diff options
| author | Taras Madan <tarasmadan@google.com> | 2024-11-22 10:51:49 +0100 |
|---|---|---|
| committer | Taras Madan <tarasmadan@google.com> | 2024-11-22 10:19:21 +0000 |
| commit | 68da6d951a345757b69b764ceb8dda1e9d65b038 (patch) | |
| tree | c1a581f1d8cf905d253c660bc51d9477043e0e24 /pkg/auth | |
| parent | 4b25d554e5643186ba6a09429089ac0275f7573b (diff) | |
pkg/auth: better error description
We're getting 500 error from auth.DetermineAuthSubj with
"read: connection reset by peer".
Diffstat (limited to 'pkg/auth')
| -rw-r--r-- | pkg/auth/auth.go | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index a9a66809a..8b72c24f5 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -75,7 +75,7 @@ type jwtClaims struct { func (auth *Endpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) { resp, err := http.PostForm(auth.url, url.Values{"id_token": {tokenValue}}) if err != nil { - return nil, err + return nil, fmt.Errorf("http.PostForm: %w", err) } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { @@ -83,15 +83,15 @@ func (auth *Endpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) { } body, err := io.ReadAll(resp.Body) if err != nil { - return nil, err + return nil, fmt.Errorf("io.ReadAll: %w", err) } claims := new(jwtClaimsParse) if err = json.Unmarshal(body, claims); err != nil { - return nil, err + return nil, fmt.Errorf("json.Unmarshal: %w", err) } expInt, err := strconv.ParseInt(claims.Expiration, 10, 64) if err != nil { - return nil, err + return nil, fmt.Errorf("strconv.ParseInt: %w", err) } r := jwtClaims{ Subject: claims.Subject, @@ -116,15 +116,13 @@ func (auth *Endpoint) DetermineAuthSubj(now time.Time, authHeader []string) (str tokenValue := strings.TrimSpace(strings.TrimPrefix(authHeader[0], "Bearer")) claims, err := auth.queryTokenInfo(tokenValue) if err != nil { - return "", err + return "", fmt.Errorf("auth.queryTokenInfo: %w", err) } if claims.Audience != DashboardAudience { - err := fmt.Errorf("unexpected audience %v", claims.Audience) - return "", err + return "", fmt.Errorf("unexpected audience %v", claims.Audience) } if claims.Expiration.Before(now) { - err := fmt.Errorf("token past expiration %v", claims.Expiration) - return "", err + return "", fmt.Errorf("token past expiration %v", claims.Expiration) } return OauthMagic + claims.Subject, nil } |