Implementing activity auditing feature

[dh-]

Hi, I'm currently using Identity Server v2 + Authorization Server mostly in Resource Owner Password Flow scenario. I was wondering if I can perform sort of logging user activity, I mean successful and failed token request attempts with info:

• result: success/fail
• relying party
• scopes
• date/time

How I can achieve that and what are the best ways to do that?

I was thinking about additional db or table in exisitng db, create or use some existing logging/auditing API (if there is any) and do API calls in proper places (extensibility points), API would do writing a record to the DB. Could you provide some info how to do that in a good, proper way?

[brockallen]

We do tracing using the TraceSource, so you could hook in at that level. That might not be focused enough, so you could perhaps override the DI framework to inject your own services or even controllers to act as an interception layer to record the inputs and outputs you desire. Finally the last idea would be to simply fork the source code and modify as you need to for this auditing. Sorry we don't have a better approach for this in AuthorizationServer.