chore: add debug logs for OIDC responses (#6641)

coadler · web-flow · commit 1c05b46b0269 · 2023-03-16T19:33:45.000-05:00
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -569,6 +569,20 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Log all of the field names returned in the ID token claims, and the
+	// userinfo returned from the provider.
+	{
+		fields := make([]string, 0, len(claims))
+		for f := range claims {
+			fields = append(fields, f)
+		}
+
+		api.Logger.Debug(ctx, "got oidc claims",
+			slog.F("user_info", userInfo),
+			slog.F("claim_fields", fields),
+		)
+	}
+
 	usernameRaw, ok := claims[api.OIDCConfig.UsernameField]
 	var username string
 	if ok {
@@ -624,6 +638,11 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 			// Convert the []interface{} we get to a []string.
 			groupsInterface, ok := groupsRaw.([]interface{})
 			if ok {
+				api.Logger.Debug(ctx, "groups returned in oidc claims",
+					slog.F("len", len(groupsInterface)),
+					slog.F("groups", groupsInterface),
+				)
+
 				for _, groupInterface := range groupsInterface {
 					group, ok := groupInterface.(string)
 					if !ok {
@@ -634,6 +653,10 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 					}
 					groups = append(groups, group)
 				}
+			} else {
+				api.Logger.Debug(ctx, "groups field was an unknown type",
+					slog.F("type", fmt.Sprintf("%T", groupsRaw)),
+				)
 			}
 		}
 	}
