{{ _('Claims') }}
{{ metadata.claims_supported|join(', ') }}
{% endif %}
{% if well_known_url %}
{{ _('Discovery endpoint:') }} {{ well_known_url }}
{% endif %} {% else %}

{{ _('Provider metadata not loaded. Click "Test Configuration" to fetch.') }}

{% endif %}
{% endif %}

{{ _('OIDC Users') }} ({{ oidc_users|length }})

{% if oidc_users %}
{% for user in oidc_users %} {% endfor %}
{{ _('Username') }} {{ _('Email') }} {{ _('Full Name') }} {{ _('Role') }} {{ _('Last Login') }} {{ _('OIDC Subject') }} {{ _('Actions') }}
{{ user.username }} {% if not user.is_active %}{{ _('Inactive') }}{% endif %} {{ user.email or '-' }} {{ user.full_name or '-' }} {% if user.is_admin %}{{ _('Admin') }}{% else %}{{ _('User') }}{% endif %} {% if user.last_login %}{{ user.last_login|user_datetime('%Y-%m-%d %H:%M') }}{% else %}{{ _('Never') }}{% endif %} {{ user.oidc_sub[:20] }}... {{ _('Details') }}
{% else %}

{{ _('No users have logged in via OIDC yet.') }}

{% endif %}

{{ _('Environment Variables Reference') }}

{{ _('Configure OIDC using these environment variables:') }}

{{ _('Variable') }} {{ _('Description') }} {{ _('Example') }}
AUTH_METHOD{{ _('Authentication method') }}oidc / both / local
OIDC_ISSUER{{ _('OIDC provider issuer URL') }}https://auth.example.com
OIDC_CLIENT_ID{{ _('Client ID from OIDC provider') }}timetracker
OIDC_CLIENT_SECRET{{ _('Client secret from OIDC provider') }}secret123
OIDC_REDIRECT_URI{{ _('Callback URL (optional, auto-generated)') }}https://app.example.com/auth/oidc/callback
OIDC_SCOPES{{ _('Requested scopes') }}openid profile email groups
OIDC_USERNAME_CLAIM{{ _('Claim containing username') }}preferred_username
OIDC_EMAIL_CLAIM{{ _('Claim containing email') }}email
OIDC_FULL_NAME_CLAIM{{ _('Claim containing full name') }}name
OIDC_GROUPS_CLAIM{{ _('Claim containing groups') }}groups
OIDC_ADMIN_GROUP{{ _('Group name for admin role (optional)') }}timetracker_admin
OIDC_ADMIN_EMAILS{{ _('Comma-separated admin emails (optional)') }}admin@example.com,boss@example.com
{% endblock %}