refactor: log

authelia · Dec 8, 2024 · 068b5f2 · 068b5f2
1 parent daa3d59
commit 068b5f2
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 17 deletions.
diff --git a/handler/oauth2/strategy_jwt_profile.go b/handler/oauth2/strategy_jwt_profile.go
@@ -47,11 +47,15 @@ func (s *JWTProfileCoreStrategy) GenerateAccessToken(ctx context.Context, reques
 	enforce := s.Config.GetEnforceJWTProfileAccessTokens(ctx)
 
 	if client, ok = requester.GetClient().(oauth2.JWTProfileClient); ok && (enforce || client.GetEnableJWTProfileOAuthAccessTokens()) {
+		fmt.Println("generate jwt with client")
 		return s.GenerateJWT(ctx, oauth2.AccessToken, requester, client)
 	} else if enforce {
+		fmt.Println("generate jwt without client")
 		return s.GenerateJWT(ctx, oauth2.AccessToken, requester, nil)
 	}
 
+	fmt.Println("generate opaque")
+
 	return s.HMACCoreStrategy.GenerateAccessToken(ctx, requester)
 }
 
@@ -147,10 +151,12 @@ func (s *JWTProfileCoreStrategy) GenerateJWT(ctx context.Context, tokenType oaut
 
 	if client != nil {
 		if kid := client.GetAccessTokenSignedResponseKeyID(); len(kid) != 0 {
+			fmt.Printf("set default kid '%s'\n", kid)
 			header.SetDefaultString(consts.JSONWebTokenHeaderKeyIdentifier, kid)
 		}
 
 		if alg := client.GetAccessTokenSignedResponseAlg(); len(alg) != 0 {
+			fmt.Printf("set default alg '%s'\n", alg)
 			header.SetDefaultString(consts.JSONWebTokenHeaderAlgorithm, alg)
 		}
 	}
@@ -173,6 +179,8 @@ func (s *JWTProfileCoreStrategy) GenerateJWT(ctx context.Context, tokenType oaut
 
 	mapClaims := claims.ToMapClaims()
 
+	fmt.Printf("requesting encode with headers %+v\n", header)
+
 	return s.Strategy.Encode(ctx, mapClaims, jwt.WithHeaders(header), jwt.WithJWTProfileAccessTokenClient(client))
 }
 

diff --git a/token/jwt/header.go b/token/jwt/header.go
@@ -3,6 +3,8 @@
 
 package jwt
 
+import "fmt"
+
 // Headers is the jwt headers
 type Headers struct {
 	Extra map[string]any `json:"extra"`
@@ -42,6 +44,8 @@ func (h *Headers) Get(key string) any {
 }
 
 func (h *Headers) SetDefaultString(key, value string) {
+	fmt.Printf("trying to set key '%s' to '%s'\n", key, value)
+
 	if h.Extra == nil {
 		h.Extra = make(map[string]any)
 	}
@@ -54,14 +58,19 @@ func (h *Headers) SetDefaultString(key, value string) {
 
 	if v, ok = h.Extra[key]; !ok {
 		h.Extra[key] = value
+		fmt.Printf("set key '%s' to '%s'\n", key, value)
 
 		return
 	}
 
 	if s, ok = v.(string); ok && len(s) != 0 {
+		fmt.Printf("did not set key '%s' to '%s'\n", key, value)
+
 		return
 	}
 
+	fmt.Printf("set key '%s' to '%s'\n", key, value)
+
 	h.Extra[key] = value
 }
 

diff --git a/token/jwt/jwt_strategy.go b/token/jwt/jwt_strategy.go
@@ -57,6 +57,8 @@ func (j *DefaultStrategy) Encode(ctx context.Context, claims Claims, opts ...Str
 		}
 	}
 
+	fmt.Printf("headers after opts %+v\n", o.headers)
+
 	var (
 		keySig *jose.JSONWebKey
 	)
@@ -65,17 +67,24 @@ func (j *DefaultStrategy) Encode(ctx context.Context, claims Claims, opts ...Str
 		if keySig, err = j.Issuer.GetIssuerJWK(ctx, "", string(jose.RS256), JSONWebTokenUseSignature); err != nil {
 			return "", "", errorsx.WithStack(fmt.Errorf("error occurred retrieving issuer jwk: %w", err))
 		}
+
+		fmt.Printf("got jwk nil client\n")
+
 	} else if keySig, err = j.Issuer.GetIssuerJWK(ctx, o.client.GetSigningKeyID(), o.client.GetSigningAlg(), JSONWebTokenUseSignature); err != nil {
 		return "", "", errorsx.WithStack(fmt.Errorf("error occurred retrieving issuer jwk: %w", err))
 	}
 
