From 03b396136f57d8b801e09f2beb256fd039abea9a Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Fri, 8 Sep 2023 19:58:09 +0000 Subject: [PATCH] Add debug around oidc user claim --- src/Monocle/Api/Server.hs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/Monocle/Api/Server.hs b/src/Monocle/Api/Server.hs index 3237b4ad1..fe657171a 100644 --- a/src/Monocle/Api/Server.hs +++ b/src/Monocle/Api/Server.hs @@ -997,10 +997,14 @@ handleLoggedIn cookieSettings err codeM stateM = do let idToken = O.idToken tokens dayS = 24 * 3600 expiry = addUTCTime dayS now - userId = aUserId oidcEnv idToken + (mWarning, userId) = aUserId oidcEnv idToken mUidMap = getIdents config $ "AuthProviderUID:" <> userId authenticatedUser = AUser mUidMap userId (truncate $ nominalDiffTimeToSeconds $ utcTimeToPOSIXSeconds expiry) jwtCfg = localJWTSettings aOIDC + + forM_ mWarning \warning -> + logWarn "Could not find oidc_user_claim" ["msg" .= warning, "claims" .= O.otherClaims idToken] + logInfo "OIDCProviderTokenRequested" ["id" .= show @Text idToken] -- Here we create the JWT Session Cookie that will be used by the browser to authenticate requests mApplyCookies <- @@ -1027,14 +1031,14 @@ handleLoggedIn cookieSettings err codeM stateM = do Just (OIDCState _ (Just uri)) -> uri _ -> "/" -- Get the Token's claim that identify an unique user - aUserId :: OIDCEnv -> O.IdTokenClaims Value -> Text + aUserId :: OIDCEnv -> O.IdTokenClaims Value -> (Maybe Text, Text) aUserId OIDCEnv {providerConfig} idToken = case opUserClaim providerConfig of Just uc -> case O.otherClaims idToken of Object o -> case AKM.lookup (AK.fromText uc) o of - Just (String s) -> s - _ -> defaultUserId - _ -> defaultUserId - Nothing -> defaultUserId + Just (String s) -> (Nothing, s) + _ -> (Just ("Could not find oidc_user_claim " <> uc), defaultUserId) + _ -> (Just ("The token other claims is not an object!"), defaultUserId) + Nothing -> (Nothing, defaultUserId) where defaultUserId = sub idToken