From 22c596e985fb4f05933bb247dbc6eb9398a4be38 Mon Sep 17 00:00:00 2001 From: Chuck Driesler Date: Fri, 23 May 2025 15:49:27 +0100 Subject: [PATCH] chore(sso): logs related to grant types (#4806) --- .../server/modules/workspaces/services/sso.ts | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/packages/server/modules/workspaces/services/sso.ts b/packages/server/modules/workspaces/services/sso.ts index 021db91e5..5bc2962e3 100644 --- a/packages/server/modules/workspaces/services/sso.ts +++ b/packages/server/modules/workspaces/services/sso.ts @@ -38,27 +38,30 @@ import { getEmailFromOidcProfile, isValidSsoSession } from '@/modules/workspaces/domain/sso/logic' -import type { Logger } from '@/observability/logging' +import { logger, type Logger } from '@/observability/logging' // this probably should go a lean validation endpoint too const validateOidcProviderAttributes = ({ // client, issuer }: OidcProviderAttributes): void => { - if (!issuer.grantTypesSupported.includes('authorization_code')) + // Validate issuer + if (!issuer.grantTypesSupported.includes('authorization_code')) { + logger.info( + { + supportedGrantTypes: issuer.grantTypesSupported + }, + 'OIDC provider does not support required grant types.' + ) throw new OidcProviderMissingGrantTypeError() - /* -validate issuer: -authorization_signing_alg_values_supported -claims_supported: ['email', 'name', 'given_name', 'family_name'] -scopes_supported: ['openid', 'profile', 'email'] -grant_types_supported: ['authorization_code'] -response_types_supported: //TODO figure out which + } + // authorization_signing_alg_values_supported + // claims_supported: ['email', 'name', 'given_name', 'family_name'] + // scopes_supported: ['openid', 'profile', 'email'] + // response_types_supported: //TODO figure out which -validate client: -grant_types: ['authorization_code'], - - */ + // Validate client + // grant_types: ['authorization_code'] } /**