fix(oidc): log oidc errors

2025-08-14 03:37:35 +00:00 · 2025-04-28 17:18:05 +02:00
parent 57b08dcf10
commit 0a08c854a8
2 changed files with 12 additions and 1 deletions
--- a/internal/api/oidc/error.go
+++ b/internal/api/oidc/error.go
@@ -3,6 +3,8 @@ package oidc
 import (
 	"errors"

+	"github.com/zitadel/logging"
+
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"github.com/zitadel/oidc/v3/pkg/op"

@@ -19,6 +21,7 @@ func oidcError(err error) error {
 	if err == nil {
 		return nil
 	}
+	logging.WithError(err).Warn("OIDC error")
 	if errors.Is(err, op.ErrInvalidRefreshToken) {
 		err = zerrors.ThrowInvalidArgument(err, "OIDCS-ef2Gi", "Errors.User.RefreshToken.Invalid")
 	}
@@ -42,6 +45,14 @@ func oidcError(err error) error {
 	if statusCode < 500 {
 		newOidcErr = oidc.ErrInvalidRequest
 	}
+
+	entry := logging.WithError(err).WithField("status_code", statusCode)
+	if statusCode >= 500 {
+		entry.Error("OIDC error")
+	} else {
+		entry.Warn("OIDC error")
+	}
+
 	return op.NewStatusError(
 		newOidcErr().
 			WithParent(err).
--- a/internal/api/oidc/server.go
+++ b/internal/api/oidc/server.go
@@ -207,7 +207,7 @@ func (s *Server) createDiscoveryConfig(ctx context.Context, supportedUILocales o

 func response(resp any, err error) (*op.Response, error) {
 	if err != nil {
-		return nil, err
+		return nil, oidcError(err)
 	}
 	return op.NewResponse(resp), nil
 }