From 3e2380762377bc5a4a483fc16072a1f5a017a2c4 Mon Sep 17 00:00:00 2001 From: b1ackd0t <28790446+rodneyosodo@users.noreply.github.com> Date: Wed, 5 Jun 2024 11:30:19 +0300 Subject: [PATCH] NOISSUE - Use only sign in state in OAuth 2.0 flows (#2270) Signed-off-by: Rodney Osodo --- pkg/oauth2/oauth2.go | 34 -------- users/api/clients.go | 16 +--- users/api/logging.go | 6 +- users/api/metrics.go | 10 +-- users/clients.go | 3 +- users/events/events.go | 2 - users/events/streams.go | 6 +- users/mocks/service.go | 20 +++-- users/service.go | 50 +++++------- users/service_test.go | 164 +++++++++++++++++++++++---------------- users/tracing/tracing.go | 6 +- 11 files changed, 142 insertions(+), 175 deletions(-) diff --git a/pkg/oauth2/oauth2.go b/pkg/oauth2/oauth2.go index 6a7a668ace..07cf530af2 100644 --- a/pkg/oauth2/oauth2.go +++ b/pkg/oauth2/oauth2.go @@ -5,45 +5,11 @@ package oauth2 import ( "context" - "errors" mfclients "github.com/absmach/magistrala/pkg/clients" "golang.org/x/oauth2" ) -// State is the state of the OAuth2 flow. -type State uint8 - -const ( - // SignIn is the state for the sign-in flow. - SignIn State = iota - // SignUp is the state for the sign-up flow. - SignUp -) - -func (s State) String() string { - switch s { - case SignIn: - return "signin" - case SignUp: - return "signup" - default: - return "unknown" - } -} - -// ToState converts string value to a valid OAuth2 state. -func ToState(state string) (State, error) { - switch state { - case "signin": - return SignIn, nil - case "signup": - return SignUp, nil - } - - return State(0), errors.New("invalid state") -} - // Config is the configuration for the OAuth2 provider. type Config struct { ClientID string `env:"CLIENT_ID" envDefault:""` diff --git a/users/api/clients.go b/users/api/clients.go index 380190a01a..74f691b94e 100644 --- a/users/api/clients.go +++ b/users/api/clients.go @@ -536,19 +536,7 @@ func oauth2CallbackHandler(oauth oauth2.Provider, svc users.Service) http.Handle http.Redirect(w, r, oauth.ErrorURL()+"?error=oauth%20provider%20is%20disabled", http.StatusSeeOther) return } - // state is prefixed with signin- or signup- to indicate which flow we should use - var state string - var flow oauth2.State - var err error - if strings.Contains(r.FormValue("state"), "-") { - state = strings.Split(r.FormValue("state"), "-")[1] - flow, err = oauth2.ToState(strings.Split(r.FormValue("state"), "-")[0]) - if err != nil { - http.Redirect(w, r, oauth.ErrorURL()+"?error="+err.Error(), http.StatusSeeOther) //nolint:goconst - return - } - } - + state := r.FormValue("state") if state != oauth.State() { http.Redirect(w, r, oauth.ErrorURL()+"?error=invalid%20state", http.StatusSeeOther) return @@ -567,7 +555,7 @@ func oauth2CallbackHandler(oauth oauth2.Provider, svc users.Service) http.Handle return } - jwt, err := svc.OAuthCallback(r.Context(), flow, client) + jwt, err := svc.OAuthCallback(r.Context(), client) if err != nil { http.Redirect(w, r, oauth.ErrorURL()+"?error="+err.Error(), http.StatusSeeOther) return diff --git a/users/api/logging.go b/users/api/logging.go index 6d43161d61..24656ed298 100644 --- a/users/api/logging.go +++ b/users/api/logging.go @@ -10,7 +10,6 @@ import ( "github.com/absmach/magistrala" mgclients "github.com/absmach/magistrala/pkg/clients" - mgoauth2 "github.com/absmach/magistrala/pkg/oauth2" "github.com/absmach/magistrala/users" ) @@ -399,11 +398,10 @@ func (lm *loggingMiddleware) Identify(ctx context.Context, token string) (id str return lm.svc.Identify(ctx, token) } -func (lm *loggingMiddleware) OAuthCallback(ctx context.Context, state mgoauth2.State, client mgclients.Client) (token *magistrala.Token, err error) { +func (lm *loggingMiddleware) OAuthCallback(ctx