From 211f4b23d147cebfd3322ed51fe54e248ed07e5b Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Fri, 20 Aug 2021 14:41:02 -0700
Subject: [PATCH] Log auth endpoint errors with stack traces

---
 internal/oidc/auth/auth_handler.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/internal/oidc/auth/auth_handler.go b/internal/oidc/auth/auth_handler.go
index fb289719..004d6cd9 100644
--- a/internal/oidc/auth/auth_handler.go
+++ b/internal/oidc/auth/auth_handler.go
@@ -250,8 +250,18 @@ func handleAuthRequestForOIDCUpstreamAuthcodeGrant(
 }
 
 func writeAuthorizeError(w http.ResponseWriter, oauthHelper fosite.OAuth2Provider, authorizeRequester fosite.AuthorizeRequester, err error) error {
-	errWithStack := errors.WithStack(err)
-	plog.Info("authorize response error", oidc.FositeErrorForLog(errWithStack)...)
+	if plog.Enabled(plog.LevelTrace) {
+		// When trace level logging is enabled, include the stack trace in the log message.
+		keysAndValues := oidc.FositeErrorForLog(err)
+		errWithStack := errors.WithStack(err)
+		keysAndValues = append(keysAndValues, "errWithStack")
+		// klog always prints error values using %s, which does not include stack traces,
+		// so convert the error to a string which includes the stack trace here.
+		keysAndValues = append(keysAndValues, fmt.Sprintf("%+v", errWithStack))
+		plog.Trace("authorize response error", keysAndValues...)
+	} else {
+		plog.Info("authorize response error", oidc.FositeErrorForLog(err)...)
+	}
 	// Return an error according to OIDC spec 3.1.2.6 (second paragraph).
 	oauthHelper.WriteAuthorizeError(w, authorizeRequester, err)
 	return nil