kubernetes-ingress
kubernetes-ingress copied to clipboard
nginxinc
More context in OIDC logs
Is your feature request related to a problem? Please describe.
The problem is log messages like this:
2024/12/11 13:44:54 [error] 86#86: *3762 js: OIDC ID Token validation error: nonce
from token (3-wSxtTGFsip_PQNftt4S5ty-vHIkiG0PsfdMEqyu11ds) does not match
client ()
Describe the solution you'd like
It would be nice if at least the name of the VirtualServer object, or URL, was included. It would also be nice if this logging was configurable, in JSON format. Missing context is the most required feature, though.
It would be nice if the context was not limited to the OIDC module, but was added for all modules/components. For example the JWT policy.
Describe alternatives you've considered
None, very open to suggestions.
Additional context
Using Nginx Ingress Controller 4.0.1 (the example is a bit older, though).
Hi @anderius thanks for reporting!
Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this :slightly_smiling_face:
Cheers!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This can be resolved by merging https://github.com/nginxinc/nginx-openid-connect/pull/111 and updating the implementation on NIC.
We would be glad to have this available ASAP. We are facing the same error logs as @anderius (nonce error with OIDC policy) and we would like to understand which VirtualServers and requests are impacted. Currently, there is no info, and this is not handy at all to debug issues. Thanks.
Unblocking as https://github.com/nginxinc/nginx-openid-connect/pull/114 merged
