fix: uniform oidc errors (#7237)

* fix: uniform oidc errors sanitize oidc error reporting when passing package boundary towards oidc. * add should TriggerBulk in get audiences for auth request * upgrade to oidc 3.10.1 * provisional oidc upgrade to error branch * pin oidc 3.10.2
2025-08-11 21:07:31 +00:00 · 2024-01-18 08:10:49 +02:00
parent cdfcdec101
commit af4e0484d0
17 changed files with 267 additions and 61 deletions
--- a/internal/api/oidc/device_auth.go
+++ b/internal/api/oidc/device_auth.go
@@ -109,14 +109,9 @@ func newDeviceAuthorizationState(d *query.DeviceAuth) *op.DeviceAuthorizationSta
 // As generated user codes are of low entropy, this implementation also takes care or
 // device authorization request cleanup, when it has been Approved, Denied or Expired.
 func (o *OPStorage) GetDeviceAuthorizatonState(ctx context.Context, clientID, deviceCode string) (state *op.DeviceAuthorizationState, err error) {
-	const logMsg = "get device authorization state"
-	logger := logging.WithFields("device_code", deviceCode)
-
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() {
-		if err != nil {
-			logger.WithError(err).Error(logMsg)
-		}
+		err = oidcError(err)
 		span.EndWithError(err)
 	}()

@@ -124,7 +119,8 @@ func (o *OPStorage) GetDeviceAuthorizatonState(ctx context.Context, clientID, de
 	if err != nil {
 		return nil, err
 	}
-	logger.SetFields(
+	logging.WithFields(
+		"device_code", deviceCode,
 		"expires", deviceAuth.Expires, "scopes", deviceAuth.Scopes,
 		"subject", deviceAuth.Subject, "state", deviceAuth.State,
 	).Debug("device authorization state")