+	fmt.Printf("got jwk '%s' '%s' '%s'\n", keySig.KeyID, keySig.Algorithm, keySig.Use)
+
 	if o.client == nil {
+		fmt.Printf("sign jwk (client nil) '%s' '%s' '%s'\n", keySig.KeyID, keySig.Algorithm, keySig.Use)
 		return EncodeCompactSigned(ctx, claims, o.headers, keySig)
 	}
 
 	kid, alg, enc := o.client.GetEncryptionKeyID(), o.client.GetEncryptionAlg(), o.client.GetEncryptionEnc()
 
-	if len(kid) == 0 && len(alg) == 0 {
+	if len(kid)+len(alg) == 0 {
+		fmt.Printf("sign jwk '%s' '%s' '%s', headers %+v\n", keySig.KeyID, keySig.Algorithm, keySig.Use, o.headers)
 		return EncodeCompactSigned(ctx, claims, o.headers, keySig)
 	}
 

diff --git a/token/jwt/jwt_strategy_opts.go b/token/jwt/jwt_strategy_opts.go
@@ -2,7 +2,6 @@ package jwt
 
 import (
 	"context"
-
 	"github.com/go-jose/go-jose/v4"
 	"github.com/go-jose/go-jose/v4/jwt"
 )
@@ -62,8 +61,7 @@ func WithClient(client Client) StrategyOpt {
 
 func WithIDTokenClient(client any) StrategyOpt {
 	return func(opts *StrategyOpts) (err error) {
-		switch c := client.(type) {
-		case IDTokenClient:
+		if c, ok := client.(IDTokenClient); ok {
 			opts.client = &decoratedIDTokenClient{IDTokenClient: c}
 		}
 
@@ -73,8 +71,7 @@ func WithIDTokenClient(client any) StrategyOpt {
 
 func WithUserInfoClient(client any) StrategyOpt {
 	return func(opts *StrategyOpts) (err error) {
-		switch c := client.(type) {
-		case UserInfoClient:
+		if c, ok := client.(UserInfoClient); ok {
 			opts.client = &decoratedUserInfoClient{UserInfoClient: c}
 		}
 
@@ -84,8 +81,7 @@ func WithUserInfoClient(client any) StrategyOpt {
 
 func WithIntrospectionClient(client any) StrategyOpt {
 	return func(opts *StrategyOpts) (err error) {
-		switch c := client.(type) {
-		case IntrospectionClient:
+		if c, ok := client.(IntrospectionClient); ok {
 			opts.client = &decoratedIntrospectionClient{IntrospectionClient: c}
 		}
 
@@ -95,8 +91,7 @@ func WithIntrospectionClient(client any) StrategyOpt {
 
 func WithJARMClient(client any) StrategyOpt {
 	return func(opts *StrategyOpts) (err error) {
-		switch c := client.(type) {
-		case JARMClient:
+		if c, ok := client.(JARMClient); ok {
 			opts.client = &decoratedJARMClient{JARMClient: c}
 		}
 
@@ -106,8 +101,7 @@ func WithJARMClient(client any) StrategyOpt {
 
 func WithJARClient(client any) StrategyOpt {
 	return func(opts *StrategyOpts) (err error) {
-		switch c := client.(type) {
-		case JARClient:
+		if c, ok := client.(JARClient); ok {
 			opts.client = &decoratedJARClient{JARClient: c}
 		}
 
@@ -117,8 +111,7 @@ func WithJARClient(client any) StrategyOpt {
 
 func WithJWTProfileAccessTokenClient(client any) StrategyOpt {
 	return func(opts *StrategyOpts) (err error) {
-		switch c := client.(type) {
-		case JWTProfileAccessTokenClient:
+		if c, ok := client.(JWTProfileAccessTokenClient); ok {
 			opts.client = &decoratedJWTProfileAccessTokenClient{JWTProfileAccessTokenClient: c}
 		}
 
@@ -128,10 +121,9 @@ func WithJWTProfileAccessTokenClient(client any) StrategyOpt {
 
 func WithStatelessJWTProfileIntrospectionClient(client any) StrategyOpt {
 	return func(opts *StrategyOpts) (err error) {
-		switch c := client.(type) {
-		case IntrospectionClient:
+		if c, ok := client.(IntrospectionClient); ok {
 			opts.client = &decoratedIntrospectionClient{IntrospectionClient: c}
-		case JWTProfileAccessTokenClient:
+		} else if c, ok := client.(JWTProfileAccessTokenClient); ok {
 			opts.client = &decoratedJWTProfileAccessTokenClient{JWTProfileAccessTokenClient: c}
 		}
 

diff --git a/token/jwt/util.go b/token/jwt/util.go
@@ -369,6 +369,10 @@ func EncodeCompactSigned(ctx context.Context, claims Claims, headers Mapper, key
 		headers = &Headers{}
 	}
 
+	fmt.Printf("encoding claims %+v\n", claims.ToMapClaims())
+	fmt.Printf("encoding header %+v\n", headers.ToMap())
+	fmt.Printf("encoding with key %+v\n", key)
+
 	token.SetJWS(headers, claims, key.KeyID, jose.SignatureAlgorithm(key.Algorithm))
 
 	return token.CompactSigned(key)