Merge pull request #2 from cloudbeds/feat/is-2628-more-debugging

Feat/is 2628 more debugging

kong-plugin-oidc-1.4.0-1.rockspec → kong-plugin-oidc-1.4.0-2.rockspec

@@ -1,5 +1,5 @@
 package = "kong-plugin-oidc"
-version = "1.4.0-1"
+version = "1.4.0-2"
 source = {
     url = "git://github.com/revomatico/kong-oidc",
     tag = "master",
@@ -22,7 +22,8 @@ description = {
     license = "Apache 2.0"
 }
 dependencies = {
-    "lua-resty-openidc ~> 1.7.6-3"
+    "lua-resty-openidc ~> 1.7.6-3",
+    "cjson ~> 2.1.0.10-1"
 }
 build = {
     type = "builtin",

kong/plugins/oidc/handler.lua

@@ -5,6 +5,7 @@ local OidcHandler = {
 local utils = require("kong.plugins.oidc.utils")
 local filter = require("kong.plugins.oidc.filter")
 local session = require("kong.plugins.oidc.session")
+local cjson = require("cjson")
 
 
 function OidcHandler:access(config)
@@ -117,6 +118,7 @@ function introspect(oidcConfig)
       res, err = require("resty.openidc").introspect(oidcConfig)
     end
     if err then
+      ngx.log(ngx.DEBUG, "oidc error: " .. cjson.encode(err) .. cjson.encode(res) .. cjson.encode(utils.sanitize_oidc_config(oidcConfig)))
       if oidcConfig.bearer_only == "yes" then
         ngx.header["WWW-Authenticate"] = 'Bearer realm="' .. oidcConfig.realm .. '",error="' .. err .. '"'
         return kong.response.error(ngx.HTTP_UNAUTHORIZED)

kong/plugins/oidc/utils.lua

@@ -227,4 +227,17 @@ function M.has_common_item(t1, t2)
   return false
 end
 
+-- sanitize oidc config for debugging output
+function M.sanitize_oidc_config(config)
+    local sanitized = {}
+    for k, v in pairs(config) do
+        if k == "client_id" or k == "client_secret" then
+            sanitized[k] = "<hidden>"
+        else
+            sanitized[k] = v
+        end
+    end
+    return sanitized
+end
+
 return M