Add debug log for impersonation feature

keycloakify · Oct 21, 2024 · 3fcf2f5 · 3fcf2f5
1 parent ce8adbe
commit 3fcf2f5
Showing 1 changed file with 31 additions and 4 deletions.
diff --git a/src/oidc.ts b/src/oidc.ts
@@ -351,7 +351,7 @@ export async function createOidc_nonMemoized<
         ).replace(/\/$/, "");
     })();
 
-    log?.(`Calling createOidc v${VERSION}`, { params, publicUrl, configHash });
+    log?.(`Calling createOidc v${VERSION}`, { issuerUri, clientId, scopes, publicUrl, configHash });
 
     const silentSso =
         publicUrl === undefined
@@ -419,7 +419,8 @@ export async function createOidc_nonMemoized<
 
         await maybeImpersonate({
             configHash,
-            getDoContinueWithImpersonation
+            getDoContinueWithImpersonation,
+            log
         });
     }
 
@@ -1781,8 +1782,9 @@ async function maybeImpersonate(params: {
         ParamsOfCreateOidc["getDoContinueWithImpersonation"],
         undefined
     >;
+    log: typeof console.log | undefined;
 }) {
-    const { configHash, getDoContinueWithImpersonation } = params;
+    const { configHash, getDoContinueWithImpersonation, log } = params;
 
     const value = (() => {
         const KEY = "oidc-spa_impersonate";
@@ -1794,6 +1796,8 @@ async function maybeImpersonate(params: {
                 break from_url;
             }
 
+            log?.("Found impersonation query param in the url");
+
             window.history.replaceState({}, "", result.newUrl);
 
             sessionStorage.setItem(KEY, result.value);
@@ -1808,6 +1812,8 @@ async function maybeImpersonate(params: {
                 break from_session_storage;
             }
 
+            log?.("Found impersonation query param in the session storage");
+
             return value;
         }
 
@@ -1824,6 +1830,8 @@ async function maybeImpersonate(params: {
         refreshToken: string;
     }[];
 
+    log?.("Impersonation params got:", arr);
+
     assert(arr instanceof Array);
     arr.forEach(item => {
         assert(item instanceof Object);
@@ -1848,15 +1856,30 @@ async function maybeImpersonate(params: {
         const clientId = azp;
 
         if (getConfigHash({ issuerUri, clientId }) !== configHash) {
+            log?.(
+                [
+                    `Skipping impersonation params entry`,
+                    `issuerUri/clientId: ${issuerUri}/${clientId} read from the access token`,
+                    `doesn't match the current configuration of this oidc client`
+                ].join(" ")
+            );
+
             continue;
         }
 
+        log?.(
+            "Impersonation param matched with the current configuration, asking for confirmation before continuing"
+        );
+
         const doContinue = await getDoContinueWithImpersonation({ parsedAccessToken });
 
         if (!doContinue) {
+            log?.("Impersonation was canceled by the user");
             return;
         }
 
+        log?.("Impersonation confirmed, storing the impersonation params in the session storage");
+
         sessionStorage.setItem(
             `${SESSION_STORAGE_PREFIX}user:${issuerUri}:${clientId}`,
             JSON.stringify({
@@ -1871,6 +1894,10 @@ async function maybeImpersonate(params: {
             })
         );
 
-        break;
+        return;
     }
+
+    log?.(
+        "Impersonation skipped, no impersonation params matched the current configuration of this oidc client"
+    );
 }