auth_oidc: add early debug log of id_token content (#89940)

2024-04-23 16:24:58 +02:00 · 2024-04-23 16:24:58 +02:00 · 95b3d1fca5
parent dbf77a8ee6
commit 95b3d1fca5
1 changed files with 6 additions and 4 deletions
--- a/src/authentic2_auth_oidc/backends.py
+++ b/src/authentic2_auth_oidc/backends.py
@ -70,7 +70,10 @@ class OIDCBackend(ModelBackend):
            return
        original_id_token = id_token
        try:
+            id_token_content = None
            id_token = utils.IDToken(id_token)
+            id_token_content = id_token.as_dict(provider)
+            logger.debug('auth_oidc: id_token content %s', id_token_content)
            id_token.deserialize(provider)
        except utils.IDTokenError as e:
            messages.warning(
@ -81,12 +84,11 @@ class OIDCBackend(ModelBackend):
                    request,
                    _('Unable to validate the idtoken: {error}').format(id_token=original_id_token, error=e),
                )
-            logger.warning('auth_oidc: invalid id_token %s: %s', original_id_token, e)
+            if not logger.isEnabledFor(logging.DEBUG):
+                logger.info('auth_oidc: id_token content, %s', id_token_content or original_id_token)
+            logger.warning('auth_oidc: invalid id_token, %s', e)
            return None

-        id_token_content = id_token.as_dict(provider)
-        logger.debug('auth_oidc: id_token content %s', id_token_content)
-
        try:
            provider = utils.get_provider_by_issuer(id_token.iss)
        except models.OIDCProvider.DoesNotExist: