feat(op): allow returning of parent errors to client #629
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
livio-a
approved these changes
Aug 9, 2024
|
🎉 This PR is included in version 3.27.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
livio-a
added a commit
to zitadel/zitadel
that referenced
this pull request
Aug 20, 2024
# Which Problems Are Solved Currently the OIDC API of ZITADEL only prints parent errors to the logs. Where 4xx status are typically warn level and 5xx error level. This makes it hard to debug certain errors for client in multi-instance environments like ZITADEL cloud, where there is no direct access to logs. In case of support requests we often can't correlate past log-lines to the error that was reported. This change adds the possibility to return the parent error in the response to the OIDC client. For the moment this only applies to JSON body responses, not error redirects to the RP. # How the Problems Are Solved - New instance-level feature flag: `debug_oidc_parent_error` - Use the new `WithReturnParentToClient()` function from the oidc lib introduced in zitadel/oidc#629 for all cases where `WithParent` was already used and the request context is available. # Additional Changes none # Additional Context - Depends on: zitadel/oidc#629 - Related to: #8362 --------- Co-authored-by: Livio Spring <[email protected]>
peintnermax
pushed a commit
to zitadel/zitadel
that referenced
this pull request
Aug 20, 2024
# Which Problems Are Solved Currently the OIDC API of ZITADEL only prints parent errors to the logs. Where 4xx status are typically warn level and 5xx error level. This makes it hard to debug certain errors for client in multi-instance environments like ZITADEL cloud, where there is no direct access to logs. In case of support requests we often can't correlate past log-lines to the error that was reported. This change adds the possibility to return the parent error in the response to the OIDC client. For the moment this only applies to JSON body responses, not error redirects to the RP. # How the Problems Are Solved - New instance-level feature flag: `debug_oidc_parent_error` - Use the new `WithReturnParentToClient()` function from the oidc lib introduced in zitadel/oidc#629 for all cases where `WithParent` was already used and the request context is available. # Additional Changes none # Additional Context - Depends on: zitadel/oidc#629 - Related to: #8362 --------- Co-authored-by: Livio Spring <[email protected]>
JayPe69
pushed a commit
to Ludocare/zitadel
that referenced
this pull request
Aug 26, 2024
# Which Problems Are Solved Currently the OIDC API of ZITADEL only prints parent errors to the logs. Where 4xx status are typically warn level and 5xx error level. This makes it hard to debug certain errors for client in multi-instance environments like ZITADEL cloud, where there is no direct access to logs. In case of support requests we often can't correlate past log-lines to the error that was reported. This change adds the possibility to return the parent error in the response to the OIDC client. For the moment this only applies to JSON body responses, not error redirects to the RP. # How the Problems Are Solved - New instance-level feature flag: `debug_oidc_parent_error` - Use the new `WithReturnParentToClient()` function from the oidc lib introduced in zitadel/oidc#629 for all cases where `WithParent` was already used and the request context is available. # Additional Changes none # Additional Context - Depends on: zitadel/oidc#629 - Related to: zitadel#8362 --------- Co-authored-by: Livio Spring <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change introduces the possibility to return parent errors to clients. This is implemented by an optional flag on the
*oidc.Error.Currently it only support setting the parent inside JSON responses, not redirect URLs. As Go errors don't unmarshall well, only the marshaller is implemented for the moment.
Related to zitadel/zitadel#8362
Definition of Ready