RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(oidc): add client id to two factor log message (#2816) 

Adds the client id to a log message where it's likely useful. Additionally adds beta stage for prompt/display handling.
pull/2800/head^2
James Elliott 2022-01-21 14:15:50 +11:00 committed by GitHub
parent d8cf272757
commit e59f571816
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/configuration/identity-providers/oidc.md
View File

@ -90,7 +90,14 @@ for which stage will have each feature, and may evolve over time:
<td class="tbl-beta-stage">Audit Storage</td> <td class="tbl-beta-stage">Audit Storage</td>
</tr> </tr>
<tr> <tr>
<td rowspan="4" class="tbl-header tbl-beta-stage">beta4 <sup>1</sup></td> <td rowspan="2" class="tbl-header tbl-beta-stage">beta4 <sup>1</sup></td>
<td class="tbl-beta-stage">Prompt Handling</td>
</tr>
<tr>
<td class="tbl-beta-stage">Display Handling</td>
</tr>
<tr>
<td rowspan="4" class="tbl-header tbl-beta-stage">beta5 <sup>1</sup></td>
<td><a href="https://openid.net/specs/openid-connect-backchannel-1_0.html" target="_blank" rel="noopener noreferrer">Back-Channel Logout</a></td> <td><a href="https://openid.net/specs/openid-connect-backchannel-1_0.html" target="_blank" rel="noopener noreferrer">Back-Channel Logout</a></td>
</tr> </tr>
<tr> <tr>

6
internal/handlers/response.go
View File

@ -17,7 +17,7 @@ func handleOIDCWorkflowResponse(ctx *middlewares.AutheliaCtx) {
userSession := ctx.GetSession() userSession := ctx.GetSession()
if !authorization.IsAuthLevelSufficient(userSession.AuthenticationLevel, userSession.OIDCWorkflowSession.RequiredAuthorizationLevel) { if !authorization.IsAuthLevelSufficient(userSession.AuthenticationLevel, userSession.OIDCWorkflowSession.RequiredAuthorizationLevel) {
ctx.Logger.Warn("OpenID Connect requires 2FA, cannot be redirected yet") ctx.Logger.Warnf("OpenID Connect client '%s' requires 2FA, cannot be redirected yet", userSession.OIDCWorkflowSession.ClientID)
ctx.ReplyOK() ctx.ReplyOK()
return return
@ -36,13 +36,13 @@ func handleOIDCWorkflowResponse(ctx *middlewares.AutheliaCtx) {
userSession.OIDCWorkflowSession, userSession.OIDCWorkflowSession,
userSession.OIDCWorkflowSession.RequestedScopes, userSession.OIDCWorkflowSession.RequestedScopes,
userSession.OIDCWorkflowSession.RequestedAudience) { userSession.OIDCWorkflowSession.RequestedAudience) {
err := ctx.SetJSONBody(redirectResponse{Redirect: fmt.Sprintf("%s/consent", uri)}) err = ctx.SetJSONBody(redirectResponse{Redirect: fmt.Sprintf("%s/consent", uri)})
if err != nil { if err != nil {
ctx.Logger.Errorf("Unable to set default redirection URL in body: %s", err) ctx.Logger.Errorf("Unable to set default redirection URL in body: %s", err)
} }
} else { } else {
err := ctx.SetJSONBody(redirectResponse{Redirect: userSession.OIDCWorkflowSession.AuthURI}) err = ctx.SetJSONBody(redirectResponse{Redirect: userSession.OIDCWorkflowSession.AuthURI})
if err != nil { if err != nil {
ctx.Logger.Errorf("Unable to set default redirection URL in body: %s", err) ctx.Logger.Errorf("Unable to set default redirection URL in body: %s", err)
} }