api: log failure state of OIDC token refresh better
This commit is contained in:
parent
24e2de8c71
commit
f4a27dffd4
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
1 changed files with 7 additions and 2 deletions
|
|
@ -36,13 +36,14 @@ async def get_current_user(
|
|||
)
|
||||
|
||||
# if we have a refresh token, try to get new tokens
|
||||
if all(i in req.cookies for i in ("refresh_token", "auth_nonce")):
|
||||
elif all(i in req.cookies for i in ("refresh_token", "auth_nonce")):
|
||||
logger.debug(
|
||||
"user has been previously authenticated, trying to recover with refresh_token"
|
||||
)
|
||||
auth_start_time = datetime.now(UTC)
|
||||
token_resp = oidc_client.exchange_refresh_token(req.cookies["refresh_token"])
|
||||
if isinstance(token_resp, TokenSuccessResponse):
|
||||
logger.debug("successfully got new tokens from refresh token")
|
||||
persist_auth_state(oidc_client, resp, token_resp, auth_start_time)
|
||||
|
||||
# return the newly gotten info
|
||||
|
|
@ -50,9 +51,13 @@ async def get_current_user(
|
|||
return models.CurrentUser(
|
||||
id_token=id_token, raw_id_token=token_resp.id_token
|
||||
)
|
||||
else:
|
||||
logger.debug("failed to exchange refresh token for new access token: %s", token_resp)
|
||||
|
||||
# otherwise we can't meaningfully recover any user information or the user is simply not authenticated
|
||||
logger.debug("no currently authenticated user")
|
||||
else:
|
||||
logger.debug("no currently authenticated user")
|
||||
|
||||
raise exceptions.HttpProblemException.unauthorized(req.url)
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue