Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-7605

[OIDC] Improve Issuer.discover error message

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.42.3
    • Affects Version/s: None
    • Component/s: OIDC DB Auth, UI / UX
    • None
    • Developer Tools
    • 2
    • Not Needed
    • Iteration Wendiceratops

      The openid-client package we use to perform OIDC protocol interactions mostly forwards HTTPS errors directly to the caller. Node.js HTTPS errors, however, can be fairly unspecific; e.g.:

      > require('openid-client').Issuer.discover('https://self-signed.badssl.com')
Promise {
  <pending>,
  [Symbol(async_id_symbol)]: 35,
  [Symbol(trigger_async_id_symbol)]: 6
}
> Uncaught Error: self-signed certificate
    [...] {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
}

      As a quick win, we could wrap the error message from Issuer.discover in https://github.com/mongodb-js/oidc-plugin/blob/14de2c8c18f74c3a6eb892fa180850afc9b83460/src/plugin.ts#L339 so that it indicates that the error happened while looking up issuer metadata (and what the issuer URI in question is), and include the issuer URI in the log file when starting an OIDC authentication attempt.

            Assignee:
            anna.henningsen@mongodb.com Anna Henningsen
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: