Skip to content

Commit

Permalink
Improve logging for JWKS download failures.
Browse files Browse the repository at this point in the history
Adds a span so that we can correlate log messages, adds debug output for the content of the file.
Fixes #4448
  • Loading branch information
bryn committed Jan 9, 2024
1 parent 2fb4c78 commit 74faa48
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 3 deletions.
13 changes: 13 additions & 0 deletions .changesets/fix_bryn_jwks_logs.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
### Improve logging for JWKS download failures. ([Issue #4448](https://github.com/apollographql/router/issues/4448))

To enable users to debug JWKS download and parse failures more easily, we've added more detailed logging to the router. The router now logs the following information when a JWKS download or parse fails:

```
2024-01-09T12:32:20.174144Z ERROR fetch jwks{url=http://bad.jwks.com/,} could not create JSON Value from url content, enable debug logs to see content e=expected value at line 1 column 1
```
Enabling debug logs via `APOLLO_LOG=debug` or `--logs DEBUG` will show the full JWKS content being parsed:
```
2024-01-09T12:32:20.153055Z DEBUG fetch jwks{url=http://bad.jwks.com/,} parsing JWKS data="invalid jwks"
```

By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/4449
11 changes: 8 additions & 3 deletions apollo-router/src/plugins/authentication/jwks.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ use serde_json::Value;
use tokio::fs::read_to_string;
use tokio::sync::oneshot;
use tower::BoxError;
use tracing_futures::Instrument;
use url::Url;

use super::CLIENT;
Expand Down Expand Up @@ -55,7 +56,10 @@ impl JwksManager {
.iter()
.cloned()
.map(|JwksConfig { url, .. }| {
get_jwks(url.clone()).map(|opt_jwks| opt_jwks.map(|jwks| (url, jwks)))
let span = tracing::info_span!("fetch jwks", url = %url);
get_jwks(url.clone())
.map(|opt_jwks| opt_jwks.map(|jwks| (url, jwks)))
.instrument(span)
})
.collect::<Vec<_>>();

Expand Down Expand Up @@ -140,7 +144,7 @@ pub(super) async fn get_jwks(url: Url) -> Option<JwkSet> {
let path = url
.to_file_path()
.map_err(|e| {
tracing::error!("could not process url: {:?}", url);
tracing::error!("url cannot be converted to filesystem path");
e
})
.ok()?;
Expand Down Expand Up @@ -187,10 +191,11 @@ pub(super) async fn get_jwks(url: Url) -> Option<JwkSet> {
//
// Try to identify any entries which contain algorithms which are not supported by
// jsonwebtoken.
tracing::debug!(data, "parsing JWKS");

let mut raw_json: Value = serde_json::from_str(&data)
.map_err(|e| {
tracing::error!(%e, "could not create JSON Value from url content");
tracing::error!(%e, "could not create JSON Value from url content, enable debug logs to see content");
e
})
.ok()?;
Expand Down

0 comments on commit 74faa48

Please sign in to comment.