Add logging in dynamic OIDC ECDSA strategy

I'm worried that these errors are going to be really burried from the user, so
add some log statements to try to make them a tiny bit more observable.

Also follow some of our error message convetions by using lowercase error
messages.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-12-04 09:05:39 -05:00
parent 2dc3ab1840
commit 83e0934864
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
2 changed files with 16 additions and 2 deletions

View File

@ -6,8 +6,10 @@ package oidc
import (
"context"
"crypto/ecdsa"
"reflect"
"go.pinniped.dev/internal/constable"
"go.pinniped.dev/internal/plog"
"github.com/ory/fosite"
"github.com/ory/fosite/compose"
@ -40,10 +42,22 @@ func (s *dynamicOpenIDConnectECDSAStrategy) GenerateIDToken(
) (string, error) {
_, activeJwk := s.jwksProvider.GetJWKS(s.fositeConfig.IDTokenIssuer)
if activeJwk == nil {
return "", constable.Error("No JWK found for issuer")
plog.Debug("no JWK found for issuer", "issuer", s.fositeConfig.IDTokenIssuer)
return "", constable.Error("no JWK found for issuer")
}
key, ok := activeJwk.Key.(*ecdsa.PrivateKey)
if !ok {
actualType := "nil"
if t := reflect.TypeOf(activeJwk.Key); t != nil {
actualType = t.String()
}
plog.Debug(
"JWK must be of type ecdsa",
"issuer",
s.fositeConfig.IDTokenIssuer,
"actualType",
actualType,
)
return "", constable.Error("JWK must be of type ecdsa")
}

View File

@ -65,7 +65,7 @@ func TestDynamicOpenIDConnectECDSAStrategy(t *testing.T) {
{
name: "jwks provider does not contain signing key for issuer",
issuer: goodIssuer,
wantError: "No JWK found for issuer",
wantError: "no JWK found for issuer",
},
{
name: "jwks provider contains signing key of wrong type for issuer",