hargata/lubelog
1
0
Fork 0
mirror of https://github.com/hargata/lubelog.git synced 2025-12-10 00:46:08 -06:00
Code Issues Packages Projects Releases 51 Wiki Activity

add exception logging for JWT validation failure

Browse Source
This commit is contained in:
DESKTOP-T0O5CDB\DESK-555BD 2025-11-10 08:00:37 -07:00
parent 9f14cd0a5e
commit d4f06b96ff
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Controllers/LoginController.cs
View File

@ -146,6 +146,7 @@ namespace CarCareTracker.Controllers
var userAccessToken = decodedToken?.access_token ?? string.Empty; var userAccessToken = decodedToken?.access_token ?? string.Empty;
var tokenParser = new JsonWebTokenHandler(); var tokenParser = new JsonWebTokenHandler();
bool passedSignatureCheck = true; bool passedSignatureCheck = true;
string signatureValidationError = "check jwks endpoint";
if (!string.IsNullOrWhiteSpace(openIdConfig.JwksURL)) if (!string.IsNullOrWhiteSpace(openIdConfig.JwksURL))
{ {
//validate token signature if jwks endpoint is provided //validate token signature if jwks endpoint is provided
@ -165,6 +166,10 @@ namespace CarCareTracker.Controllers
if (!validatedIdToken.IsValid) if (!validatedIdToken.IsValid)
{ {
passedSignatureCheck = false; passedSignatureCheck = false;
if (validatedIdToken.Exception != null && !string.IsNullOrWhiteSpace(validatedIdToken.Exception.Message))
{
signatureValidationError = validatedIdToken.Exception.Message;
}
} }
} }
} }
@ -238,7 +243,7 @@ namespace CarCareTracker.Controllers
} }
else else
{ {
_logger.LogError($"OpenID Provider did not provide a valid id_token: check jwks endpoint"); _logger.LogError($"OpenID Provider did not provide a valid id_token: {signatureValidationError}");
} }
} }
else else
@ -329,6 +334,10 @@ namespace CarCareTracker.Controllers
if (!validatedIdToken.IsValid) if (!validatedIdToken.IsValid)
{ {
passedSignatureCheck = false; passedSignatureCheck = false;
if (validatedIdToken.Exception != null && !string.IsNullOrWhiteSpace(validatedIdToken.Exception.Message))
{
results.Add(OperationResponse.Failed($"Failed JWT Validation: {validatedIdToken.Exception.Message}"));
}
} else } else
{ {
results.Add(OperationResponse.Succeed($"Passed JWT Validation - Valid To: {validatedIdToken.SecurityToken.ValidTo}")); results.Add(OperationResponse.Succeed($"Passed JWT Validation - Valid To: {validatedIdToken.SecurityToken.ValidTo}"));