Log the error inforamtion when redeem auth code
This commit is contained in:
parent
ddeef1f9ac
commit
28932a7795
|
|
@ -37,7 +37,8 @@ namespace Microsoft.Extensions.Logging
|
||||||
private static Action<ILogger, string, Exception> _invalidLogoutQueryStringRedirectUrl;
|
private static Action<ILogger, string, Exception> _invalidLogoutQueryStringRedirectUrl;
|
||||||
private static Action<ILogger, Exception> _nullOrEmptyAuthorizationResponseState;
|
private static Action<ILogger, Exception> _nullOrEmptyAuthorizationResponseState;
|
||||||
private static Action<ILogger, Exception> _unableToReadAuthorizationResponseState;
|
private static Action<ILogger, Exception> _unableToReadAuthorizationResponseState;
|
||||||
private static Action<ILogger, string, string, string, Exception> _authorizationResponseError;
|
private static Action<ILogger, string, string, string, Exception> _responseError;
|
||||||
|
private static Action<ILogger, string, string, string, int, Exception> _responseErrorWithStatusCode;
|
||||||
private static Action<ILogger, Exception> _exceptionProcessingMessage;
|
private static Action<ILogger, Exception> _exceptionProcessingMessage;
|
||||||
private static Action<ILogger, Exception> _accessTokenNotAvailable;
|
private static Action<ILogger, Exception> _accessTokenNotAvailable;
|
||||||
private static Action<ILogger, Exception> _retrievingClaims;
|
private static Action<ILogger, Exception> _retrievingClaims;
|
||||||
|
|
@ -106,10 +107,14 @@ namespace Microsoft.Extensions.Logging
|
||||||
eventId: 11,
|
eventId: 11,
|
||||||
logLevel: LogLevel.Debug,
|
logLevel: LogLevel.Debug,
|
||||||
formatString: "Unable to read the message.State.");
|
formatString: "Unable to read the message.State.");
|
||||||
_authorizationResponseError = LoggerMessage.Define<string, string, string>(
|
_responseError = LoggerMessage.Define<string, string, string>(
|
||||||
eventId: 12,
|
eventId: 12,
|
||||||
logLevel: LogLevel.Error,
|
logLevel: LogLevel.Error,
|
||||||
formatString: "Message contains error: '{Error}', error_description: '{ErrorDescription}', error_uri: '{ErrorUri}'.");
|
formatString: "Message contains error: '{Error}', error_description: '{ErrorDescription}', error_uri: '{ErrorUri}'.");
|
||||||
|
_responseErrorWithStatusCode = LoggerMessage.Define<string, string, string, int>(
|
||||||
|
eventId: 49,
|
||||||
|
logLevel: LogLevel.Error,
|
||||||
|
formatString: "Message contains error: '{Error}', error_description: '{ErrorDescription}', error_uri: '{ErrorUri}', status code '{StatusCode}'.");
|
||||||
_updatingConfiguration = LoggerMessage.Define(
|
_updatingConfiguration = LoggerMessage.Define(
|
||||||
eventId: 13,
|
eventId: 13,
|
||||||
logLevel: LogLevel.Debug,
|
logLevel: LogLevel.Debug,
|
||||||
|
|
@ -380,9 +385,14 @@ namespace Microsoft.Extensions.Logging
|
||||||
_unableToReadAuthorizationResponseState(logger, null);
|
_unableToReadAuthorizationResponseState(logger, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void AuthorizationResponseError(this ILogger logger, string error, string errorDescription, string errorUri)
|
public static void ResponseError(this ILogger logger, string error, string errorDescription, string errorUri)
|
||||||
{
|
{
|
||||||
_authorizationResponseError(logger, error, errorDescription, errorUri, null);
|
_responseError(logger, error, errorDescription, errorUri, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void ResponseErrorWithStatusCode(this ILogger logger, string error, string errorDescription, string errorUri, int statusCode)
|
||||||
|
{
|
||||||
|
_responseErrorWithStatusCode(logger, error, errorDescription, errorUri, statusCode, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void ExceptionProcessingMessage(this ILogger logger, Exception ex)
|
public static void ExceptionProcessingMessage(this ILogger logger, Exception ex)
|
||||||
|
|
|
||||||
|
|
@ -507,14 +507,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
// if any of the error fields are set, throw error null
|
// if any of the error fields are set, throw error null
|
||||||
if (!string.IsNullOrEmpty(authorizationResponse.Error))
|
if (!string.IsNullOrEmpty(authorizationResponse.Error))
|
||||||
{
|
{
|
||||||
Logger.AuthorizationResponseError(
|
return AuthenticateResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null));
|
||||||
authorizationResponse.Error,
|
|
||||||
authorizationResponse.ErrorDescription ?? "ErrorDecription null",
|
|
||||||
authorizationResponse.ErrorUri ?? "ErrorUri null");
|
|
||||||
|
|
||||||
return AuthenticateResult.Fail(new OpenIdConnectProtocolException(
|
|
||||||
string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, authorizationResponse.Error,
|
|
||||||
authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null")));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (_configuration == null && Options.ConfigurationManager != null)
|
if (_configuration == null && Options.ConfigurationManager != null)
|
||||||
|
|
@ -590,6 +583,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
{
|
{
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
authorizationResponse = tokenResponseReceivedContext.ProtocolMessage;
|
authorizationResponse = tokenResponseReceivedContext.ProtocolMessage;
|
||||||
