add(otel): spans to auth of client and external calls to providers

Co-authored-by: Sindre Rødseth Hansen <[email protected]> Co-authored-by: Carl Hedgren <[email protected]>
nais · Nov 22, 2024 · 34190af · 34190af
1 parent 97e76ca
commit 34190af
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 1 deletion.
diff --git a/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestAuthorizer.kt b/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestAuthorizer.kt
@@ -62,6 +62,7 @@ class ClientCredentialsRequestAuthorizer : TokenRequestAuthorizer<OAuth2ClientCr
 
     override fun supportsGrantType(grantType: String?): Boolean = grantType == GrantType.CLIENT_CREDENTIALS_GRANT
 
+    @WithSpan
     override fun authorize(parameters: Parameters, oauth2Client: OAuth2Client?): OAuth2ClientCredentialsTokenRequest {
         log.debug("authorize request with parameters=$parameters for principal=$oauth2Client")
         val tokenRequest = OAuth2ClientCredentialsTokenRequest(

diff --git a/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt b/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt
@@ -14,6 +14,7 @@ import io.nais.security.oauth2.model.OAuth2TokenRequest
 import io.nais.security.oauth2.token.expiresIn
 import io.nais.security.oauth2.token.toJwt
 import io.nais.security.oauth2.token.verify
+import io.opentelemetry.api.trace.SpanKind
 import io.opentelemetry.instrumentation.annotations.WithSpan
 import mu.KotlinLogging
 import org.slf4j.MDC
@@ -134,6 +135,7 @@ data class ClientAssertionCredential(val clientAssertionType: String, val client
 private fun SignedJWT.isWithinMaxLifetime(lifetime: Long): Boolean =
     this.expiresIn() <= lifetime
 
+@WithSpan(kind = SpanKind.CLIENT)
 suspend fun ApplicationCall.receiveTokenRequestContext(
     tokenEndpointUrl: TokenEndpointUrl,
     block: TokenRequestContext.From.() -> TokenRequestContext

diff --git a/src/main/kotlin/io/nais/security/oauth2/keystore/KeyStore.kt b/src/main/kotlin/io/nais/security/oauth2/keystore/KeyStore.kt
@@ -3,6 +3,7 @@ package io.nais.security.oauth2.keystore
 import io.nais.security.oauth2.token.toJSON
 import io.nais.security.oauth2.token.toRSAKey
 import io.nais.security.oauth2.utils.withTimer
+import io.opentelemetry.instrumentation.annotations.WithSpan
 import kotliquery.Query
 import kotliquery.Row
 import kotliquery.queryOf
@@ -18,6 +19,7 @@ class KeyStore(private val dataSource: DataSource) {
         const val ID = 1L
     }
 
+    @WithSpan
     fun read(): RotatableKeys? = withTimer("readKeys") {
         using(sessionOf(dataSource)) { session ->
             session.run(

diff --git a/src/main/kotlin/io/nais/security/oauth2/routing/TokenExchangeApi.kt b/src/main/kotlin/io/nais/security/oauth2/routing/TokenExchangeApi.kt
@@ -2,7 +2,6 @@ package io.nais.security.oauth2.routing
 
 import com.nimbusds.jwt.SignedJWT
 import com.nimbusds.oauth2.sdk.OAuth2Error
-import io.ktor.server.application.call
 import io.ktor.server.response.respond
 import io.ktor.server.routing.Routing
 import io.ktor.server.routing.get