ethyca · eastandwestwind · May 12, 2022 · May 11, 2022
diff --git a/src/fidesops/api/v1/endpoints/user_endpoints.py b/src/fidesops/api/v1/endpoints/user_endpoints.py
@@ -35,6 +35,7 @@
     UserLogin,
     UserPasswordReset,
     UserResponse,
+    UserLoginResponse,
 )
 
 from fidesops.util.oauth_util import (
@@ -238,11 +239,11 @@ def delete_user(
 @router.post(
     urls.LOGIN,
     status_code=HTTP_200_OK,
-    response_model=AccessToken,
+    response_model=UserLoginResponse,
 )
 def user_login(
     *, db: Session = Depends(deps.get_db), user_data: UserLogin
-) -> AccessToken:
+) -> UserLoginResponse:
     """Login the user by creating a client if it doesn't exist, and have that client generate a token"""
     user: FidesopsUser = FidesopsUser.get_by(
         db, field="username", value=user_data.username
@@ -260,7 +261,10 @@ def user_login(
 
     logger.info("Creating login access token")
     access_code = client.create_access_code_jwe()
-    return AccessToken(access_token=access_code)
+    return UserLoginResponse(
+        user_data=user,
+        token_data=AccessToken(access_token=access_code),
+    )
 
 
 @router.post(

diff --git a/src/fidesops/schemas/user.py b/src/fidesops/schemas/user.py
@@ -4,6 +4,7 @@
 
 from pydantic import validator
 from fidesops.schemas.base_class import BaseSchema
+from fidesops.schemas.oauth import AccessToken
 
 
 class UserUpdate(BaseSchema):
@@ -69,6 +70,13 @@ class UserResponse(BaseSchema):
     last_name: Optional[str]
 
 
+class UserLoginResponse(BaseSchema):
+    """Similar to UserResponse except with an access token"""
+
+    user_data: UserResponse
+    token_data: AccessToken
+
+
 class UserCreateResponse(BaseSchema):
     """Response after creating a FidesopsUser"""
 

diff --git a/tests/api/v1/endpoints/test_user_endpoints.py b/tests/api/v1/endpoints/test_user_endpoints.py
@@ -669,13 +669,16 @@ def test_login_creates_client(self, db, url, user, api_client):
 
         db.refresh(user)
         assert user.client is not None
-        assert list(response.json().keys()) == ["access_token"]
-        token = response.json()["access_token"]
-
+        assert "token_data" in list(response.json().keys())
+        token = response.json()["token_data"]["access_token"]
         token_data = json.loads(extract_payload(token))
-
         assert token_data["client-id"] == user.client.id
-        assert token_data["scopes"] == [PRIVACY_REQUEST_READ]
+        assert token_data["scopes"] == [
+            PRIVACY_REQUEST_READ
+        ]  # Uses scopes on existing client
+
+        assert "user_data" in list(response.json().keys())
+        assert response.json()["user_data"]["id"] == user.id
 
         user.client.delete(db)
 
@@ -699,16 +702,17 @@ def test_login_uses_existing_client(self, db, url, user, api_client):
 
         db.refresh(user)
         assert user.client is not None
-        assert list(response.json().keys()) == ["access_token"]
-        token = response.json()["access_token"]
-
+        assert "token_data" in list(response.json().keys())
+        token = response.json()["token_data"]["access_token"]
         token_data = json.loads(extract_payload(token))
-
         assert token_data["client-id"] == existing_client_id
         assert token_data["scopes"] == [
             PRIVACY_REQUEST_READ
         ]  # Uses scopes on existing client
 
+        assert "user_data" in list(response.json().keys())
+        assert response.json()["user_data"]["id"] == user.id
+
 
 class TestUserLogout:
     @pytest.fixture(scope="function")