feat: add failure reason to events

ory · Nov 12, 2024 · e8ed8cb · e8ed8cb
1 parent 253c5b6
commit e8ed8cb
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 19 deletions.
diff --git a/internal/client-go/go.sum b/internal/client-go/go.sum
@@ -4,6 +4,7 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

diff --git a/selfservice/flow/login/error.go b/selfservice/flow/login/error.go
@@ -88,12 +88,12 @@ func (s *ErrorHandler) WriteFlowError(w http.ResponseWriter, r *http.Request, f
 		Info("Encountered self-service login error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), "", "", false))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), "", "", false, err))
 		s.forward(w, r, nil, err)
 		return
 	}
 
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), string(f.Type), string(f.RequestedAAL), f.Refresh))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), string(f.Type), string(f.RequestedAAL), f.Refresh, err))
 
 	if expired, inner := s.PrepareReplacementForExpiredFlow(w, r, f, err); inner != nil {
 		s.WriteFlowError(w, r, f, group, inner)

diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go
@@ -73,12 +73,12 @@ func (s *ErrorHandler) WriteFlowError(
 		Info("Encountered self-service recovery error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), "", ""))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), "", "", recoveryErr))
 		s.forward(w, r, nil, recoveryErr)
 		return
 	}
 
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), string(f.Type), f.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), string(f.Type), f.Active.String(), recoveryErr))
 
 	if expiredError := new(flow.ExpiredError); errors.As(recoveryErr, &expiredError) {
 		strategy, err := s.d.RecoveryStrategies(r.Context()).Strategy(f.Active.String())

diff --git a/selfservice/flow/registration/error.go b/selfservice/flow/registration/error.go
@@ -93,11 +93,11 @@ func (s *ErrorHandler) WriteFlowError(
 		Info("Encountered self-service flow error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), "", ""))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), "", "", err))
 		s.forward(w, r, nil, err)
 		return
 	}
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), string(f.Type), f.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), string(f.Type), f.Active.String(), err))
 
 	if expired, inner := s.PrepareReplacementForExpiredFlow(w, r, f, err); inner != nil {
 		s.forward(w, r, f, err)

diff --git a/selfservice/flow/settings/error.go b/selfservice/flow/settings/error.go
@@ -180,11 +180,11 @@ func (s *ErrorHandler) WriteFlowError(
 	}
 
 	if f == nil {
-		trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, "", ""))
+		trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, "", "", err))
 		s.forward(ctx, w, r, nil, err)
 		return
 	}
-	trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, string(f.Type), f.Active.String()))
+	trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, string(f.Type), f.Active.String(), err))
 
 	if expired, inner := s.PrepareReplacementForExpiredFlow(ctx, w, r, f, id, err); inner != nil {
 		s.forward(ctx, w, r, f, err)

diff --git a/selfservice/flow/verification/error.go b/selfservice/flow/verification/error.go
@@ -69,11 +69,11 @@ func (s *ErrorHandler) WriteFlowError(
 		Info("Encountered self-service verification error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), "", ""))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), "", "", err))
 		s.forward(w, r, nil, err)
 		return
 	}
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), string(f.Type), f.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), string(f.Type), f.Active.String(), err))
 
 	if e := new(flow.ExpiredError); errors.As(err, &e) {
 		strategy, err := s.d.VerificationStrategies(r.Context()).Strategy(f.Active.String())

diff --git a/x/events/events.go b/x/events/events.go
@@ -5,9 +5,14 @@ package events
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"net/url"
 	"time"
 
+	"github.com/ory/herodot"
+	"github.com/ory/kratos/schema"
+
 	"github.com/gofrs/uuid"
 	otelattr "go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/trace"
@@ -56,6 +61,7 @@ const (
 	attributeKeyWebhookResponseStatusCode       semconv.AttributeKey = "WebhookResponseStatusCode"
 	attributeKeyWebhookAttemptNumber            semconv.AttributeKey = "WebhookAttemptNumber"
 	attributeKeyWebhookRequestID                semconv.AttributeKey = "WebhookRequestID"
+	attributeKeyReason                          semconv.AttributeKey = "Reason"
 )
 
 func attrSessionID(val uuid.UUID) otelattr.KeyValue {
@@ -118,6 +124,10 @@ func attrWebhookRequestID(id uuid.UUID) otelattr.KeyValue {
 	return otelattr.String(attributeKeyWebhookRequestID.String(), id.String())
 }
 
