Skip to content

Commit

Permalink
Minor auth logging edits (#644)
Browse files Browse the repository at this point in the history 
* Improve log message for user token expired, improve log message for client_id mismatch

* Improve log message for user token expired, improve log message for client_id mismatch

* Improve log message for user token expired, improve log message for client_id mismatch

* lower log level to debug for client_id mismatch detail (potential user input injection)

* check log level to reduce unnecessary GC
  • Loading branch information
@matthudsonatx
matthudsonatx authored May 11, 2023
1 parent 7a49e8a commit 5b6b854
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,7 @@ public Future<User> authenticate(Credentials credentials) {
// final step, verify if the user is not expired
// this may happen if the user tokens have been issued for future use for example
if (newUser.expired(config.getJWTOptions().getLeeway())) {
return Future.failedFuture("Used is expired.");
return Future.failedFuture("User token is expired.");
} else {
// basic validation passed, the token is not expired
return Future.succeededFuture(newUser);
Expand All @@ -316,7 +316,11 @@ public Future<User> authenticate(Credentials credentials) {
String clientId = config.getClientId();
if (clientId != null && !clientId.equals(json.getString("client_id"))) {
// Client identifier for the OAuth 2.0 client that requested this token.
LOG.info("Introspect client_id doesn't match configured client_id");
LOG.info("Introspected client_id doesn't match configured client_id");
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("Introspected client_id: %s", clientId));
LOG.debug(String.format("Configured client_id: %s", json.getString("client_id")));
}
}
}

Expand All @@ -328,7 +332,7 @@ public Future<User> authenticate(Credentials credentials) {
// final step, verify if the user is not expired
// this may happen if the user tokens have been issued for future use for example
if (newUser.expired(config.getJWTOptions().getLeeway())) {
return Future.failedFuture("Used is expired.");
return Future.failedFuture("User token is expired.");
} else {
// basic validation passed, the token is not expired
return Future.succeededFuture(newUser);
Expand Down Expand Up @@ -417,7 +421,7 @@ public Future<User> authenticate(Credentials credentials) {
// final step, verify if the user is not expired
// this may happen if the user tokens have been issued for future use for example
if (newUser.expired(config.getJWTOptions().getLeeway())) {
return Future.failedFuture("Used is expired.");
return Future.failedFuture("User token is expired.");
} else {
// basic validation passed, the token is not expired
return Future.succeededFuture(newUser);
Expand Down Expand Up @@ -452,7 +456,7 @@ public Future<User> refresh(User user) {
// final step, verify if the user is not expired
// this may happen if the user tokens have been issued for future use for example
if (newUser.expired(config.getJWTOptions().getLeeway())) {
return Future.failedFuture("Used is expired.");
return Future.failedFuture("User token is expired.");
} else {
// basic validation passed, the token is not expired
return Future.succeededFuture(newUser);
Expand Down Expand Up @@ -488,7 +492,7 @@ public Future<JsonObject> userInfo(User user) {
// final step, verify if the user is not expired
// this may happen if the user tokens have been issued for future use for example
if (user.expired(config.getJWTOptions().getLeeway())) {
return Future.failedFuture("Used is expired.");
return Future.failedFuture("User token is expired.");
} else {
// basic validation passed, the user token is not expired
return Future.succeededFuture(json);
Expand Down

0 comments on commit 5b6b854

Please sign in to comment.