context.Context, client mgclients.Client) (token *magistrala.Token, err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("state", state.String()), slog.String("user_id", client.ID), } if err != nil { @@ -413,5 +411,5 @@ func (lm *loggingMiddleware) OAuthCallback(ctx context.Context, state mgoauth2.S } lm.logger.Info("OAuth callback completed successfully", args...) }(time.Now()) - return lm.svc.OAuthCallback(ctx, state, client) + return lm.svc.OAuthCallback(ctx, client) } diff --git a/users/api/metrics.go b/users/api/metrics.go index b179696723..ea4328e818 100644 --- a/users/api/metrics.go +++ b/users/api/metrics.go @@ -9,7 +9,6 @@ import ( "github.com/absmach/magistrala" mgclients "github.com/absmach/magistrala/pkg/clients" - mgoauth2 "github.com/absmach/magistrala/pkg/oauth2" "github.com/absmach/magistrala/users" "github.com/go-kit/kit/metrics" ) @@ -193,11 +192,10 @@ func (ms *metricsMiddleware) Identify(ctx context.Context, token string) (string return ms.svc.Identify(ctx, token) } -func (ms *metricsMiddleware) OAuthCallback(ctx context.Context, state mgoauth2.State, client mgclients.Client) (*magistrala.Token, error) { - method := "oauth_callback_" + state.String() +func (ms *metricsMiddleware) OAuthCallback(ctx context.Context, client mgclients.Client) (*magistrala.Token, error) { defer func(begin time.Time) { - ms.counter.With("method", method).Add(1) - ms.latency.With("method", method).Observe(time.Since(begin).Seconds()) + ms.counter.With("method", "oauth_callback").Add(1) + ms.latency.With("method", "oauth_callback").Observe(time.Since(begin).Seconds()) }(time.Now()) - return ms.svc.OAuthCallback(ctx, state, client) + return ms.svc.OAuthCallback(ctx, client) } diff --git a/users/clients.go b/users/clients.go index 58c2cb9cd1..2f359d43e1 100644 --- a/users/clients.go +++ b/users/clients.go @@ -8,7 +8,6 @@ import ( "github.com/absmach/magistrala" "github.com/absmach/magistrala/pkg/clients" - mgoauth2 "github.com/absmach/magistrala/pkg/oauth2" ) // Service specifies an API that must be fullfiled by the domain service @@ -77,5 +76,5 @@ type Service interface { // OAuthCallback handles the callback from any supported OAuth provider. // It processes the OAuth tokens and either signs in or signs up the user based on the provided state. - OAuthCallback(ctx context.Context, state mgoauth2.State, client clients.Client) (*magistrala.Token, error) + OAuthCallback(ctx context.Context, client clients.Client) (*magistrala.Token, error) } diff --git a/users/events/events.go b/users/events/events.go index aa5fe1cd2b..7325fc4dc3 100644 --- a/users/events/events.go +++ b/users/events/events.go @@ -414,14 +414,12 @@ func (spre sendPasswordResetEvent) Encode() (map[string]interface{}, error) { } type oauthCallbackEvent struct { - state string clientID string } func (oce oauthCallbackEvent) Encode() (map[string]interface{}, error) { return map[string]interface{}{ "operation": oauthCallback, - "state": oce.state, "client_id": oce.clientID, }, nil } diff --git a/users/events/streams.go b/users/events/streams.go index 55c9ca1be0..f838c06080 100644 --- a/users/events/streams.go +++ b/users/events/streams.go @@ -10,7 +10,6 @@ import ( mgclients "github.com/absmach/magistrala/pkg/clients" "github.com/absmach/magistrala/pkg/events" "github.com/absmach/magistrala/pkg/events/store" - mgoauth2 "github.com/absmach/magistrala/pkg/oauth2" "github.com/absmach/magistrala/users" ) @@ -297,14 +296,13 @@ func (es *eventStore) SendPasswordReset(ctx context.Context, host, email, user, return es.Publish(ctx, event) } -func (es *eventStore) OAuthCallback(ctx context.Context, state mgoauth2.State, client mgclients.Client) (*magistrala.Token, error) { - token, err := es.svc.OAuthCallback(ctx, state, client) +func (es *eventStore) OAuthCallback(ctx context.Context, client mgclients.Client) (*magistrala.Token, error) { + token, err := es.svc.OAuthCallback(ctx, client) if err != nil { return token, err } event := oauthCallbackEvent{ - state: state.String(), clientID: client.ID, } diff --git a/users/mocks/service.go b/users/mocks/service.go index 9a81f1910b..4c2f6b13f2 100644 --- a/users/mocks/service.go +++ b/users/mocks/service.go @@ -12,8 +12,6 @@ import ( magistrala "github.com/absmach/magistrala" mock "github.com/stretchr/testify/mock" - - oauth2 "github.com/absmach/magistrala/pkg/oauth2" ) // Service is an autogenerated mock type for the Service type @@ -209,9 +207,9 @@ func (_m *Service) ListMembers(ctx context.Context, token string, objectKind str return r0, r1 } -// OAuthCallback provides a mock function with given fields: ctx, state, client -func (_m *Service) OAuthCallback(ctx context.Context, state oauth2.State, client clients.Client) (*magistrala.Token, error) { - ret := _m.Called(ctx, state, client) +// OAuthCallback provides a mock function with given fields: ctx, client +func (_m *Service) OAuthCallback(ctx context.Context, client clients.Client) (*magistrala.Token, error) { + ret := _m.Called(ctx, client) if len(ret) == 0 { panic("no return value specified for OAuthCallback") @@ -219,19 +217,19 @@ func (_m *Service) OAuthCallback(ctx context.Context, state oauth2.State, client var r0 *magistrala.Token var r1 error - if rf, ok := ret.Get(0).(func(context.Context, oauth2.State, clients.Client) (*magistrala.Token, error)); ok { - return rf(ctx, state, client) + if rf, ok := ret.Get(0).(func(context.Context, clients.Client) (*magistrala.Token, error)); ok { + return rf(ctx, client) } - if rf, ok := ret.Get(0).(func(context.Context, oauth2.State, clients.Client) *magistrala.Token); ok { - r0 = rf(ctx, state, client) + if rf, ok := ret.Get(0).(func(context.Context, clients.Client) *magistrala.Token); ok { + r0 = rf(ctx, client) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(*magistrala.Token) } } - if rf, ok := ret.Get(1).(func(context.Context, oauth2.State, clients.Client) error); ok { - r1 = rf(ctx, state, client) + if rf, ok := ret.Get(1).(func(context.Context, clients.Client) error); ok { + r1 = rf(ctx, client) } else { r1 = ret.Error(1) } diff --git a/users/service.go b/users/service.go index 1f3281cc94..586aa49f2c 100644 --- a/users/service.go +++ b/users/service.go @@ -5,7 +5,6 @@ package users import ( "context" - "fmt" "time" "github.com/absmach/magistrala" @@ -14,14 +13,12 @@ import ( "github.com/absmach/magistrala/pkg/errors" repoerr "github.com/absmach/magistrala/pkg/errors/repository" svcerr "github.com/absmach/magistrala/pkg/errors/service" - mgoauth2 "github.com/absmach/magistrala/pkg/oauth2" "github.com/absmach/magistrala/users/postgres" "golang.org/x/sync/errgroup" ) var ( errIssueToken = errors.New("failed to issue token") - errUserNotSignedUp = errors.New("user not signed up") errFailedPermissionsList = errors.New("failed to list permissions") errRecoveryToken = errors.New("failed to generate password recovery token") errLoginDisableUser = errors.New("failed to login in disabled user") @@ -592,37 +589,32 @@ func (svc *service) authorize(ctx context.Context, subjType, subjKind, subj, per return res.GetId(), nil } -func (svc service) OAuthCallback(ctx context.Context, state mgoauth2.State, client mgclients.Client) (*magistrala.Token, error) { - switch state { - case mgoauth2.SignIn: - rclient, err := svc.clients.RetrieveByIdentity(ctx, client.Credentials.Identity) - if err != nil { - if errors.Contains(err, repoerr.ErrNotFound) { - return &magistrala.Token{}, errors.Wrap(svcerr.ErrNotFound, errUserNotSignedUp) - } - return &magistrala.Token{}, errors.Wrap(svcerr.ErrViewEntity, err) - } - claims := &magistrala.IssueReq{ - UserId: rclient.ID, - Type: uint32(auth.AccessKey), - } - return svc.auth.Issue(ctx, claims) - case mgoauth2.SignUp: - rclient, err := svc.RegisterClient(ctx, "", client) - if err != nil { - if errors.Contains(err, repoerr.ErrConflict) { - return &magistrala.Token{}, errors.Wrap(svcerr.ErrConflict, errors.New("user already exists")) +func (svc service) OAuthCallback(ctx context.Context, client mgclients.Client) (*magistrala.Token, error) { + rclient, err := svc.clients.RetrieveByIdentity(ctx, client.Credentials.Identity) + if err != nil { + switch errors.Contains(err, repoerr.ErrNotFound) { + case true: + rclient, err = svc.RegisterClient(ctx, "", client) + if err != nil { + return &magistrala.Token{}, err } + default: return &magistrala.Token{}, err } - claims := &magistrala.IssueReq{ - UserId: rclient.ID, - Type: uint32(auth.AccessKey), + } + + if _, err = svc.authorize(ctx, auth.UserType, auth.UsersKind, rclient.ID, auth.MembershipPermission, auth.PlatformType, auth.MagistralaObject); err != nil { + if err := svc.addClientPolicy(ctx, rclient.ID, rclient.Role); err != nil { + return &magistrala.Token{}, err } - return svc.auth.Issue(ctx, claims) - default: - return &magistrala.Token{}, fmt.Errorf("unknown state %s", state) } + + claims := &magistrala.IssueReq{ + UserId: rclient.ID, + Type: uint32(auth.AccessKey), + } + + return svc.auth.Issue(ctx, claims) } func (svc service) Identify(ctx context.Context, token string) (string, error) { diff --git a/users/service_test.go b/users/service_test.go index d11d28b929..dd29b5aab5 100644 --- a/users/service_test.go +++ b/users/service_test.go @@ -17,7 +17,6 @@ import ( "github.com/absmach/magistrala/pkg/errors" repoerr "github.com/absmach/magistrala/pkg/errors/repository" svcerr "github.com/absmach/magistrala/pkg/errors/service" - mgoauth2 "github.com/absmach/magistrala/pkg/oauth2" "github.com/absmach/magistrala/pkg/uuid" "github.com/absmach/magistrala/users" "github.com/absmach/magistrala/users/hasher" @@ -2520,31 +2519,33 @@ func TestOAuthCallback(t *testing.T) { cases := []struct { desc string - state mgoauth2.State client mgclients.Client retrieveByIdentityResponse mgclients.Client retrieveByIdentityErr error addPoliciesResponse *magistrala.AddPoliciesRes addPoliciesErr error - deletePoliciesResponse *magistrala.DeletePoliciesRes - deletePoliciesErr error saveResponse mgclients.Client saveErr error + deletePoliciesResponse *magistrala.DeletePoliciesRes + deletePoliciesErr error + authorizeResponse *magistrala.AuthorizeRes + authorizeErr error issueResponse *magistrala.Token issueErr error err error }{ { - desc: "oauth signin callback with successfully", - state: mgoauth2.SignIn, + desc: "oauth signin callback with successfully", client: mgclients.Client{ Credentials: mgclients.Credentials{ Identity: "test@example.com", }, }, retrieveByIdentityResponse: mgclients.Client{ - ID: testsutil.GenerateUUID(t), + ID: testsutil.GenerateUUID(t), + Role: mgclients.UserRole, }, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, issueResponse: &magistrala.Token{ AccessToken: strings.Repeat("a", 10), RefreshToken: &validToken, @@ -2553,37 +2554,63 @@ func TestOAuthCallback(t *testing.T) { err: nil, }, { - desc: "oauth signin callback with error", - state: mgoauth2.SignIn, + desc: "oauth signup callback with successfully", client: mgclients.Client{ Credentials: mgclients.Credentials{ Identity: "test@example.com", }, }, - retrieveByIdentityResponse: mgclients.Client{}, - retrieveByIdentityErr: repoerr.ErrNotFound, - issueResponse: &magistrala.Token{}, - err: errors.New("user not signed up"), + retrieveByIdentityErr: repoerr.ErrNotFound, + addPoliciesResponse: &magistrala.AddPoliciesRes{ + Added: true, + }, + saveResponse: mgclients.Client{ + ID: testsutil.GenerateUUID(t), + Role: mgclients.UserRole, + }, + issueResponse: &magistrala.Token{ + AccessToken: strings.Repeat("a", 10), + RefreshToken: &validToken, + AccessType: "Bearer", + }, + err: nil, }, { - desc: "oauth signup callback with successfully", - state: mgoauth2.SignUp, + desc: "oauth signup callback with unknown error", client: mgclients.Client{ Credentials: mgclients.Credentials{ Identity: "test@example.com", }, }, - retrieveByIdentityResponse: mgclients.Client{ - ID: testsutil.GenerateUUID(t), + retrieveByIdentityErr: repoerr.ErrMalformedEntity, + err: repoerr.ErrMalformedEntity, + }, + { + desc: "oauth signup callback with failed to register user", + client: mgclients.Client{ + Credentials: mgclients.Credentials{ + Identity: "test@example.com", + }, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{ - Added: true, + retrieveByIdentityErr: repoerr.ErrNotFound, + addPoliciesResponse: &magistrala.AddPoliciesRes{Added: false}, + addPoliciesErr: svcerr.ErrAuthorization, + err: svcerr.ErrAuthorization, + }, + { + desc: "oauth signin callback with user not in the platform", + client: mgclients.Client{ + Credentials: mgclients.Credentials{ + Identity: "test@example.com", + }, }, - addPoliciesErr: nil, - saveResponse: mgclients.Client{ - ID: testsutil.GenerateUUID(t), + retrieveByIdentityResponse: mgclients.Client{ + ID: testsutil.GenerateUUID(t), + Role: mgclients.UserRole, }, - saveErr: nil, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, + authorizeErr: svcerr.ErrAuthorization, + addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, issueResponse: &magistrala.Token{ AccessToken: strings.Repeat("a", 10), RefreshToken: &validToken, @@ -2592,61 +2619,68 @@ func TestOAuthCallback(t *testing.T) { err: nil, }, { - desc: "oauth signup callback with error", - state: mgoauth2.SignUp, + desc: "oauth signin callback with user not in the platform and failed to add policy", client: mgclients.Client{ Credentials: mgclients.Credentials{ Identity: "test@example.com", }, }, retrieveByIdentityResponse: mgclients.Client{ - ID: testsutil.GenerateUUID(t), + ID: testsutil.GenerateUUID(t), + Role: mgclients.UserRole, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{ - Added: true, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, + authorizeErr: svcerr.ErrAuthorization, + addPoliciesResponse: &magistrala.AddPoliciesRes{Added: false}, + addPoliciesErr: svcerr.ErrAuthorization, + err: svcerr.ErrAuthorization, + }, + { + desc: "oauth signin callback with failed to issue token", + client: mgclients.Client{ + Credentials: mgclients.Credentials{ + Identity: "test@example.com", + }, }, - addPoliciesErr: nil, - deletePoliciesResponse: &magistrala.DeletePoliciesRes{ - Deleted: true, + retrieveByIdentityResponse: mgclients.Client{ + ID: testsutil.GenerateUUID(t), + Role: mgclients.UserRole, }, - deletePoliciesErr: nil, - saveResponse: mgclients.Client{}, - saveErr: repoerr.ErrConflict, - issueResponse: &magistrala.Token{}, - err: errors.New("user already exists"), + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + issueErr: svcerr.ErrAuthorization, + err: svcerr.ErrAuthorization, }, } for _, tc := range cases { - switch tc.state { - case mgoauth2.SignUp: - repoCall := cRepo.On("Save", context.Background(), mock.Anything).Return(tc.saveResponse, tc.saveErr) - repoCall1 := auth.On("AddPolicies", context.Background(), mock.Anything).Return(tc.addPoliciesResponse, tc.addPoliciesErr) - repoCall2 := auth.