From 4c5ec3daba62da51b98ac6537b5bacb73bfb6f18 Mon Sep 17 00:00:00 2001 From: Youssef Bel Mekki <38552193+ybelMekk@users.noreply.github.com> Date: Mon, 25 Nov 2024 12:31:47 +0100 Subject: [PATCH] fix(otel): remove span att for clientid and tokenendpointUrl --- .../security/oauth2/authentication/TokenRequestContext.kt | 3 +-- .../kotlin/io/nais/security/oauth2/model/OAuth2Client.kt | 3 +-- .../kotlin/io/nais/security/oauth2/token/TokenIssuer.kt | 6 +++++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt b/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt index 12a45895..2bde72a0 100644 --- a/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt +++ b/src/main/kotlin/io/nais/security/oauth2/authentication/TokenRequestContext.kt @@ -15,7 +15,6 @@ import io.nais.security.oauth2.token.expiresIn import io.nais.security.oauth2.token.toJwt import io.nais.security.oauth2.token.verify import io.opentelemetry.api.trace.SpanKind -import io.opentelemetry.instrumentation.annotations.SpanAttribute import io.opentelemetry.instrumentation.annotations.WithSpan import mu.KotlinLogging import org.slf4j.MDC @@ -138,7 +137,7 @@ private fun SignedJWT.isWithinMaxLifetime(lifetime: Long): Boolean = @WithSpan(kind = SpanKind.CLIENT) suspend fun ApplicationCall.receiveTokenRequestContext( - @SpanAttribute tokenEndpointUrl: TokenEndpointUrl, + tokenEndpointUrl: TokenEndpointUrl, block: TokenRequestContext.From.() -> TokenRequestContext ): TokenRequestContext = tokenRequestContext(tokenEndpointUrl, this.receiveParameters(), block) diff --git a/src/main/kotlin/io/nais/security/oauth2/model/OAuth2Client.kt b/src/main/kotlin/io/nais/security/oauth2/model/OAuth2Client.kt index 48c7a872..1118b967 100644 --- a/src/main/kotlin/io/nais/security/oauth2/model/OAuth2Client.kt +++ b/src/main/kotlin/io/nais/security/oauth2/model/OAuth2Client.kt @@ -13,7 +13,6 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper import com.nimbusds.jose.jwk.JWK import com.nimbusds.jose.jwk.JWKSet -import io.opentelemetry.instrumentation.annotations.SpanAttribute // JWKSet does not implement equals and cant be directly serialized as json data class JsonWebKeys( @@ -37,7 +36,7 @@ data class JsonWebKeys( } data class OAuth2Client( - @SpanAttribute val clientId: ClientId, + val clientId: ClientId, val jwks: JsonWebKeys, val accessPolicyInbound: AccessPolicy = AccessPolicy(), val accessPolicyOutbound: AccessPolicy = AccessPolicy(), diff --git a/src/main/kotlin/io/nais/security/oauth2/token/TokenIssuer.kt b/src/main/kotlin/io/nais/security/oauth2/token/TokenIssuer.kt index 3a69638c..4ff1d32d 100644 --- a/src/main/kotlin/io/nais/security/oauth2/token/TokenIssuer.kt +++ b/src/main/kotlin/io/nais/security/oauth2/token/TokenIssuer.kt @@ -13,6 +13,8 @@ import io.nais.security.oauth2.model.ClaimValueMapping import io.nais.security.oauth2.model.OAuth2Client import io.nais.security.oauth2.model.OAuth2Exception import io.nais.security.oauth2.model.OAuth2TokenExchangeRequest +import io.opentelemetry.instrumentation.annotations.SpanAttribute +import io.opentelemetry.instrumentation.annotations.WithSpan import mu.KotlinLogging import java.text.ParseException import java.time.Instant @@ -43,6 +45,7 @@ class TokenIssuer(authorizationServerProperties: AuthorizationServerProperties) fun publicJwkSet(): JWKSet = rotatingKeyStore.publicJWKSet() + @WithSpan fun issueTokenFor(oAuth2Client: OAuth2Client, tokenExchangeRequest: OAuth2TokenExchangeRequest): SignedJWT { val targetAudience: String = tokenExchangeRequest.audience val subjectTokenJwt = tryOrInvalidSubjectToken { @@ -87,7 +90,8 @@ class TokenIssuer(authorizationServerProperties: AuthorizationServerProperties) } } - private fun JWTClaimsSet.Builder.mapSubjectTokenClaims(issuer: String?, subjectTokenClaims: JWTClaimsSet): JWTClaimsSet.Builder { + @WithSpan + private fun JWTClaimsSet.Builder.mapSubjectTokenClaims(@SpanAttribute issuer: String?, subjectTokenClaims: JWTClaimsSet): JWTClaimsSet.Builder { val mappings: ClaimMappings = issuer ?.let { issuerSubjectTokenMappings[issuer] } ?.takeIf { mapping -> mapping.isNotEmpty() }