Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose user IP address in the logs #187

Open
Dentrax opened this issue Dec 23, 2021 · 2 comments
Open

Expose user IP address in the logs #187

Dentrax opened this issue Dec 23, 2021 · 2 comments

Comments

@Dentrax
Copy link

Dentrax commented Dec 23, 2021

Currently, we are only exposing the following fields in the logs:

{
  "iss": "https://k8s.example.com",
  "sub": "...",
  "aud": "example-app",
  "exp": 1640342247,
  "iat": 1640255847,
  "at_hash": "...",
  "email": "[email protected]",
  "email_verified": true,
  "groups": [
    ""
  ],
  "name": "Foo"
}

It would be great to pass user's IP address during the authentication process. What do you think?

@Dentrax
Copy link
Author

Dentrax commented Dec 23, 2021

I'm not sure whether it's the correct place to ask this but should we handle this in the dex/server/oauth2.go instead? Any thoughts @nabokihms? Should we move this issue to there?

@nabokihms
Copy link

Hello there. There are a couple of obstacles that make implementing this feature a little bit harder in Dex:

  1. Dex should know the real IP addresses of clients, so we have to add options like real_ip_header and trusted_networks etc. I remember some opened issues with the intention of adding clients addresses to dex logs, but still no progress. As for now, Dex is not aware of clients ips.

  2. The fields from the top post are called claims and represent user attributes (attributes of the token holder) and some meta-information. Per oidc spec, there is a limited set of standard claims, which does not include the IP address. We have a pinned issue about the middleware layer, which should provide the ability to add custom claims to the token.

After solving these two puzzles, we will be able to move forward with your idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants