From 77eceaa7b56015e5985901997b358c911b6bc272 Mon Sep 17 00:00:00 2001 From: Anthony Shaya Date: Fri, 11 Oct 2024 13:33:06 -0400 Subject: [PATCH] Add additional logging to troubleshoot failed backchannel logout issues + don't show clientSecret/secret in debug logs --- lib/context.js | 4 +++- middleware/auth.js | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/context.js b/lib/context.js index a872b6cb..2b0198f5 100644 --- a/lib/context.js +++ b/lib/context.js @@ -424,6 +424,7 @@ class ResponseContext { res.setHeader('cache-control', 'no-store'); const logoutToken = req.body.logout_token; if (!logoutToken) { + debug('req.oidc.backchannelLogout() failed due to missing logout token', req.body); res.status(400).json({ error: 'invalid_request', error_description: 'Missing logout_token', @@ -444,6 +445,7 @@ class ResponseContext { algorithms: [config.idTokenSigningAlg], }); } catch (e) { + debug('req.oidc.backchannelLogout() failed verifying jwt with: %s', e.message); res.status(400).json({ error: 'invalid_request', error_description: e.message, @@ -453,7 +455,7 @@ class ResponseContext { try { await onToken(token, config); } catch (e) { - debug('req.oidc.backchannelLogout() failed with: %s', e.message); + debug('req.oidc.backchannelLogout() failed logging out the token with: %s', e.message); res.status(400).json({ error: 'application_error', error_description: `The application failed to invalidate the session.`, diff --git a/middleware/auth.js b/middleware/auth.js index 651342b2..7e2e20b7 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -22,7 +22,7 @@ const enforceLeadingSlash = (path) => { */ const auth = function (params) { const config = getConfig(params); - debug('configuration object processed, resulting configuration: %O', config); + debug('configuration object processed, resulting configuration: %O', {...config, clientSecret: "REDACTED", secret: "REDACTED"}); const router = new express.Router(); const transient = new TransientCookieHandler(config);