Add PAR tag on TokenIssued(Failure) events

DuendeSoftware · Nov 10, 2023 · 0574757 · 0574757
1 parent 36fe588
commit 0574757
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 14 deletions.
diff --git a/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs b/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs
@@ -225,7 +225,11 @@ private void LogTokens(AuthorizeResponse response)
 
     private Task RaiseFailureEventAsync(ValidatedAuthorizeRequest request, string error, string errorDescription)
     {
-        Telemetry.Metrics.TokenIssuedFailure(request.ClientId, request.GrantType, error);
+        Telemetry.Metrics.TokenIssuedFailure(
+            request.ClientId,
+            request.GrantType,
+            request.IsPushedAuthorizationRequest,
+            error);
         return _events.RaiseAsync(new TokenIssuedFailureEvent(request, error, errorDescription));
     }
 
@@ -234,7 +238,10 @@ private Task RaiseResponseEventAsync(AuthorizeResponse response)
         if (!response.IsError)
         {
             LogTokens(response);
-            Telemetry.Metrics.TokenIssued(response.Request.ClientId, response.Request.GrantType);
+            Telemetry.Metrics.TokenIssued(
+                response.Request.ClientId,
+                response.Request.GrantType,
+                response.Request.IsPushedAuthorizationRequest);
             return _events.RaiseAsync(new TokenIssuedSuccessEvent(response));
         }
 

diff --git a/src/IdentityServer/Endpoints/TokenEndpoint.cs b/src/IdentityServer/Endpoints/TokenEndpoint.cs
@@ -96,7 +96,7 @@ private async Task<IEndpointResult> ProcessTokenRequestAsync(HttpContext context
         if (clientResult.IsError)
         {
             var errorMsg = clientResult.Error ?? OidcConstants.TokenErrors.InvalidClient;
-            Telemetry.Metrics.TokenIssuedFailure(clientResult.Client?.ClientId, null, errorMsg);
+            Telemetry.Metrics.TokenIssuedFailure(clientResult.Client?.ClientId, null, false, errorMsg);
             return Error(errorMsg);
         }
 
@@ -113,7 +113,7 @@ private async Task<IEndpointResult> ProcessTokenRequestAsync(HttpContext context
         var error = await TryReadProofTokens(context, requestContext);
         if (error != null)
         {
-            Telemetry.Metrics.TokenIssuedFailure(clientResult.Client.ClientId, null, error.Response.Error);
+            Telemetry.Metrics.TokenIssuedFailure(clientResult.Client.ClientId, null, false, error.Response.Error);
             return error;
         }
 
@@ -122,7 +122,7 @@ private async Task<IEndpointResult> ProcessTokenRequestAsync(HttpContext context
         {
             await _events.RaiseAsync(new TokenIssuedFailureEvent(requestResult));
             Telemetry.Metrics.TokenIssuedFailure(
-                clientResult.Client.ClientId, requestResult.ValidatedRequest?.GrantType, requestResult.Error);
+                clientResult.Client.ClientId, requestResult.ValidatedRequest?.GrantType, false, requestResult.Error);
             var err = Error(requestResult.Error, requestResult.ErrorDescription, requestResult.CustomResponse);
             err.Response.DPoPNonce = requestResult.DPoPNonce;
             return err;
@@ -133,7 +133,7 @@ private async Task<IEndpointResult> ProcessTokenRequestAsync(HttpContext context
         var response = await _responseGenerator.ProcessAsync(requestResult);
 
         await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
-        Telemetry.Metrics.TokenIssued(clientResult.Client.ClientId, requestResult.ValidatedRequest.GrantType);
+        Telemetry.Metrics.TokenIssued(clientResult.Client.ClientId, requestResult.ValidatedRequest.GrantType, false);
         LogTokens(response, requestResult);
 
         // return result

diff --git a/src/IdentityServer/Validation/Models/ValidatedAuthorizeRequest.cs b/src/IdentityServer/Validation/Models/ValidatedAuthorizeRequest.cs
@@ -4,6 +4,7 @@
 
 #nullable enable
 
+using Duende.IdentityServer.Extensions;
 using IdentityModel;
 using System.Collections.Generic;
 using System.Linq;
@@ -259,6 +260,11 @@ public class ValidatedAuthorizeRequest : ValidatedRequest
     /// </summary>
     public string? PushedAuthorizationReferenceValue { get; set; }
 