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePoliciesResponse, tc.deletePoliciesErr) - repoCall3 := auth.On("Issue", context.Background(), mock.Anything).Return(tc.issueResponse, tc.issueErr) - - token, err := svc.OAuthCallback(context.Background(), tc.state, tc.client) - if err == nil { - assert.Equal(t, tc.issueResponse.AccessToken, token.AccessToken) - assert.Equal(t, tc.issueResponse.RefreshToken, token.RefreshToken) - } - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Unset() - repoCall1.Unset() - repoCall2.Unset() - repoCall3.Unset() - case mgoauth2.SignIn: - repoCall := cRepo.On("RetrieveByIdentity", context.Background(), tc.client.Credentials.Identity).Return(tc.retrieveByIdentityResponse, tc.retrieveByIdentityErr) - repoCall1 := auth.On("Issue", context.Background(), mock.Anything).Return(tc.issueResponse, tc.issueErr) - token, err := svc.OAuthCallback(context.Background(), tc.state, tc.client) - if err == nil { - assert.Equal(t, tc.issueResponse.AccessToken, token.AccessToken) - assert.Equal(t, tc.issueResponse.RefreshToken, token.RefreshToken) - } - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Parent.AssertCalled(t, "RetrieveByIdentity", context.Background(), tc.client.Credentials.Identity) - repoCall.Unset() - repoCall1.Unset() + id := tc.saveResponse.ID + if tc.retrieveByIdentityResponse.ID != "" { + id = tc.retrieveByIdentityResponse.ID + } + authReq := &magistrala.AuthorizeReq{ + SubjectType: authsvc.UserType, + SubjectKind: authsvc.UsersKind, + Subject: id, + Permission: authsvc.MembershipPermission, + ObjectType: authsvc.PlatformType, + Object: authsvc.MagistralaObject, } + repoCall := cRepo.On("RetrieveByIdentity", context.Background(), tc.client.Credentials.Identity).Return(tc.retrieveByIdentityResponse, tc.retrieveByIdentityErr) + repoCall1 := cRepo.On("Save", context.Background(), mock.Anything).Return(tc.saveResponse, tc.saveErr) + authCall := auth.On("Issue", mock.Anything, mock.Anything).Return(tc.issueResponse, tc.issueErr) + authCall1 := auth.On("AddPolicies", mock.Anything, mock.Anything).Return(tc.addPoliciesResponse, tc.addPoliciesErr) + authCall2 := auth.On("Authorize", mock.Anything, authReq).Return(tc.authorizeResponse, tc.authorizeErr) + token, err := svc.OAuthCallback(context.Background(), tc.client) + if err == nil { + assert.Equal(t, tc.issueResponse.AccessToken, token.AccessToken) + assert.Equal(t, tc.issueResponse.RefreshToken, token.RefreshToken) + } + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) + repoCall.Parent.AssertCalled(t, "RetrieveByIdentity", context.Background(), tc.client.Credentials.Identity) + repoCall.Unset() + repoCall1.Unset() + authCall.Unset() + authCall1.Unset() + authCall2.Unset() } } diff --git a/users/tracing/tracing.go b/users/tracing/tracing.go index 24e8b7c900..d9777fc98a 100644 --- a/users/tracing/tracing.go +++ b/users/tracing/tracing.go @@ -8,7 +8,6 @@ import ( "github.com/absmach/magistrala" mgclients "github.com/absmach/magistrala/pkg/clients" - mgoauth2 "github.com/absmach/magistrala/pkg/oauth2" "github.com/absmach/magistrala/users" "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/trace" @@ -195,12 +194,11 @@ func (tm *tracingMiddleware) Identify(ctx context.Context, token string) (string } // OAuthCallback traces the "OAuthCallback" operation of the wrapped clients.Service. -func (tm *tracingMiddleware) OAuthCallback(ctx context.Context, state mgoauth2.State, client mgclients.Client) (*magistrala.Token, error) { +func (tm *tracingMiddleware) OAuthCallback(ctx context.Context, client mgclients.Client) (*magistrala.Token, error) { ctx, span := tm.tracer.Start(ctx, "svc_oauth_callback", trace.WithAttributes( - attribute.String("state", state.String()), attribute.String("client_id", client.ID), )) defer span.End() - return tm.svc.OAuthCallback(ctx, state, client) + return tm.svc.OAuthCallback(ctx, client) }