mlco2 · inimaz · Feb 16, 2026 · Feb 16, 2026 · Feb 16, 2026
@@ -5,6 +5,7 @@
 It can work with any OIDC-compliant provider (Fief, Keycloak, Auth0, etc.).
 """
 
+import logging
 from typing import Any, Dict, Optional, Tuple
 
 from authlib.integrations.starlette_client import OAuth
@@ -16,6 +17,7 @@
 
 DEFAULT_SIGNATURE_CACHE_TTL = 3600  # seconds
 OAUTH_SCOPES = ["openid", "email", "profile"]
+LOGGER = logging.getLogger(__name__)
 
 fief = FiefAsync(
     settings.fief_url, settings.fief_client_id, settings.fief_client_secret
@@ -53,15 +55,23 @@ def get_client_credentials(self) -> Tuple[str, str]:
 
     async def _decode_token(self, token: str) -> Dict[str, Any]:
         try:
+            LOGGER.debug(f"Jwks_data: {token}")
+            LOGGER.debug(f"Base url: {fief.base_url}")
+            LOGGER.debug(f"Client id: {fief.client_id}")
+            LOGGER.debug(f"User info: {await fief.userinfo(token)}")
             access_token_info = await fief.validate_access_token(token)
             return access_token_info
-        except Exception:
+        except Exception as e:
+            LOGGER.error(f"Error validating access token: {e}")
             ...
 
         jwks_data = await self.client.fetch_jwk_set()
+        LOGGER.debug(f"Jwks_data: {jwks_data}")
         keyset = JsonWebKey.import_key_set(jwks_data)
         claims = jose_jwt.decode(token, keyset)
         claims.validate()
+        LOGGER.debug(f"Decoded claims: {claims}")
+        LOGGER.debug(f"Claims validate: {claims.validate()}")
         return dict(claims)
 
     async def validate_access_token(self, token: str) -> bool:

@@ -1,3 +1,4 @@
+import logging
 from dataclasses import dataclass
 from typing import Optional
 
@@ -14,6 +15,7 @@
 from carbonserver.container import ServerContainer
 
 OAUTH_SCOPES = ["openid", "email", "profile"]
+LOGGER = logging.getLogger(__name__)
 
 
 @dataclass
@@ -60,6 +62,9 @@ async def __call__(
             )
         elif bearer_token is not None:
             if settings.environment != "develop" and auth_provider is not None:
+                LOGGER.debug(
+                    f"Validating token with auth provider. Token: {bearer_token}"
+                )
                 try:
                     await auth_provider.validate_access_token(bearer_token.credentials)
                 except Exception:

@@ -16,32 +16,26 @@ class Settings(BaseSettings):
     oidc_client_secret: str = ""
     oidc_issuer_url: str = "https://auth.codecarbon.io/codecarbon-dev"
     oidc_well_known_url: str = ""
-
-    # Deprecated: Old Fief-specific settings (use OIDC settings instead)
-    @property
-    def fief_client_id(self) -> str:
-        return self.oidc_client_id
-
-    @property
-    def fief_client_secret(self) -> str:
-        return self.oidc_client_secret
-
-    @property
-    def fief_url(self) -> str:
-        return self.oidc_issuer_url
-
     frontend_url: str = Field("", env="FRONTEND_URL")
     environment: str = Field("production")
     jwt_key: str = Field("", env="JWT_KEY")
     api_port: int = Field(8080, env="API_PORT")
     server_host: str = Field("0.0.0.0", env="SERVER_HOST")
 
+    # Fief settings (deprecated)
+    fief_client_id: str = ""
+    fief_client_secret: str = ""
+    fief_url: str = ""
+
     class Config:
         # Define alternative environment variable names for backward compatibility
         fields = {
-            "oidc_client_id": {"env": ["OIDC_CLIENT_ID", "FIEF_CLIENT_ID"]},
-            "oidc_client_secret": {"env": ["OIDC_CLIENT_SECRET", "FIEF_CLIENT_SECRET"]},
-            "oidc_issuer_url": {"env": ["OIDC_ISSUER_URL", "FIEF_URL"]},
+            "oidc_client_id": {"env": ["OIDC_CLIENT_ID"]},
+            "oidc_client_secret": {"env": ["OIDC_CLIENT_SECRET"]},
+            "oidc_issuer_url": {"env": ["OIDC_ISSUER_URL"]},
+            "fief_client_id": {"env": ["FIEF_CLIENT_ID"]},
+            "fief_client_secret": {"env": ["FIEF_CLIENT_SECRET"]},
+            "fief_url": {"env": ["FIEF_URL"]},
             "oidc_well_known_url": {
                 "env": [
                     "OIDC_WELL_KNOWN_URL",