+    /// <summary>
+    /// Is this a pushed authorization request?
+    /// </summary>
+    public bool IsPushedAuthorizationRequest { get => PushedAuthorizationReferenceValue.IsPresent(); }
+
     /// <summary>
     /// Gets or sets a value indicating the context in which authorization
     /// validation is occurring (the PAR endpoint or the authorize endpoint with

diff --git a/src/Telemetry/Telemetry.cs b/src/Telemetry/Telemetry.cs
@@ -14,7 +14,7 @@ namespace Duende.IdentityServer;
 public static class Telemetry
 {
     private readonly static string ServiceVersion = typeof(Telemetry).Assembly.GetName().Version.ToString();
-    
+
     /// <summary>
     /// Service name used for Duende IdentityServer.
     /// </summary>
@@ -216,6 +216,11 @@ public static class Tags
             /// </summary>
             public const string Path = "path";
 
+            /// <summary>
+            /// pushed_authorization_request
+            /// </summary>
+            public const string PushedAuthorizationRequest = "pushed_authorization_request";
+
             /// <summary>
             /// scheme
             /// </summary>
@@ -264,7 +269,7 @@ public static void DecreaseActiveRequests(string endpointType, string path) =>
         /// <param name="clientId">Client involved in event</param>
         public static void Success(string clientId = null)
         {
-            if(clientId != null)
+            if (clientId != null)
             {
                 SuccessCounter.Add(1, tag: new("client", clientId));
             }
@@ -273,7 +278,7 @@ public static void Success(string clientId = null)
                 SuccessCounter.Add(1);
             }
         }
-        
+
         /// <summary>
         /// High level number of failed operations. Probably most useful together with <see cref="SuccessCounter"/>.
         /// </summary>
@@ -286,7 +291,7 @@ public static void Success(string clientId = null)
         /// <param name="clientId">Client involved in event</param>
         public static void Failure(string error, string clientId = null)
         {
-            if(clientId != null)
+            if (clientId != null)
             {
                 FailureCounter.Add(1, new("client", clientId), new("error", error));
             }
@@ -558,6 +563,7 @@ public static Counter<long> PushedAuthorizationRequestFailureCounter
         /// Helper method to increase <see cref="PushedAuthorizationRequestFailureCounter"/>
         /// </summary>
         /// <param name="clientId"></param>
+        /// <param name="error">Error reason</param>
         public static void PushedAuthorizationRequestFailure(string clientId, string error)
         {
             Failure(clientId);
@@ -640,10 +646,14 @@ public static void RevocationFailure(string clientId, string error)
         /// </summary>
         /// <param name="clientId">Client Id</param>
         /// <param name="grantType">Grant Type</param>
-        public static void TokenIssued(string clientId, string grantType)
+        /// <param name="isPushedAuthorizationRequest">Is this a result of a pushed authorization request?</param>
+        public static void TokenIssued(string clientId, string grantType, bool isPushedAuthorizationRequest)
         {
             Success(clientId);
-            TokenIssuedCounter.Add(1, new(Tags.Client, clientId), new(Tags.GrantType, grantType));
+            TokenIssuedCounter.Add(1,
+                new(Tags.Client, clientId),
+                new(Tags.GrantType, grantType),
+                new(Tags.PushedAuthorizationRequest, isPushedAuthorizationRequest));
         }
 
         /// <summary>
@@ -657,10 +667,15 @@ public static void TokenIssued(string clientId, string grantType)
         /// <param name="clientId">Client Id</param>
         /// <param name="grantType">Grant Type</param>
         /// <param name="error">Error</param>
-        public static void TokenIssuedFailure(string clientId, string grantType, string error)
+        /// <param name="isPushedAuthorizationRequest">Is this a result of a pushed authorization request?</param>
+        public static void TokenIssuedFailure(string clientId, string grantType, bool isPushedAuthorizationRequest, string error)
         {
             Failure(error, clientId);
-            TokenIssuedFailureCounter.Add(1, new(Tags.Client, clientId), new (Tags.GrantType, grantType), new(Tags.Error, error));
+            TokenIssuedFailureCounter.Add(1,
+                new(Tags.Client, clientId),
+                new(Tags.GrantType, grantType),
+                new(Tags.PushedAuthorizationRequest, isPushedAuthorizationRequest),
+                new(Tags.Error, error));
         }
 
         /// <summary>