+func attrReason(err error) otelattr.KeyValue {
+	return otelattr.String(attributeKeyReason.String(), reasonForError(err))
+}
+
 func NewSessionIssued(ctx context.Context, aal string, sessionID, identityID uuid.UUID) (string, trace.EventOption) {
 	return SessionIssued.String(),
 		trace.WithAttributes(
@@ -176,7 +186,7 @@ func NewLoginSucceeded(ctx context.Context, o *LoginSucceededOpts) (string, trac
 		)
 }
 
-func NewRegistrationSucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method, provider string) (string, trace.EventOption) {
+func NewRegistrationSucceeded(ctx context.Context, identityID uuid.UUID, flowType, method, provider string) (string, trace.EventOption) {
 	return RegistrationSucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
@@ -187,7 +197,7 @@ func NewRegistrationSucceeded(ctx context.Context, identityID uuid.UUID, flowTyp
 		)...)
 }
 
-func NewRecoverySucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method string) (string, trace.EventOption) {
+func NewRecoverySucceeded(ctx context.Context, identityID uuid.UUID, flowType, method string) (string, trace.EventOption) {
 	return RecoverySucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
@@ -197,7 +207,7 @@ func NewRecoverySucceeded(ctx context.Context, identityID uuid.UUID, flowType st
 		)...)
 }
 
-func NewSettingsSucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method string) (string, trace.EventOption) {
+func NewSettingsSucceeded(ctx context.Context, identityID uuid.UUID, flowType, method string) (string, trace.EventOption) {
 	return SettingsSucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
@@ -207,7 +217,7 @@ func NewSettingsSucceeded(ctx context.Context, identityID uuid.UUID, flowType st
 		)...)
 }
 
-func NewVerificationSucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method string) (string, trace.EventOption) {
+func NewVerificationSucceeded(ctx context.Context, identityID uuid.UUID, flowType, method string) (string, trace.EventOption) {
 	return VerificationSucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
@@ -217,39 +227,43 @@ func NewVerificationSucceeded(ctx context.Context, identityID uuid.UUID, flowTyp
 		)...)
 }
 
-func NewRegistrationFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewRegistrationFailed(ctx context.Context, flowType, method string, err error) (string, trace.EventOption) {
 	return RegistrationFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
 		)...)
 }
 
-func NewRecoveryFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewRecoveryFailed(ctx context.Context, flowType, method string, err error) (string, trace.EventOption) {
 	return RecoveryFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
 		)...)
 }
 
-func NewSettingsFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewSettingsFailed(ctx context.Context, flowType, method string, err error) (string, trace.EventOption) {
 	return SettingsFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
 		)...)
 }
 
-func NewVerificationFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewVerificationFailed(ctx context.Context, flowType, method string, err error) (string, trace.EventOption) {
 	return VerificationFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
 		)...)
 }
 
@@ -283,13 +297,14 @@ func NewIdentityUpdated(ctx context.Context, identityID uuid.UUID) (string, trac
 		)
 }
 
-func NewLoginFailed(ctx context.Context, flowType string, requestedAAL string, isRefresh bool) (string, trace.EventOption) {
+func NewLoginFailed(ctx context.Context, flowType, requestedAAL string, isRefresh bool, err error) (string, trace.EventOption) {
 	return LoginFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attLoginRequestedAAL(requestedAAL),
 			attLoginRequestedPrivilegedSession(isRefresh),
+			attrReason(err),
 		)...)
 }
 
@@ -356,3 +371,13 @@ func NewWebhookFailed(ctx context.Context, err error) (string, trace.EventOption
 			)...,
 		)
 }
+
+func reasonForError(err error) string {
+	if ve := new(schema.ValidationError); errors.As(err, &ve) {
+		return ve.Message
+	}
+	if r := *new(herodot.ReasonCarrier); errors.As(err, &r) {
+		return r.Reason()
+	}
+	return fmt.Sprintf("reason could not be determined for error: %T", err)
+}