pkg/auth: better error description

We're getting 500 error from auth.DetermineAuthSubj with
"read: connection reset by peer".

1 files changed, 7 insertions, 9 deletions

diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index a9a66809a..8b72c24f5 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -75,7 +75,7 @@ type jwtClaims struct {
 func (auth *Endpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) {
 	resp, err := http.PostForm(auth.url, url.Values{"id_token": {tokenValue}})
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("http.PostForm: %w", err)
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
@@ -83,15 +83,15 @@ func (auth *Endpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) {
 	}
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("io.ReadAll: %w", err)
 	}
 	claims := new(jwtClaimsParse)
 	if err = json.Unmarshal(body, claims); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("json.Unmarshal: %w", err)
 	}
 	expInt, err := strconv.ParseInt(claims.Expiration, 10, 64)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("strconv.ParseInt: %w", err)
 	}
 	r := jwtClaims{
 		Subject:    claims.Subject,
@@ -116,15 +116,13 @@ func (auth *Endpoint) DetermineAuthSubj(now time.Time, authHeader []string) (str
 	tokenValue := strings.TrimSpace(strings.TrimPrefix(authHeader[0], "Bearer"))
 	claims, err := auth.queryTokenInfo(tokenValue)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("auth.queryTokenInfo: %w", err)
 	}
 	if claims.Audience != DashboardAudience {
-		err := fmt.Errorf("unexpected audience %v", claims.Audience)
-		return "", err
+		return "", fmt.Errorf("unexpected audience %v", claims.Audience)
 	}
 	if claims.Expiration.Before(now) {
-		err := fmt.Errorf("token past expiration %v", claims.Expiration)
-		return "", err
+		return "", fmt.Errorf("token past expiration %v", claims.Expiration)
 	}
 	return OauthMagic + claims.Subject, nil
 }