providers/oauth2: add additional tracing to token view

authentik/providers/oauth2/views/token.py

@@ -8,6 +8,7 @@ from django.http import HttpRequest, HttpResponse
 from django.utils.timezone import datetime, now
 from django.views import View
 from jwt import InvalidTokenError, decode
+from sentry_sdk.hub import Hub
 from structlog.stdlib import get_logger
 
 from authentik.core.models import (
@@ -94,6 +95,9 @@ class TokenParams:
         )
 
     def __check_policy_access(self, app: Application, request: HttpRequest, **kwargs):
+        with Hub.current.start_span(
+            op="authentik.providers.oauth2.token.policy",
+        ):
             engine = PolicyEngine(app, self.user, request)
             engine.request.context["oauth_scopes"] = self.scope
             engine.request.context["oauth_grant_type"] = self.grant_type
@@ -118,10 +122,19 @@ class TokenParams:
                 raise TokenError("invalid_client")
 
         if self.grant_type == GRANT_TYPE_AUTHORIZATION_CODE:
+            with Hub.current.start_span(
+                op="authentik.providers.oauth2.post.parse.code",
+            ):
                 self.__post_init_code(raw_code)
         elif self.grant_type == GRANT_TYPE_REFRESH_TOKEN:
+            with Hub.current.start_span(
+                op="authentik.providers.oauth2.post.parse.refresh",
+            ):
                 self.__post_init_refresh(raw_token, request)
         elif self.grant_type in [GRANT_TYPE_CLIENT_CREDENTIALS, GRANT_TYPE_PASSWORD]:
+            with Hub.current.start_span(
+                op="authentik.providers.oauth2.post.parse.client_credentials",
+            ):
                 self.__post_init_client_credentials(request)
         else:
             LOGGER.warning("Invalid grant type", grant_type=self.grant_type)
@@ -330,6 +343,9 @@ class TokenView(View):
     def post(self, request: HttpRequest) -> HttpResponse:
         """Generate tokens for clients"""
         try:
+            with Hub.current.start_span(
+                op="authentik.providers.oauth2.post.parse",
+            ):
                 client_id, client_secret = extract_client_auth(request)
                 try:
                     self.provider = OAuth2Provider.objects.get(client_id=client_id)
@@ -341,6 +357,9 @@ class TokenView(View):
                     raise ValueError
                 self.params = TokenParams.parse(request, self.provider, client_id, client_secret)
 
+            with Hub.current.start_span(
+                op="authentik.providers.oauth2.post.response",
+            ):
                 if self.params.grant_type == GRANT_TYPE_AUTHORIZATION_CODE:
                     LOGGER.debug("Converting authorization code to refresh token")
                     return TokenResponse(self.create_code_response())