Skip to content

Commit

Permalink
Log resolved OIDC tenant id and how the bearer token is found
Browse files Browse the repository at this point in the history
  • Loading branch information
sberyozkin committed Feb 20, 2024
1 parent 5515a66 commit ff84d5d
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

import java.util.function.Function;

import org.jboss.logging.Logger;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.oidc.AccessTokenCredential;
Expand All @@ -15,14 +17,17 @@
import io.vertx.ext.web.RoutingContext;

public class BearerAuthenticationMechanism extends AbstractOidcAuthenticationMechanism {
private static final Logger LOG = Logger.getLogger(BearerAuthenticationMechanism.class);

public Uni<SecurityIdentity> authenticate(RoutingContext context,
IdentityProviderManager identityProviderManager, OidcTenantConfig oidcTenantConfig) {
LOG.debug("Starting a bearer access token authentication");
String token = extractBearerToken(context, oidcTenantConfig);
// if a bearer token is provided try to authenticate
if (token != null) {
return authenticate(identityProviderManager, context, new AccessTokenCredential(token));
}
LOG.debug("Bearer access token is not available");
return Uni.createFrom().nullItem();
}

Expand All @@ -41,6 +46,7 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC
final HttpServerRequest request = context.request();
String header = oidcConfig.token.header.isPresent() ? oidcConfig.token.header.get()
: HttpHeaders.AUTHORIZATION.toString();
LOG.debugf("Looking for a token in the %s header", header);
final String headerValue = request.headers().get(header);

if (headerValue == null) {
Expand All @@ -50,6 +56,10 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC
int idx = headerValue.indexOf(' ');
final String scheme = idx > 0 ? headerValue.substring(0, idx) : null;

if (scheme != null) {
LOG.debugf("Authorization scheme: %s", scheme);
}

if (scheme == null && !header.equalsIgnoreCase(HttpHeaders.AUTHORIZATION.toString())) {
return headerValue;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

import jakarta.enterprise.context.ApplicationScoped;

import org.jboss.logging.Logger;

import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.OidcTenantConfig.ApplicationType;
Expand All @@ -23,6 +25,8 @@

@ApplicationScoped
public class OidcAuthenticationMechanism implements HttpAuthenticationMechanism {
private static final Logger LOG = Logger.getLogger(OidcAuthenticationMechanism.class);

private static HttpCredentialTransport OIDC_WEB_APP_TRANSPORT = new HttpCredentialTransport(
HttpCredentialTransport.Type.AUTHORIZATION_CODE, OidcConstants.CODE_FLOW_CODE);

Expand Down Expand Up @@ -75,6 +79,7 @@ public OidcTenantConfig apply(OidcTenantConfig oidcTenantConfig) {
if (oidcTenantConfig == null) {
throw new OIDCException("Tenant configuration has not been resolved");
}
LOG.debugf("Resolved OIDC tenant id: %s", oidcTenantConfig.tenantId.orElse(OidcUtils.DEFAULT_TENANT_ID));
return oidcTenantConfig;
};
});
Expand Down

0 comments on commit ff84d5d

Please sign in to comment.