providers/oauth2: add additional tracing to token view
This commit is contained in:
parent
8242b09394
commit
7561ea15de
|
@ -8,6 +8,7 @@ from django.http import HttpRequest, HttpResponse
|
||||||
from django.utils.timezone import datetime, now
|
from django.utils.timezone import datetime, now
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from jwt import InvalidTokenError, decode
|
from jwt import InvalidTokenError, decode
|
||||||
|
from sentry_sdk.hub import Hub
|
||||||
from structlog.stdlib import get_logger
|
from structlog.stdlib import get_logger
|
||||||
|
|
||||||
from authentik.core.models import (
|
from authentik.core.models import (
|
||||||
|
@ -94,6 +95,9 @@ class TokenParams:
|
||||||
)
|
)
|
||||||
|
|
||||||
def __check_policy_access(self, app: Application, request: HttpRequest, **kwargs):
|
def __check_policy_access(self, app: Application, request: HttpRequest, **kwargs):
|
||||||
|
with Hub.current.start_span(
|
||||||
|
op="authentik.providers.oauth2.token.policy",
|
||||||
|
):
|
||||||
engine = PolicyEngine(app, self.user, request)
|
engine = PolicyEngine(app, self.user, request)
|
||||||
engine.request.context["oauth_scopes"] = self.scope
|
engine.request.context["oauth_scopes"] = self.scope
|
||||||
engine.request.context["oauth_grant_type"] = self.grant_type
|
engine.request.context["oauth_grant_type"] = self.grant_type
|
||||||
|
@ -118,10 +122,19 @@ class TokenParams:
|
||||||
raise TokenError("invalid_client")
|
raise TokenError("invalid_client")
|
||||||
|
|
||||||
if self.grant_type == GRANT_TYPE_AUTHORIZATION_CODE:
|
if self.grant_type == GRANT_TYPE_AUTHORIZATION_CODE:
|
||||||
|
with Hub.current.start_span(
|
||||||
|
op="authentik.providers.oauth2.post.parse.code",
|
||||||
|
):
|
||||||
self.__post_init_code(raw_code)
|
self.__post_init_code(raw_code)
|
||||||
elif self.grant_type == GRANT_TYPE_REFRESH_TOKEN:
|
elif self.grant_type == GRANT_TYPE_REFRESH_TOKEN:
|
||||||
|
with Hub.current.start_span(
|
||||||
|
op="authentik.providers.oauth2.post.parse.refresh",
|
||||||
|
):
|
||||||
self.__post_init_refresh(raw_token, request)
|
self.__post_init_refresh(raw_token, request)
|
||||||
elif self.grant_type in [GRANT_TYPE_CLIENT_CREDENTIALS, GRANT_TYPE_PASSWORD]:
|
elif self.grant_type in [GRANT_TYPE_CLIENT_CREDENTIALS, GRANT_TYPE_PASSWORD]:
|
||||||
|
with Hub.current.start_span(
|
||||||
|
op="authentik.providers.oauth2.post.parse.client_credentials",
|
||||||
|
):
|
||||||
self.__post_init_client_credentials(request)
|
self.__post_init_client_credentials(request)
|
||||||
else:
|
else:
|
||||||
LOGGER.warning("Invalid grant type", grant_type=self.grant_type)
|
LOGGER.warning("Invalid grant type", grant_type=self.grant_type)
|
||||||
|
@ -330,6 +343,9 @@ class TokenView(View):
|
||||||
def post(self, request: HttpRequest) -> HttpResponse:
|
def post(self, request: HttpRequest) -> HttpResponse:
|
||||||
"""Generate tokens for clients"""
|
"""Generate tokens for clients"""
|
||||||
try:
|
try:
|
||||||
|
with Hub.current.start_span(
|
||||||
|
op="authentik.providers.oauth2.post.parse",
|
||||||
|
):
|
||||||
client_id, client_secret = extract_client_auth(request)
|
client_id, client_secret = extract_client_auth(request)
|
||||||
try:
|
try:
|
||||||
self.provider = OAuth2Provider.objects.get(client_id=client_id)
|
self.provider = OAuth2Provider.objects.get(client_id=client_id)
|
||||||
|
@ -341,6 +357,9 @@ class TokenView(View):
|
||||||
raise ValueError
|
raise ValueError
|
||||||
self.params = TokenParams.parse(request, self.provider, client_id, client_secret)
|
self.params = TokenParams.parse(request, self.provider, client_id, client_secret)
|
||||||
|
|
||||||
|
with Hub.current.start_span(
|
||||||
|
op="authentik.providers.oauth2.post.response",
|
||||||
|
):
|
||||||
if self.params.grant_type == GRANT_TYPE_AUTHORIZATION_CODE:
|
if self.params.grant_type == GRANT_TYPE_AUTHORIZATION_CODE:
|
||||||
LOGGER.debug("Converting authorization code to refresh token")
|
LOGGER.debug("Converting authorization code to refresh token")
|
||||||
return TokenResponse(self.create_code_response())
|
return TokenResponse(self.create_code_response())
|
||||||
|
|
Reference in a new issue