From bdac5c745117936594dfd1e10acb4312c1a55fa7 Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Tue, 20 Feb 2024 14:30:45 +0000 Subject: [PATCH] Log resolved OIDC tenant id and how the bearer token is found (cherry picked from commit ff84d5d07e2e731f47863702505023baf29cfd70) --- .../oidc/runtime/BearerAuthenticationMechanism.java | 10 ++++++++++ .../oidc/runtime/OidcAuthenticationMechanism.java | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java index f6c22753ab98e..8869e9a9bdf90 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java @@ -2,6 +2,8 @@ import java.util.function.Function; +import org.jboss.logging.Logger; + import io.netty.handler.codec.http.HttpHeaderNames; import io.netty.handler.codec.http.HttpResponseStatus; import io.quarkus.oidc.AccessTokenCredential; @@ -15,14 +17,17 @@ import io.vertx.ext.web.RoutingContext; public class BearerAuthenticationMechanism extends AbstractOidcAuthenticationMechanism { + private static final Logger LOG = Logger.getLogger(BearerAuthenticationMechanism.class); public Uni authenticate(RoutingContext context, IdentityProviderManager identityProviderManager, OidcTenantConfig oidcTenantConfig) { + LOG.debug("Starting a bearer access token authentication"); String token = extractBearerToken(context, oidcTenantConfig); // if a bearer token is provided try to authenticate if (token != null) { return authenticate(identityProviderManager, context, new AccessTokenCredential(token)); } + LOG.debug("Bearer access token is not available"); return Uni.createFrom().nullItem(); } @@ -41,6 +46,7 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC final HttpServerRequest request = context.request(); String header = oidcConfig.token.header.isPresent() ? oidcConfig.token.header.get() : HttpHeaders.AUTHORIZATION.toString(); + LOG.debugf("Looking for a token in the %s header", header); final String headerValue = request.headers().get(header); if (headerValue == null) { @@ -50,6 +56,10 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC int idx = headerValue.indexOf(' '); final String scheme = idx > 0 ? headerValue.substring(0, idx) : null; + if (scheme != null) { + LOG.debugf("Authorization scheme: %s", scheme); + } + if (scheme == null && !header.equalsIgnoreCase(HttpHeaders.AUTHORIZATION.toString())) { return headerValue; } diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java index bd5c8ab18aeea..b17902078794c 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java @@ -6,6 +6,8 @@ import jakarta.enterprise.context.ApplicationScoped; +import org.jboss.logging.Logger; + import io.quarkus.oidc.OIDCException; import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.oidc.OidcTenantConfig.ApplicationType; @@ -23,6 +25,8 @@ @ApplicationScoped public class OidcAuthenticationMechanism implements HttpAuthenticationMechanism { + private static final Logger LOG = Logger.getLogger(OidcAuthenticationMechanism.class); + private static HttpCredentialTransport OIDC_WEB_APP_TRANSPORT = new HttpCredentialTransport( HttpCredentialTransport.Type.AUTHORIZATION_CODE, OidcConstants.CODE_FLOW_CODE); @@ -75,6 +79,7 @@ public OidcTenantConfig apply(OidcTenantConfig oidcTenantConfig) { if (oidcTenantConfig == null) { throw new OIDCException("Tenant configuration has not been resolved"); } + LOG.debugf("Resolved OIDC tenant id: %s", oidcTenantConfig.tenantId.orElse(OidcUtils.DEFAULT_TENANT_ID)); return oidcTenantConfig; }; });