From d4a99b6665014ba37197c1a49934f44356835397 Mon Sep 17 00:00:00 2001 From: Aswin V Date: Thu, 19 Dec 2024 15:18:05 +0530 Subject: [PATCH] Log error for oAuth redirect error responses --- npm/src/controller/oauth.ts | 11 ++++++++--- npm/src/typings.ts | 6 +++--- pages/api/oauth/authorize.ts | 7 +++++-- pages/api/oauth/oidc.ts | 5 ++++- pages/api/oauth/saml.ts | 5 ++++- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/npm/src/controller/oauth.ts b/npm/src/controller/oauth.ts index 16b8048ba..31d57d4ac 100644 --- a/npm/src/controller/oauth.ts +++ b/npm/src/controller/oauth.ts @@ -77,7 +77,9 @@ export class OAuthController implements IOAuthController { }); } - public async authorize(body: OAuthReq): Promise<{ redirect_url?: string; authorize_form?: string }> { + public async authorize( + body: OAuthReq + ): Promise<{ redirect_url?: string; authorize_form?: string; error?: string }> { const { tenant, product, @@ -320,6 +322,7 @@ export class OAuthController implements IOAuthController { redirect_uri, state, }), + error: `${error} - ${error_description}`, }; } @@ -611,7 +614,7 @@ export class OAuthController implements IOAuthController { public async samlResponse( body: SAMLResponsePayload - ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string }> { + ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string; error?: string }> { let connection: SAMLSSORecord | undefined; let rawResponse: string | undefined; let sessionId: string | undefined; @@ -828,13 +831,14 @@ export class OAuthController implements IOAuthController { redirect_uri, state: session?.requested?.state, }), + error: `access_denied - ${error_description}`, }; } } public async oidcAuthzResponse( body: OIDCAuthzResponsePayload - ): Promise<{ redirect_url?: string; response_form?: string }> { + ): Promise<{ redirect_url?: string; response_form?: string; error?: string }> { let oidcConnection: OIDCSSORecord | undefined; let session: any; let isSAMLFederated: boolean | undefined; @@ -1008,6 +1012,7 @@ export class OAuthController implements IOAuthController { redirect_uri: redirect_uri!, state: session.state, }), + error: `${error} - ${error_message}`, }; } } diff --git a/npm/src/typings.ts b/npm/src/typings.ts index 8ae721fbf..c40e03a1a 100644 --- a/npm/src/typings.ts +++ b/npm/src/typings.ts @@ -196,13 +196,13 @@ export interface IConnectionAPIController { } export interface IOAuthController { - authorize(body: OAuthReq): Promise<{ redirect_url?: string; authorize_form?: string }>; + authorize(body: OAuthReq): Promise<{ redirect_url?: string; authorize_form?: string; error?: string }>; samlResponse( body: SAMLResponsePayload - ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string }>; + ): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string; error?: string }>; oidcAuthzResponse( body: OIDCAuthzResponsePayload - ): Promise<{ redirect_url?: string; response_form?: string }>; + ): Promise<{ redirect_url?: string; response_form?: string; error?: string }>; token(body: OAuthTokenReq): Promise; userInfo(token: string): Promise; } diff --git a/pages/api/oauth/authorize.ts b/pages/api/oauth/authorize.ts index acc639538..126961c5f 100644 --- a/pages/api/oauth/authorize.ts +++ b/pages/api/oauth/authorize.ts @@ -12,17 +12,20 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) const { oauthController } = await jackson(); const requestParams = req.method === 'GET' ? req.query : req.body; - const { redirect_url, authorize_form } = await oauthController.authorize( + const { redirect_url, authorize_form, error } = await oauthController.authorize( requestParams as unknown as OAuthReq ); if (redirect_url) { + if (error) { + console.error(`authorize error: ${error}`); + } res.redirect(302, redirect_url); } else { res.setHeader('Content-Type', 'text/html; charset=utf-8'); res.send(authorize_form); } } catch (err: any) { - console.error('authorize error:', err); + console.error('authorize error: ', err); const { message, statusCode = 500 } = err; // set error in cookie redirect to error page setErrorCookie(res, { message, statusCode }, { path: '/error' }); diff --git a/pages/api/oauth/oidc.ts b/pages/api/oauth/oidc.ts index 236de3078..dc2767c61 100644 --- a/pages/api/oauth/oidc.ts +++ b/pages/api/oauth/oidc.ts @@ -12,11 +12,14 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) const { oauthController } = await jackson(); - const { redirect_url, response_form } = await oauthController.oidcAuthzResponse( + const { redirect_url, response_form, error } = await oauthController.oidcAuthzResponse( req.query as OIDCAuthzResponsePayload ); if (redirect_url) { + if (error) { + console.error(`Error processing OIDC IdP response: ${error}`); + } res.redirect(302, redirect_url); } diff --git a/pages/api/oauth/saml.ts b/pages/api/oauth/saml.ts index 966ed12fd..bdba902aa 100644 --- a/pages/api/oauth/saml.ts +++ b/pages/api/oauth/saml.ts @@ -20,13 +20,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) }; // Handle SAML Response generated by IdP - const { redirect_url, app_select_form, response_form } = await oauthController.samlResponse({ + const { redirect_url, app_select_form, response_form, error } = await oauthController.samlResponse({ SAMLResponse, RelayState, idp_hint, }); if (redirect_url) { + if (error) { + console.error(`Error processing SAML IdP response: ${error}`); + } res.redirect(302, redirect_url); return; }