Log error for oAuth redirect error responses

boxyhq · Dec 19, 2024 · d4a99b6 · d4a99b6
1 parent 3de9fd3
commit d4a99b6
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 10 deletions.
diff --git a/npm/src/controller/oauth.ts b/npm/src/controller/oauth.ts
@@ -77,7 +77,9 @@ export class OAuthController implements IOAuthController {
     });
   }
 
-  public async authorize(body: OAuthReq): Promise<{ redirect_url?: string; authorize_form?: string }> {
+  public async authorize(
+    body: OAuthReq
+  ): Promise<{ redirect_url?: string; authorize_form?: string; error?: string }> {
     const {
       tenant,
       product,
@@ -320,6 +322,7 @@ export class OAuthController implements IOAuthController {
           redirect_uri,
           state,
         }),
+        error: `${error} - ${error_description}`,
       };
     }
 
@@ -611,7 +614,7 @@ export class OAuthController implements IOAuthController {
 
   public async samlResponse(
     body: SAMLResponsePayload
-  ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string }> {
+  ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string; error?: string }> {
     let connection: SAMLSSORecord | undefined;
     let rawResponse: string | undefined;
     let sessionId: string | undefined;
@@ -828,13 +831,14 @@ export class OAuthController implements IOAuthController {
           redirect_uri,
           state: session?.requested?.state,
         }),
+        error: `access_denied - ${error_description}`,
       };
     }
   }
 
   public async oidcAuthzResponse(
     body: OIDCAuthzResponsePayload
-  ): Promise<{ redirect_url?: string; response_form?: string }> {
+  ): Promise<{ redirect_url?: string; response_form?: string; error?: string }> {
     let oidcConnection: OIDCSSORecord | undefined;
     let session: any;
     let isSAMLFederated: boolean | undefined;
@@ -1008,6 +1012,7 @@ export class OAuthController implements IOAuthController {
           redirect_uri: redirect_uri!,
           state: session.state,
         }),
+        error: `${error} - ${error_message}`,
       };
     }
   }

diff --git a/npm/src/typings.ts b/npm/src/typings.ts
@@ -196,13 +196,13 @@ export interface IConnectionAPIController {
 }
 
 export interface IOAuthController {
-  authorize(body: OAuthReq): Promise<{ redirect_url?: string; authorize_form?: string }>;
+  authorize(body: OAuthReq): Promise<{ redirect_url?: string; authorize_form?: string; error?: string }>;
   samlResponse(
     body: SAMLResponsePayload
-  ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string }>;
+  ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string; error?: string }>;
   oidcAuthzResponse(
     body: OIDCAuthzResponsePayload
-  ): Promise<{ redirect_url?: string; response_form?: string }>;
+  ): Promise<{ redirect_url?: string; response_form?: string; error?: string }>;
   token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
   userInfo(token: string): Promise<Profile>;
 }

diff --git a/pages/api/oauth/authorize.ts b/pages/api/oauth/authorize.ts
@@ -12,17 +12,20 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
 
     const { oauthController } = await jackson();
     const requestParams = req.method === 'GET' ? req.query : req.body;
-    const { redirect_url, authorize_form } = await oauthController.authorize(
+    const { redirect_url, authorize_form, error } = await oauthController.authorize(
       requestParams as unknown as OAuthReq
     );
     if (redirect_url) {
+      if (error) {
+        console.error(`authorize error: ${error}`);
+      }
       res.redirect(302, redirect_url);
     } else {
       res.setHeader('Content-Type', 'text/html; charset=utf-8');
       res.send(authorize_form);
     }
   } catch (err: any) {
-    console.error('authorize error:', err);
+    console.error('authorize error: ', err);
     const { message, statusCode = 500 } = err;
     // set error in cookie redirect to error page
     setErrorCookie(res, { message, statusCode }, { path: '/error' });

diff --git a/pages/api/oauth/oidc.ts b/pages/api/oauth/oidc.ts
@@ -12,11 +12,14 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
 
     const { oauthController } = await jackson();
 
-    const { redirect_url, response_form } = await oauthController.oidcAuthzResponse(
+    const { redirect_url, response_form, error } = await oauthController.oidcAuthzResponse(
       req.query as OIDCAuthzResponsePayload
     );
 
     if (redirect_url) {
+      if (error) {
+        console.error(`Error processing OIDC IdP response: ${error}`);
+      }
       res.redirect(302, redirect_url);
     }
 

diff --git a/pages/api/oauth/saml.ts b/pages/api/oauth/saml.ts
@@ -20,13 +20,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     };
 
     // Handle SAML Response generated by IdP
-    const { redirect_url, app_select_form, response_form } = await oauthController.samlResponse({
+    const { redirect_url, app_select_form, response_form, error } = await oauthController.samlResponse({
       SAMLResponse,
       RelayState,
       idp_hint,
     });
 
     if (redirect_url) {
+      if (error) {
+        console.error(`Error processing SAML IdP response: ${error}`);
+      }
       res.redirect(302, redirect_url);
       return;
     }