Adding WWW-Authenticate info.
when glare requests are failing with "401 Unauthorized" against keycloak, more data can be added to the logs, to understand the reason better. In case keycloak return 401 it must provide the www-Authenticate response header with the reason: https://www.w3.org/Protocols/HTTP/1.0/spec.html#WWW-Authenticate This code take care of it by adding the WWW-Authenticate value to glare api-log. Change-Id: Ia3966ad00868b559874610f552c8e491d8a01acd
This commit is contained in:
parent
9419d4d970
commit
5e60d27376
|
@ -121,6 +121,10 @@ class KeycloakAuthMiddleware(base_middleware.Middleware):
|
|||
if resp.status_code == 400:
|
||||
raise exception.BadRequest(message=resp.text)
|
||||
if resp.status_code == 401:
|
||||
LOG.warning("HTTP response from OIDC provider:"
|
||||
" [%s] with WWW-Authenticate: [%s]",
|
||||
pprint.pformat(resp.text),
|
||||
resp.headers.get("WWW-Authenticate"))
|
||||
raise exception.Unauthorized(message=resp.text)
|
||||
if resp.status_code == 403:
|
||||
raise exception.Forbidden(message=resp.text)
|
||||
|
@ -147,8 +151,9 @@ class KeycloakAuthMiddleware(base_middleware.Middleware):
|
|||
try:
|
||||
decoded = jwt.decode(access_token, algorithms=['RS256'],
|
||||
verify=False)
|
||||
except Exception:
|
||||
msg = _("Token can't be decoded because of wrong format.")
|
||||
except Exception as e:
|
||||
msg = _("Token can't be decoded because of wrong format %s")\
|
||||
% str(e)
|
||||
LOG.error(msg)
|
||||
raise exception.Unauthorized()
|
||||
|
||||
|
|
Loading…
Reference in New Issue