From e59f5718160e2e476a3bb25d161d7a241a162612 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Fri, 21 Jan 2022 14:15:50 +1100 Subject: [PATCH] refactor(oidc): add client id to two factor log message (#2816) Adds the client id to a log message where it's likely useful. Additionally adds beta stage for prompt/display handling. --- docs/configuration/identity-providers/oidc.md | 9 ++++++++- internal/handlers/response.go | 6 +++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/configuration/identity-providers/oidc.md b/docs/configuration/identity-providers/oidc.md index 4229c2ce..21433739 100644 --- a/docs/configuration/identity-providers/oidc.md +++ b/docs/configuration/identity-providers/oidc.md @@ -90,7 +90,14 @@ for which stage will have each feature, and may evolve over time: Audit Storage - beta4 1 + beta4 1 + Prompt Handling + + + Display Handling + + + beta5 1 Back-Channel Logout diff --git a/internal/handlers/response.go b/internal/handlers/response.go index 1f3f5220..60674de0 100644 --- a/internal/handlers/response.go +++ b/internal/handlers/response.go @@ -17,7 +17,7 @@ func handleOIDCWorkflowResponse(ctx *middlewares.AutheliaCtx) { userSession := ctx.GetSession() if !authorization.IsAuthLevelSufficient(userSession.AuthenticationLevel, userSession.OIDCWorkflowSession.RequiredAuthorizationLevel) { - ctx.Logger.Warn("OpenID Connect requires 2FA, cannot be redirected yet") + ctx.Logger.Warnf("OpenID Connect client '%s' requires 2FA, cannot be redirected yet", userSession.OIDCWorkflowSession.ClientID) ctx.ReplyOK() return @@ -36,13 +36,13 @@ func handleOIDCWorkflowResponse(ctx *middlewares.AutheliaCtx) { userSession.OIDCWorkflowSession, userSession.OIDCWorkflowSession.RequestedScopes, userSession.OIDCWorkflowSession.RequestedAudience) { - err := ctx.SetJSONBody(redirectResponse{Redirect: fmt.Sprintf("%s/consent", uri)}) + err = ctx.SetJSONBody(redirectResponse{Redirect: fmt.Sprintf("%s/consent", uri)}) if err != nil { ctx.Logger.Errorf("Unable to set default redirection URL in body: %s", err) } } else { - err := ctx.SetJSONBody(redirectResponse{Redirect: userSession.OIDCWorkflowSession.AuthURI}) + err = ctx.SetJSONBody(redirectResponse{Redirect: userSession.OIDCWorkflowSession.AuthURI}) if err != nil { ctx.Logger.Errorf("Unable to set default redirection URL in body: %s", err) }