Additional Auth0Service logging (#707)

* Adds logging for JWKS retrieval * Include appBuild in bootstrap banner --------- Co-authored-by: Don Le <[email protected]>
xh · Mar 18, 2024 · 2353b6a · 2353b6a
1 parent 6c05cf7
commit 2353b6a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/grails-app/init/io/xh/toolbox/BootStrap.groovy b/grails-app/init/io/xh/toolbox/BootStrap.groovy
@@ -69,7 +69,7 @@ class BootStrap {
    \\ \\_\\  \\ \\_____\\  \\ \\_____\\  \\ \\_____\\  \\ \\_____\\  \\ \\_____\\   /\\_\\/\\_\\ 
     \\/_/   \\/_____/   \\/_____/   \\/_____/   \\/_____/   \\/_____/   \\/_/\\/_/ 
 \n                                                                           
-         ${appName} v${appVersion} - ${appEnvironment}
+         ${appName} v${appVersion} [build ${appBuild}] - ${appEnvironment}
 \n
         """)
     }

diff --git a/grails-app/services/io/xh/toolbox/security/Auth0Service.groovy b/grails-app/services/io/xh/toolbox/security/Auth0Service.groovy
@@ -41,6 +41,7 @@ class Auth0Service extends BaseService {
     JwtValidationResult validateToken(String token) {
         try {
             if (!token) throw new JwtException("Unable to validate JWT - no token provided.")
+            logTrace("Validating token", token)
 
             def jws = new JsonWebSignature()
             jws.setCompactSerialization(token)
@@ -53,16 +54,17 @@ class Auth0Service extends BaseService {
             if (!jws.verifySignature()) throw new JwtException("Token failed signature validation")
 
             def payload = JSONParser.parseObject(jws.payload)
-            if (payload.aud != this.clientId) {
+            if (payload.aud != clientId) {
                 throw new JwtException("Token aud value [${payload.aud}] does not match expected value from auth0ClientId config.")
             }
 
+            logDebug(["Token validated successfully", [sub: payload.sub, email: payload.email, fullName: payload.name]])
             return new JwtValidationResult(
-                token: token,
-                sub: payload.sub,
-                email: payload.email,
-                fullName: payload.name,
-                profilePicUrl: payload.picture
+                    token: token,
+                    sub: payload.sub,
+                    email: payload.email,
+                    fullName: payload.name,
+                    profilePicUrl: payload.picture
             )
 
         } catch (e) {
@@ -83,13 +85,15 @@ class Auth0Service extends BaseService {
 
     private JsonWebKeySet _jwks
     JsonWebKeySet getJsonWebKeySet() {
+        def url = "https://${domain}/.well-known/jwks.json"
         if (!_jwks) {
-            def url = "https://${domain}/.well-known/jwks.json",
-                jwksJson = client.executeAsString(new HttpGet(url))
-            _jwks = new JsonWebKeySet(jwksJson)
+            withInfo(["Fetching JWKS", url]) {
+                def jwksJson = client.executeAsString(new HttpGet(url))
+                _jwks = new JsonWebKeySet(jwksJson)
 
-            if (!_jwks.jsonWebKeys.size()) {
-                throw new RuntimeException("Unable to build valid key set from remote JWKS endpoint.")
+                if (!_jwks.jsonWebKeys.size()) {
+                    throw new RuntimeException("Unable to build valid key set from remote JWKS endpoint.")
+                }
             }
         }