Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: log claims #3798

Merged
merged 1 commit into from
Mar 6, 2024
Merged

feat: log claims #3798

merged 1 commit into from
Mar 6, 2024

Conversation

hperl
Copy link
Contributor

@hperl hperl commented Mar 5, 2024

Sometimes there are issues with mapping the claims from a SSO provider to an identity trait. This change adds the claims that we get back to the event, so that we can better debug these issues.

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@hperl hperl requested a review from zepatrik March 5, 2024 10:39
@hperl hperl requested review from aeneasr and zepatrik as code owners March 5, 2024 10:39
@hperl hperl self-assigned this Mar 5, 2024
aeneasr
aeneasr previously approved these changes Mar 5, 2024
View reviewed changes
zepatrik
zepatrik previously approved these changes Mar 5, 2024
View reviewed changes
Copy link
Member

@zepatrik zepatrik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only setting the keys should not leak any PII.

@aeneasr
Copy link
Member

aeneasr commented Mar 5, 2024

CI fails

@hperl hperl dismissed stale reviews from zepatrik and aeneasr via a8e3475 March 5, 2024 18:38
@hperl hperl force-pushed the hperl/claims-event branch from b6e0bc5 to a8e3475 Compare March 5, 2024 18:38
@codecov Codecov
Copy link

codecov bot commented Mar 5, 2024

Codecov Report

Attention: Patch coverage is 83.33333% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 78.14%. Comparing base (7017490) to head (a8e3475).
Report is 1 commits behind head on master.

Files Patch % Lines
selfservice/strategy/oidc/strategy.go 83.33% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3798   +/-   ##
=======================================
  Coverage   78.14%   78.14%           
=======================================
  Files         349      349           
  Lines       24118    24121    +3     
=======================================
+ Hits        18846    18849    +3     
  Misses       3852     3852           
  Partials     1420     1420

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@hperl hperl requested a review from aeneasr March 5, 2024 19:21
aeneasr
aeneasr reviewed Mar 6, 2024
View reviewed changes
selfservice/strategy/oidc/strategy.go
s.forwardError(w, r, req, s.handleError(w, r, req, pid, nil, err))
return
}

span.SetAttributes(attribute.StringSlice("claims", maps.Keys(claims.RawClaims)))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't this leak PII into the tracing system?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this is just the keys, meaning the claim keys. The PII is just in the values, which we don't send.

@aeneasr aeneasr merged commit 04390be into master Mar 6, 2024
29 checks passed
@aeneasr aeneasr deleted the hperl/claims-event branch March 6, 2024 14:34
mpauly-exnaton pushed a commit to mpauly-exnaton/kratos that referenced this pull request Feb 12, 2025
@hperl @mpauly-exnaton
feat: send OIDC claim keys to tracing (ory#3798)
0cd770b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr left review comments

@zepatrik zepatrik Awaiting requested review from zepatrik

Assignees

@hperl hperl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hperl @aeneasr @zepatrik