Skip to content

Commit

Permalink
Log resolved OIDC tenant id and how the bearer token is found
Browse files Browse the repository at this point in the history
(cherry picked from commit ff84d5d)
  • Loading branch information
sberyozkin authored and gsmet committed Feb 20, 2024
1 parent f1ab295 commit bdac5c7
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

import java.util.function.Function;

import org.jboss.logging.Logger;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.oidc.AccessTokenCredential;
Expand All @@ -15,14 +17,17 @@
import io.vertx.ext.web.RoutingContext;

public class BearerAuthenticationMechanism extends AbstractOidcAuthenticationMechanism {
private static final Logger LOG = Logger.getLogger(BearerAuthenticationMechanism.class);

public Uni<SecurityIdentity> authenticate(RoutingContext context,
IdentityProviderManager identityProviderManager, OidcTenantConfig oidcTenantConfig) {
LOG.debug("Starting a bearer access token authentication");
String token = extractBearerToken(context, oidcTenantConfig);
// if a bearer token is provided try to authenticate
if (token != null) {
return authenticate(identityProviderManager, context, new AccessTokenCredential(token));
}
LOG.debug("Bearer access token is not available");
return Uni.createFrom().nullItem();
}

Expand All @@ -41,6 +46,7 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC
final HttpServerRequest request = context.request();
String header = oidcConfig.token.header.isPresent() ? oidcConfig.token.header.get()
: HttpHeaders.AUTHORIZATION.toString();
LOG.debugf("Looking for a token in the %s header", header);
final String headerValue = request.headers().get(header);

if (headerValue == null) {
Expand All @@ -50,6 +56,10 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC
int idx = headerValue.indexOf(' ');
final String scheme = idx > 0 ? headerValue.substring(0, idx) : null;

if (scheme != null) {
LOG.debugf("Authorization scheme: %s", scheme);
}

if (scheme == null && !header.equalsIgnoreCase(HttpHeaders.AUTHORIZATION.toString())) {
return headerValue;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

import jakarta.enterprise.context.ApplicationScoped;

import org.jboss.logging.Logger;

import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.OidcTenantConfig.ApplicationType;
Expand All @@ -23,6 +25,8 @@

@ApplicationScoped
public class OidcAuthenticationMechanism implements HttpAuthenticationMechanism {
private static final Logger LOG = Logger.getLogger(OidcAuthenticationMechanism.class);

private static HttpCredentialTransport OIDC_WEB_APP_TRANSPORT = new HttpCredentialTransport(
HttpCredentialTransport.Type.AUTHORIZATION_CODE, OidcConstants.CODE_FLOW_CODE);

Expand Down Expand Up @@ -75,6 +79,7 @@ public OidcTenantConfig apply(OidcTenantConfig oidcTenantConfig) {
if (oidcTenantConfig == null) {
throw new OIDCException("Tenant configuration has not been resolved");
}
LOG.debugf("Resolved OIDC tenant id: %s", oidcTenantConfig.tenantId.orElse(OidcUtils.DEFAULT_TENANT_ID));
return oidcTenantConfig;
};
});
Expand Down

0 comments on commit bdac5c7

Please sign in to comment.