Check if openid scope is present in the auth request, but only warn if not

src/web/oauth_openid/authorisation.rs

@@ -11,7 +11,7 @@ use chrono::Utc;
 use eyre::{Context, ContextCompat};
 
 use serde::{Deserialize, Serialize};
-use tracing::{error, info};
+use tracing::{error, warn};
 
 use crate::{
     config::{Configuration, OidcClientConfiguration},
@@ -72,7 +72,10 @@ pub async fn oidc_authorisation(
                 .into_response();
         }
     };
-    info!("auth {query:?}");
+
+    if !query.scope.split(' ').any(|word| word == "openid") {
+        warn!("No OpenID scope requested! Continuing anyway, but beware.");
+    }
 
     let (client_id, client_config) = match validate_authorisation_basics(&query, &config) {
         Ok(x) => x,