Merge pull request #38890 from sberyozkin/log_oidc_tenant_id

Log resolved OIDC tenant id and how the bearer token is found
quarkusio · Feb 20, 2024 · ee73767 · ee73767
2 parents 0ac84fe + ff84d5d
commit ee73767
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/...ons/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java b/...ons/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java
@@ -2,6 +2,8 @@
 
 import java.util.function.Function;
 
+import org.jboss.logging.Logger;
+
 import io.netty.handler.codec.http.HttpHeaderNames;
 import io.netty.handler.codec.http.HttpResponseStatus;
 import io.quarkus.oidc.AccessTokenCredential;
@@ -15,14 +17,17 @@
 import io.vertx.ext.web.RoutingContext;
 
 public class BearerAuthenticationMechanism extends AbstractOidcAuthenticationMechanism {
+    private static final Logger LOG = Logger.getLogger(BearerAuthenticationMechanism.class);
 
     public Uni<SecurityIdentity> authenticate(RoutingContext context,
             IdentityProviderManager identityProviderManager, OidcTenantConfig oidcTenantConfig) {
+        LOG.debug("Starting a bearer access token authentication");
         String token = extractBearerToken(context, oidcTenantConfig);
         // if a bearer token is provided try to authenticate
         if (token != null) {
             return authenticate(identityProviderManager, context, new AccessTokenCredential(token));
         }
+        LOG.debug("Bearer access token is not available");
         return Uni.createFrom().nullItem();
     }
 
@@ -41,6 +46,7 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC
         final HttpServerRequest request = context.request();
         String header = oidcConfig.token.header.isPresent() ? oidcConfig.token.header.get()
                 : HttpHeaders.AUTHORIZATION.toString();
+        LOG.debugf("Looking for a token in the %s header", header);
         final String headerValue = request.headers().get(header);
 
         if (headerValue == null) {
@@ -50,6 +56,10 @@ private String extractBearerToken(RoutingContext context, OidcTenantConfig oidcC
         int idx = headerValue.indexOf(' ');
         final String scheme = idx > 0 ? headerValue.substring(0, idx) : null;
 
+        if (scheme != null) {
+            LOG.debugf("Authorization scheme: %s", scheme);
+        }
+
         if (scheme == null && !header.equalsIgnoreCase(HttpHeaders.AUTHORIZATION.toString())) {
             return headerValue;
         }

diff --git a/...sions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java b/...sions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java
@@ -6,6 +6,8 @@
 
 import jakarta.enterprise.context.ApplicationScoped;
 
+import org.jboss.logging.Logger;
+
 import io.quarkus.oidc.OIDCException;
 import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.oidc.OidcTenantConfig.ApplicationType;
@@ -23,6 +25,8 @@
 
 @ApplicationScoped
 public class OidcAuthenticationMechanism implements HttpAuthenticationMechanism {
+    private static final Logger LOG = Logger.getLogger(OidcAuthenticationMechanism.class);
+
     private static HttpCredentialTransport OIDC_WEB_APP_TRANSPORT = new HttpCredentialTransport(
             HttpCredentialTransport.Type.AUTHORIZATION_CODE, OidcConstants.CODE_FLOW_CODE);
 
@@ -75,6 +79,7 @@ public OidcTenantConfig apply(OidcTenantConfig oidcTenantConfig) {
                 if (oidcTenantConfig == null) {
                     throw new OIDCException("Tenant configuration has not been resolved");
                 }
+                LOG.debugf("Resolved OIDC tenant id: %s", oidcTenantConfig.tenantId.orElse(OidcUtils.DEFAULT_TENANT_ID));
                 return oidcTenantConfig;
             };
         });