From 3d3c99cb0d3ae52cf8a0e1c0c1f4c4b59db46d99 Mon Sep 17 00:00:00 2001
From: vegard <vnotnes@pm.me>
Date: Sun, 15 Mar 2026 01:58:13 +0100
Subject: [PATCH] Debug: log JWT token IDs og bruk authentik_sub som user.id

---
 web/src/lib/server/auth.ts | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/web/src/lib/server/auth.ts b/web/src/lib/server/auth.ts
index 81ed271..0d706c4 100644
--- a/web/src/lib/server/auth.ts
+++ b/web/src/lib/server/auth.ts
@@ -48,16 +48,22 @@ export const { handle, signIn, signOut } = SvelteKitAuth({
 	secret: env.AUTH_SECRET || 'dev-secret-not-for-production',
 	trustHost: true,
 	callbacks: {
-		jwt({ token, user }) {
+		jwt({ token, user, profile }) {
 			if (user) {
 				token.id = user.id;
 			}
+			if (profile?.sub) {
+				token.authentik_sub = profile.sub;
+			}
+			console.log('[jwt] token.id:', token.id, 'token.sub:', token.sub, 'token.authentik_sub:', token.authentik_sub, 'user?.id:', user?.id);
 			return token;
 		},
 		session({ session, token }) {
-			if (session.user && token.id) {
-				session.user.id = token.id as string;
+			if (session.user) {
+				// Bruk Authentik sub som user.id for å matche users-tabellen
+				session.user.id = (token.authentik_sub ?? token.id) as string;
 			}
+			console.log('[session] user.id:', session.user?.id);
 			return session;
 		}
 	}