tokenEndpointResponse = tokenResponseReceivedContext.TokenEndpointResponse;
|
tokenEndpointResponse = tokenResponseReceivedContext.TokenEndpointResponse;
|
||||||
|
|
||||||
|
|
@ -684,20 +678,50 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Redeems the authorization code for tokens at the token endpoint
|
/// Redeems the authorization code for tokens at the token endpoint.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="tokenEndpointRequest">The request that will be sent to the token endpoint and is available for customization.</param>
|
/// <param name="tokenEndpointRequest">The request that will be sent to the token endpoint and is available for customization.</param>
|
||||||
/// <returns>OpenIdConnect message that has tokens inside it.</returns>
|
/// <returns>OpenIdConnect message that has tokens inside it.</returns>
|
||||||
protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
|
protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
|
||||||
{
|
{
|
||||||
Logger.RedeemingCodeForTokens();
|
Logger.RedeemingCodeForTokens();
|
||||||
|
|
||||||
var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.TokenEndpoint);
|
var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.TokenEndpoint);
|
||||||
requestMessage.Content = new FormUrlEncodedContent(tokenEndpointRequest.Parameters);
|
requestMessage.Content = new FormUrlEncodedContent(tokenEndpointRequest.Parameters);
|
||||||
|
|
||||||
var responseMessage = await Backchannel.SendAsync(requestMessage);
|
var responseMessage = await Backchannel.SendAsync(requestMessage);
|
||||||
responseMessage.EnsureSuccessStatusCode();
|
|
||||||
var tokenResonse = await responseMessage.Content.ReadAsStringAsync();
|
var contentMediaType = responseMessage.Content.Headers.ContentType?.MediaType;
|
||||||
var jsonTokenResponse = JObject.Parse(tokenResonse);
|
if (string.IsNullOrEmpty(contentMediaType))
|
||||||
return new OpenIdConnectMessage(jsonTokenResponse);
|
{
|
||||||
|
Logger.LogDebug($"Unexpected token response format. Status Code: {(int)responseMessage.StatusCode}. Content-Type header is missing.");
|
||||||
|
}
|
||||||
|
else if (!string.Equals(contentMediaType, "application/json", StringComparison.OrdinalIgnoreCase))
|
||||||
|
{
|
||||||
|
Logger.LogDebug($"Unexpected token response format. Status Code: {(int)responseMessage.StatusCode}. Content-Type {responseMessage.Content.Headers.ContentType}.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Error handling:
|
||||||
|
// 1. If the response body can't be parsed as json, throws.
|
||||||
|
// 2. If the response's status code is not in 2XX range, throw OpenIdConnectProtocolException. If the body is correct parsed,
|
||||||
|
// pass the error information from body to the exception.
|
||||||
|
OpenIdConnectMessage message;
|
||||||
|
try
|
||||||
|
{
|
||||||
|
var responseContent = await responseMessage.Content.ReadAsStringAsync();
|
||||||
|
message = new OpenIdConnectMessage(responseContent);
|
||||||
|
}
|
||||||
|
catch (Exception ex)
|
||||||
|
{
|
||||||
|
throw new OpenIdConnectProtocolException($"Failed to parse token response body as JSON. Status Code: {(int)responseMessage.StatusCode}. Content-Type: {responseMessage.Content.Headers.ContentType}", ex);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!responseMessage.IsSuccessStatusCode)
|
||||||
|
{
|
||||||
|
throw CreateOpenIdConnectProtocolException(message, responseMessage);
|
||||||
|
}
|
||||||
|
|
||||||
|
return message;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|
@ -1016,7 +1040,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
return authorizationCodeReceivedContext;
|
return authorizationCodeReceivedContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties)
|
private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(
|
||||||
|
OpenIdConnectMessage message,
|
||||||
|
OpenIdConnectMessage tokenEndpointResponse,
|
||||||
|
AuthenticationProperties properties)
|
||||||
{
|
{
|
||||||
Logger.TokenResponseReceived();
|
Logger.TokenResponseReceived();
|
||||||
var eventContext = new TokenResponseReceivedContext(Context, Options, properties)
|
var eventContext = new TokenResponseReceivedContext(Context, Options, properties)
|
||||||
|
|
@ -1157,5 +1184,27 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
|
|
||||||
return BuildRedirectUri(uri);
|
return BuildRedirectUri(uri);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private OpenIdConnectProtocolException CreateOpenIdConnectProtocolException(OpenIdConnectMessage message, HttpResponseMessage response)
|
||||||
|
{
|
||||||
|
var description = message.ErrorDescription ?? "error_description is null";
|
||||||
|
var errorUri = message.ErrorUri ?? "error_uri is null";
|
||||||
|
|
||||||
|
if (response != null)
|
||||||
|
{
|
||||||
|
Logger.ResponseErrorWithStatusCode(message.Error, description, errorUri, (int)response.StatusCode);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Logger.ResponseError(message.Error, description, errorUri);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new OpenIdConnectProtocolException(string.Format(
|
||||||
|
CultureInfo.InvariantCulture,
|
||||||
|
Resources.MessageContainsError,
|
||||||
|
message.Error,
|
||||||
|
description,
|
||||||
|
errorUri));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue