You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently when an auth request results in an error and the error is returned to the client or browser, log lines like the following are omitted:
time=2024-05-08T14:24:08.722Z level=WARN msg="request error" oidc_error.description="The requested redirect_uri is missing in the client configuration. If you have any questions, you may contact the administrator of the application." oidc_error.type=invalid_request oidc_error.redirect_disabled=true status_code=400
This misses context like the client ID, making errors harder to debug.
As an operator I would like to understand which OIDC client / application is creating Auth Request errors.
Acceptance criteria
Auth request error logs contain client ID
Auth request error logs contain instance ID and/or issuer domain
Do we need organization ID?
Additional info
op.AuthRequestError is the general function that writes an HTTP response to the browser (either as printed message or redirect to the client). That function also omits the error logs. Passed AuthRequest may implement the optional op.LogAuthRequest interface which can return logging values. oidc.AuthRequest.LogValue() is an example of an implementation:
Currently when an auth request results in an error and the error is returned to the client or browser, log lines like the following are omitted:
This misses context like the client ID, making errors harder to debug.
As an operator I would like to understand which OIDC client / application is creating Auth Request errors.
Acceptance criteria
Additional info
op.AuthRequestError
is the general function that writes an HTTP response to the browser (either as printed message or redirect to the client). That function also omits the error logs. PassedAuthRequest
may implement the optionalop.LogAuthRequest
interface which can return logging values.oidc.AuthRequest.LogValue()
is an example of an implementation:Note that zitadel uses its own implementations of
AuthRequest
which will need to receive this method.The text was updated successfully, but these errors were encountered: