@@ -56,10 +56,10 @@ async function codeExchange(r) {
5656 // Check authorization code presence
5757 if ( ! r . variables . arg_code || r . variables . arg_code . length == 0 ) {
5858 if ( r . variables . arg_error ) {
59- r . error ( "OIDC error receiving authorization code for " + r . headersIn [ 'host ' ] + r . uri + ": " +
59+ r . error ( "OIDC error receiving authorization code for " + r . headersIn [ 'Host ' ] + r . uri + ": " +
6060 r . variables . arg_error_description ) ;
6161 } else {
62- r . error ( "OIDC expected authorization code for " + r . headersIn [ 'host ' ] + " but received: " + r . uri ) ;
62+ r . error ( "OIDC expected authorization code for " + r . headersIn [ 'Host ' ] + " but received: " + r . uri ) ;
6363 }
6464 r . return ( 502 ) ;
6565 return ;
@@ -95,15 +95,15 @@ function getTokenClaims(r, token) {
9595 r . subrequest ( '/_token_validation' , 'token=' + token ,
9696 function ( reply ) {
9797 if ( reply . status !== 200 ) {
98- r . error ( "Failed to retrieve claims for " + r . headersIn [ 'host ' ] + r . uri + ": HTTP " + reply . status ) ;
98+ r . error ( "Failed to retrieve claims for " + r . headersIn [ 'Host ' ] + r . uri + ": HTTP " + reply . status ) ;
9999 resolve ( null ) ;
100100 return ;
101101 }
102102 try {
103103 const claims = JSON . parse ( reply . responseText ) ;
104104 resolve ( claims ) ;
105105 } catch ( e ) {
106- r . error ( "Failed to parse claims for " + r . headersIn [ 'host ' ] + r . uri + ": " + e ) ;
106+ r . error ( "Failed to parse claims for " + r . headersIn [ 'Host ' ] + r . uri + ": " + e ) ;
107107 resolve ( null ) ;
108108 }
109109 }
@@ -131,21 +131,21 @@ function validateIdTokenClaims(r, claims) {
131131 const missingClaims = requiredClaims . filter ( ( claim ) => ! claims [ claim ] ) ;
132132
133133 if ( missingClaims . length > 0 ) {
134- r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'host ' ] + r . uri + `: missing claim(s) ${ missingClaims . join ( ' ' ) } ) ;
134+ r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'Host ' ] + r . uri + `: missing claim(s) ${ missingClaims . join ( ' ' ) } ) ;
135135 return false ;
136136 }
137137
138138 // Check 'iat' validity
139139 const iat = Math . floor ( Number ( claims . iat ) ) ;
140140 if ( String ( iat ) !== claims . iat || iat < 1 ) {
141- r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'host ' ] + r . uri + `: iat claim is not a valid number` ) ;
141+ r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'Host ' ] + r . uri + `: iat claim is not a valid number` ) ;
142142 return false ;
143143 }
144144
145145 // Audience must include the configured client
146146 const aud = Array . isArray ( claims . aud ) ? claims . aud : claims . aud . split ( ',' ) ;
147147 if ( ! aud . includes ( r . variables . oidc_client ) ) {
148- r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'host ' ] + r . uri + `: aud claim (${ claims . aud } +
148+ r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'Host ' ] + r . uri + `: aud claim (${ claims . aud } +
149149 `does not include $oidc_client (${ r . variables . oidc_client } ) ;
150150 return false ;
151151 }
@@ -160,12 +160,12 @@ function validateIdTokenClaims(r, claims) {
160160 : '' ;
161161
162162 if ( claims . nonce !== clientNonceHash ) {
163- r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'host ' ] + r . uri + `: nonce from token (${ claims . nonce } +
163+ r . error ( `OIDC ID Token validation error for ` + r . headersIn [ 'Host ' ] + r . uri + `: nonce from token (${ claims . nonce } +
164164 `does not match client (${ clientNonceHash } ) ;
165165 return false ;
166166 }
167167 } else if ( isNewSession ( r ) ) {
168- r . error ( "OIDC ID Token validation error for " + r . headersIn [ 'host ' ] + r . uri +
168+ r . error ( "OIDC ID Token validation error for " + r . headersIn [ 'Host ' ] + r . uri +
169169 ": missing nonce claim during initial authentication." ) ;
170170 return false ;
171171 }
@@ -227,7 +227,7 @@ async function exchangeCodeForTokens(r) {
227227 } ) ;
228228
229229 if ( reply . status === 504 ) {
230- r . error ( "OIDC timeout connecting to IdP during code exchange for " + r . headersIn [ 'host ' ] + r . uri ) ;
230+ r . error ( "OIDC timeout connecting to IdP during code exchange for " + r . headersIn [ 'Host ' ] + r . uri ) ;
231231 r . return ( 504 ) ;
232232 return null ;
233233 }
@@ -241,13 +241,13 @@ async function exchangeCodeForTokens(r) {
241241 try {
242242 const tokenset = JSON . parse ( reply . responseText ) ;
243243 if ( tokenset . error ) {
244- r . error ( "OIDC for " + r . headersIn [ 'host ' ] + r . uri + " " + tokenset . error + " " + tokenset . error_description ) ;
244+ r . error ( "OIDC for " + r . headersIn [ 'Host ' ] + r . uri + ": " + tokenset . error + " " + tokenset . error_description ) ;
245245 r . return ( 500 ) ;
246246 return null ;
247247 }
248248 return tokenset ;
249249 } catch ( e ) {
250- r . error ( "OIDC token response not JSON for " + r . headersIn [ 'host ' ] + r . uri + ": " + reply . responseText ) ;
250+ r . error ( "OIDC token response not JSON for " + r . headersIn [ 'Host ' ] + r . uri + ": " + reply . responseText ) ;
251251 r . return ( 502 ) ;
252252 return null ;
253253 }
@@ -267,9 +267,9 @@ async function refreshTokens(r) {
267267 try {
268268 const tokenset = JSON . parse ( reply . responseText ) ;
269269 if ( ! tokenset . id_token ) {
270- r . error ( "OIDC refresh response for " + r . headersIn [ 'host ' ] + r . uri + " did not include id_token" ) ;
270+ r . error ( "OIDC refresh response for " + r . headersIn [ 'Host ' ] + r . uri + " did not include id_token" ) ;
271271 if ( tokenset . error ) {
272- r . error ( "OIDC error for " + r . headersIn [ 'host ' ] + r . uri + " " + tokenset . error + " " + tokenset . error_description ) ;
272+ r . error ( "OIDC error for " + r . headersIn [ 'Host ' ] + r . uri + " " + tokenset . error + " " + tokenset . error_description ) ;
273273 }
274274 return null ;
275275 }
@@ -336,13 +336,13 @@ async function handleFrontChannelLogout(r) {
336336
337337 // Validate input parameters
338338 if ( ! sid ) {
339- r . error ( "Missing sid parameter in front-channel logout request for " + r . headersIn [ 'host ' ] + r . uri ) ;
339+ r . error ( "Missing sid parameter in front-channel logout request for " + r . headersIn [ 'Host ' ] + r . uri ) ;
340340 r . return ( 400 , "Missing sid" ) ;
341341 return ;
342342 }
343343
344344 if ( ! requestIss ) {
345- r . error ( "Missing iss parameter in front-channel logout request for " + r . headersIn [ 'host ' ] + r . uri ) ;
345+ r . error ( "Missing iss parameter in front-channel logout request for " + r . headersIn [ 'Host ' ] + r . uri ) ;
346346 r . return ( 400 , "Missing iss" ) ;
347347 return ;
348348 }
@@ -373,7 +373,7 @@ async function handleFrontChannelLogout(r) {
373373
374374 const claims = await getTokenClaims ( r , sessionJwt ) ;
375375 if ( claims . iss !== requestIss ) {
376- r . error ( "Issuer mismatch during logout for " + r . headersIn [ 'host ' ] + r . uri + ": Received iss: " +
376+ r . error ( "Issuer mismatch during logout for " + r . headersIn [ 'Host ' ] + r . uri + ": Received iss: " +
377377 requestIss + ", expected: " + claims . iss ) ;
378378 r . return ( 400 , "Issuer mismatch" ) ;
379379 return ;
@@ -401,7 +401,7 @@ function initiateNewAuth(r) {
401401 ) ;
402402
403403 if ( missingConfig . length ) {
404- r . error ( "OIDC missing configuration variables for " + r . headersIn [ 'host ' ] + r . uri + ": $oidc_" + missingConfig . join ( " $oidc_" ) ) ;
404+ r . error ( "OIDC missing configuration variables for " + r . headersIn [ 'Host ' ] + r . uri + ": $oidc_" + missingConfig . join ( " $oidc_" ) ) ;
405405 r . return ( 500 , r . variables . internal_error_message ) ;
406406 return ;
407407 }
@@ -467,7 +467,7 @@ function generateTokenRequestParams(r, grant_type) {
467467 body += "&refresh_token=" + r . variables . refresh_token ;
468468 break ;
469469 default :
470- r . error ( "Unsupported grant type for " + r . headersIn [ 'host ' ] + r . uri + ": " + grant_type ) ;
470+ r . error ( "Unsupported grant type for " + r . headersIn [ 'Host ' ] + r . uri + ": " + grant_type ) ;
471471 return ;
472472 }
473473
@@ -493,21 +493,21 @@ function handleTokenError(r, reply) {
493493 try {
494494 const errorset = JSON . parse ( reply . responseText ) ;
495495 if ( errorset . error ) {
496- r . error ( "OIDC error from IdP during token exchange for " + r . headersIn [ 'host ' ] + r . uri + ": " +
496+ r . error ( "OIDC error from IdP during token exchange for " + r . headersIn [ 'Host ' ] + r . uri + ": " +
497497 errorset . error + ", " + errorset . error_description ) ;
498498 } else {
499- r . error ( "OIDC unexpected response from IdP for " + r . headersIn [ 'host ' ] + r . uri + " (HTTP " +
499+ r . error ( "OIDC unexpected response from IdP for " + r . headersIn [ 'Host ' ] + r . uri + " (HTTP " +
500500 reply . status + "). " + reply . responseText ) ;
501501 }
502502 } catch ( e ) {
503- r . error ( "OIDC unexpected response from IdP for " + r . headersIn [ 'host ' ] + r . uri + " (HTTP " + reply . status + "). " +
503+ r . error ( "OIDC unexpected response from IdP for " + r . headersIn [ 'Host ' ] + r . uri + " (HTTP " + reply . status + "). " +
504504 reply . responseText ) ;
505505 }
506506}
507507
508508
509509function handleRefreshError ( r , reply ) {
510- let errorLog = "OIDC refresh failure for " + r . headersIn [ 'host ' ] + r . uri ;
510+ let errorLog = "OIDC refresh failure for " + r . headersIn [ 'Host ' ] + r . uri ;
511511 if ( reply . status === 504 ) {
512512 errorLog += ", timeout waiting for IdP" ;
513513 } else if ( reply . status === 400 ) {
0 commit comments