search

flownative / flow-openidconnect-client

OpenID Connect Client SDK for Flow Framework
MIT License
6 stars 8 forks source link

Lots of ERROR logs due to partial rolesFromClaims configuration #50

Closed bwaidelich closed 1 year ago

bwaidelich commented 1 year ago

In one of our apps the system log is flooded with entries like

22-11-10 09:40:29 14743      ERROR     Flownative.OpenIdConnect.Client OpenID Connect: Ignoring role "Z01" from identity token (@!38C4.659F.8000.3A79!0001!7F12.03E3!0000!E384.4218.2B68.68D2) because there is no corresponding mapping configured.

In our case this is an expected case because we are just interested in a couple of specific roles: We use the rolesFromClaims setting to map a role JWT claim to certain Flow roles in our application

      # ...
      providerOptions:
        roles: ['Some.App:User']
        rolesFromClaims:
          -
            name: 'roles'
            mapping:
              S01: 'Some.App:UserElevated'

=> we are only interested in the value "S01" -> leading to the elevated role. Other roles should not lead to an error.

I would suggest to reduce the severity of this message or to introduce a configuration option.

Note: The somewhat similar log "OpenID Connect: Ignoring role "%s" from identity token (%s) because there is no such role configured in Flow." correctly has the severity ERROR because it is a misconfiguration

bwaidelich commented 1 year ago

Oops, I just realized that this is a duplicate of #45 and it has been resolved already ;)