🐛 Don't send user props on auth token after oidc login

backend/src/app/auth/oidc.clj

@@ -567,7 +567,6 @@
                         (tokens/generate (::setup/props cfg)
                                          {:iss :auth
                                           :exp (dt/in-future "15m")
-                                          :props (:props info)
                                           :profile-id (:id profile)}))
             props   (audit/profile->props profile)
             context (d/without-nils {:external-session-id (:external-session-id info)})]

backend/src/app/rpc/commands/verify_token.clj

@@ -82,16 +82,8 @@
 
 (defmethod process-token :auth
   [{:keys [conn] :as cfg} _params {:keys [profile-id] :as claims}]
-  (let [profile  (profile/get-profile conn profile-id {::sql/for-update true})
+  (let [profile (profile/get-profile conn profile-id)]
-        props    (merge (:props profile)
+    (assoc claims :profile profile)))
-                        (:props claims))]
-    (when (not= props (:props profile))
-      (db/update! conn :profile
-                  {:props (db/tjson props)}
-                  {:id profile-id}))
-
-    (let [profile (assoc profile :props props)]
-      (assoc claims :profile profile))))
 
 ;; --- Team Invitation