🐛 Don't send user props on auth token after oidc login

2025-01-08 07:50:43 -05:00 · 2024-09-10 12:36:28 +02:00 · 2024-09-10 12:36:28 +02:00 · 452aabdec6
commit 452aabdec6
parent 860e32d965
2 changed files with 2 additions and 11 deletions
--- a/backend/src/app/auth/oidc.clj
+++ b/backend/src/app/auth/oidc.clj
@ -567,7 +567,6 @@
                        (tokens/generate (::setup/props cfg)
                                         {:iss :auth
                                          :exp (dt/in-future "15m")
-                                          :props (:props info)
                                          :profile-id (:id profile)}))
            props   (audit/profile->props profile)
            context (d/without-nils {:external-session-id (:external-session-id info)})]
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@ -82,16 +82,8 @@

 (defmethod process-token :auth
  [{:keys [conn] :as cfg} _params {:keys [profile-id] :as claims}]
-  (let [profile  (profile/get-profile conn profile-id {::sql/for-update true})
-        props    (merge (:props profile)
-                        (:props claims))]
-    (when (not= props (:props profile))
-      (db/update! conn :profile
-                  {:props (db/tjson props)}
-                  {:id profile-id}))
-
-    (let [profile (assoc profile :props props)]
-      (assoc claims :profile profile))))
+  (let [profile (profile/get-profile conn profile-id)]
+    (assoc claims :profile profile)))

 ;; --- Team Invitation