From f0cf1bc804b5a4d7fb1565afd6aa55ed5afc344f Mon Sep 17 00:00:00 2001
From: Till-JS <101404291+Till-JS@users.noreply.github.com>
Date: Sun, 1 Feb 2026 12:28:41 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(mana-core-auth):=20OIDC=20to?=
 =?UTF-8?q?ken=20exchange=20now=20works=20with=20body-parser?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Removed debug logging that exposed sensitive client_secret in production logs
- The body-parser middleware in main.ts correctly handles form-urlencoded token requests
- handleOidcRequest properly converts parsed body to URLSearchParams for Better Auth
---
 services/mana-core-auth/src/auth/oidc.controller.ts       | 3 ---
 .../src/auth/services/better-auth.service.ts              | 8 --------
 2 files changed, 11 deletions(-)

diff --git a/services/mana-core-auth/src/auth/oidc.controller.ts b/services/mana-core-auth/src/auth/oidc.controller.ts
index b078c8833..6f0861ca1 100644
--- a/services/mana-core-auth/src/auth/oidc.controller.ts
+++ b/services/mana-core-auth/src/auth/oidc.controller.ts
@@ -59,9 +59,6 @@ export class OidcController {
 	 */
 	@Post('api/auth/oauth2/token')
 	async tokenOauth2(@Req() req: Request, @Res() res: Response) {
-		console.log('[Token Endpoint] Content-Type:', req.headers['content-type']);
-		console.log('[Token Endpoint] Body:', req.body);
-		console.log('[Token Endpoint] Body keys:', Object.keys(req.body || {}));
 		return this.handleOidcRequest(req, res);
 	}
 
diff --git a/services/mana-core-auth/src/auth/services/better-auth.service.ts b/services/mana-core-auth/src/auth/services/better-auth.service.ts
index 0e7659f78..f59dd048f 100644
--- a/services/mana-core-auth/src/auth/services/better-auth.service.ts
+++ b/services/mana-core-auth/src/auth/services/better-auth.service.ts
@@ -1297,8 +1297,6 @@ export class BetterAuthService {
 			let requestBody: string | undefined;
 			if (req.method !== 'GET' && req.method !== 'HEAD' && req.body) {
 				const contentType = req.headers['content-type'] || '';
-				console.log('[handleOidcRequest] Processing body with content-type:', contentType);
-				console.log('[handleOidcRequest] req.body:', JSON.stringify(req.body, null, 2));
 				if (contentType.includes('application/x-www-form-urlencoded')) {
 					// Convert object to URL-encoded form data
 					const params = new URLSearchParams();
@@ -1308,7 +1306,6 @@ export class BetterAuthService {
 						}
 					}
 					requestBody = params.toString();
-					console.log('[handleOidcRequest] Converted to URLSearchParams:', requestBody);
 				} else {
 					// Default to JSON
 					requestBody = JSON.stringify(req.body);
@@ -1320,9 +1317,6 @@ export class BetterAuthService {
 			}
 
 			// Create Fetch Request
-			console.log('[handleOidcRequest] Creating Fetch Request to:', url.toString());
-			console.log('[handleOidcRequest] Method:', req.method);
-			console.log('[handleOidcRequest] Headers content-type:', headers.get('content-type'));
 			const fetchRequest = new Request(url.toString(), {
 				method: req.method,
 				headers,
@@ -1331,7 +1325,6 @@ export class BetterAuthService {
 
 			// Call Better Auth's handler
 			const response = await this.auth.handler(fetchRequest);
-			console.log('[handleOidcRequest] Better Auth response status:', response.status);
 
 			// Convert Response to our format
 			const responseHeaders: Record<string, string> = {};
@@ -1343,7 +1336,6 @@ export class BetterAuthService {
 			let body: unknown;
 			const contentType = response.headers.get('content-type');
 			const textBody = await response.text();
-			console.log('[handleOidcRequest] Response body:', textBody);
 
 			if (contentType?.includes('application/json') && textBody.length > 0) {
 				try {