fix(otel): remove span att for clientid and tokenendpointUrl

nais · Nov 25, 2024 · 4c5ec3d · 4c5ec3d
1 parent a8129fe
commit 4c5ec3d
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt b/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt
@@ -15,7 +15,6 @@ import io.nais.security.oauth2.token.expiresIn
 import io.nais.security.oauth2.token.toJwt
 import io.nais.security.oauth2.token.verify
 import io.opentelemetry.api.trace.SpanKind
-import io.opentelemetry.instrumentation.annotations.SpanAttribute
 import io.opentelemetry.instrumentation.annotations.WithSpan
 import mu.KotlinLogging
 import org.slf4j.MDC
@@ -138,7 +137,7 @@ private fun SignedJWT.isWithinMaxLifetime(lifetime: Long): Boolean =
 
 @WithSpan(kind = SpanKind.CLIENT)
 suspend fun ApplicationCall.receiveTokenRequestContext(
-    @SpanAttribute tokenEndpointUrl: TokenEndpointUrl,
+    tokenEndpointUrl: TokenEndpointUrl,
     block: TokenRequestContext.From.() -> TokenRequestContext
 ): TokenRequestContext = tokenRequestContext(tokenEndpointUrl, this.receiveParameters(), block)
 

diff --git a/src/main/kotlin/io/nais/security/oauth2/model/OAuth2Client.kt b/src/main/kotlin/io/nais/security/oauth2/model/OAuth2Client.kt
@@ -13,7 +13,6 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import com.nimbusds.jose.jwk.JWK
 import com.nimbusds.jose.jwk.JWKSet
-import io.opentelemetry.instrumentation.annotations.SpanAttribute
 
 // JWKSet does not implement equals and cant be directly serialized as json
 data class JsonWebKeys(
@@ -37,7 +36,7 @@ data class JsonWebKeys(
 }
 
 data class OAuth2Client(
-    @SpanAttribute val clientId: ClientId,
+    val clientId: ClientId,
     val jwks: JsonWebKeys,
     val accessPolicyInbound: AccessPolicy = AccessPolicy(),
     val accessPolicyOutbound: AccessPolicy = AccessPolicy(),

diff --git a/src/main/kotlin/io/nais/security/oauth2/token/TokenIssuer.kt b/src/main/kotlin/io/nais/security/oauth2/token/TokenIssuer.kt
@@ -13,6 +13,8 @@ import io.nais.security.oauth2.model.ClaimValueMapping
 import io.nais.security.oauth2.model.OAuth2Client
 import io.nais.security.oauth2.model.OAuth2Exception
 import io.nais.security.oauth2.model.OAuth2TokenExchangeRequest
+import io.opentelemetry.instrumentation.annotations.SpanAttribute
+import io.opentelemetry.instrumentation.annotations.WithSpan
 import mu.KotlinLogging
 import java.text.ParseException
 import java.time.Instant
@@ -43,6 +45,7 @@ class TokenIssuer(authorizationServerProperties: AuthorizationServerProperties)
 
     fun publicJwkSet(): JWKSet = rotatingKeyStore.publicJWKSet()
 
+    @WithSpan
     fun issueTokenFor(oAuth2Client: OAuth2Client, tokenExchangeRequest: OAuth2TokenExchangeRequest): SignedJWT {
         val targetAudience: String = tokenExchangeRequest.audience
         val subjectTokenJwt = tryOrInvalidSubjectToken {
@@ -87,7 +90,8 @@ class TokenIssuer(authorizationServerProperties: AuthorizationServerProperties)
             }
         }
 
-    private fun JWTClaimsSet.Builder.mapSubjectTokenClaims(issuer: String?, subjectTokenClaims: JWTClaimsSet): JWTClaimsSet.Builder {
+    @WithSpan
+    private fun JWTClaimsSet.Builder.mapSubjectTokenClaims(@SpanAttribute issuer: String?, subjectTokenClaims: JWTClaimsSet): JWTClaimsSet.Builder {
         val mappings: ClaimMappings = issuer
             ?.let { issuerSubjectTokenMappings[issuer] }
             ?.takeIf { mapping -> mapping.isNotEmpty() }