Add logging in dynamic OIDC ECDSA strategy
I'm worried that these errors are going to be really burried from the user, so add some log statements to try to make them a tiny bit more observable. Also follow some of our error message convetions by using lowercase error messages. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler
parent
2dc3ab1840
commit
83e0934864
|
|
@ -6,8 +6,10 @@ package oidc
|
|||
import (
|
||||
"context"
|
||||
"crypto/ecdsa"
|
||||
"reflect"
|
||||
|
||||
"go.pinniped.dev/internal/constable"
|
||||
"go.pinniped.dev/internal/plog"
|
||||
|
||||
"github.com/ory/fosite"
|
||||
"github.com/ory/fosite/compose"
|
||||
|
|
@ -40,10 +42,22 @@ func (s *dynamicOpenIDConnectECDSAStrategy) GenerateIDToken(
|
|||
) (string, error) {
|
||||
_, activeJwk := s.jwksProvider.GetJWKS(s.fositeConfig.IDTokenIssuer)
|
||||
if activeJwk == nil {
|
||||
return "", constable.Error("No JWK found for issuer")
|
||||
plog.Debug("no JWK found for issuer", "issuer", s.fositeConfig.IDTokenIssuer)
|
||||
return "", constable.Error("no JWK found for issuer")
|
||||
}
|
||||
key, ok := activeJwk.Key.(*ecdsa.PrivateKey)
|
||||
if !ok {
|
||||
actualType := "nil"
|
||||
if t := reflect.TypeOf(activeJwk.Key); t != nil {
|
||||
actualType = t.String()
|
||||
}
|
||||
plog.Debug(
|
||||
"JWK must be of type ecdsa",
|
||||
"issuer",
|
||||
s.fositeConfig.IDTokenIssuer,
|
||||
"actualType",
|
||||
actualType,
|
||||
)
|
||||
return "", constable.Error("JWK must be of type ecdsa")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ func TestDynamicOpenIDConnectECDSAStrategy(t *testing.T) {
|
|||
{
|
||||
name: "jwks provider does not contain signing key for issuer",
|
||||
issuer: goodIssuer,
|
||||
wantError: "No JWK found for issuer",
|
||||
wantError: "no JWK found for issuer",
|
||||
},
|
||||
{
|
||||
name: "jwks provider contains signing key of wrong type for issuer",
|
||||
|
|
|
|||
Loading…
Reference in New Issue