[WIP] further refresh_token debugging

backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/TokenCleanupService.java

@@ -58,17 +58,20 @@ public static void cleanupSsoSession(
                 log.debug("No existing Session found for token: {}, cannot invalidate session",
                         ssoSession.getAccessToken());
             } else {
-                log.debug("Existing Session found for token: {}, invalidating session", ssoSession.getAccessToken());
+                log.debug("Existing Session found for token: {}, refresh_token: {}, invalidating session",
+                        ssoSession.getAccessToken(), refreshToken);
                 try {
                     existingSession.invalidate();
                 } catch (IllegalStateException ex) {
                     log.debug("Unable to cleanup SsoSession: {}", ex.getMessage());
                 }
             }
             if (ssoContext.getSsoLocalConfig().getBoolean("ENGINE_SSO_ENABLE_EXTERNAL_SSO")) {
-                log.debug("Existing Session found for token: {}, invalidating session on external OP",
-                        ssoSession.getAccessToken());
-                ExternalOIDCService.logout(ssoContext, refreshToken);
+                log.debug("Existing Session found for token: {}, refresh_token: {}, invalidating session on external OP",
+                        ssoSession.getAccessToken(), refreshToken);
+                if (refreshToken != null) {
+                    ExternalOIDCService.logout(ssoContext, refreshToken);
+                }
             }
             invokeAuthnLogout(ssoContext, ssoSession);
             SsoService.notifyClientsOfLogoutEvent(ssoContext,

backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/OAuthRevokeServlet.java

@@ -47,6 +47,7 @@ protected void service(HttpServletRequest request, HttpServletResponse response)
 
             SsoSession ssoSession = ssoContext.getSsoSession(token);
             if (ssoSession != null) {
+                log.debug("refresh_token: {}", ssoSession.getRefreshToken());
                 Set<String> associatedClientIds = new TreeSet<>(ssoSession.getAssociatedClientIds());
                 boolean revokeAllScope = SsoService.scopeAsList(scope).contains("ovirt-ext=revoke:revoke-all");
                 if (revokeAllScope) {
@@ -55,10 +56,11 @@ protected void service(HttpServletRequest request, HttpServletResponse response)
                     ssoSession.getAssociatedClientIds().remove(clientIdAndSecret[0]);
                 }
                 if (revokeAllScope || ssoSession.getAssociatedClientIds().isEmpty()) {
-                    log.info("User {}@{} with profile [{}] successfully logged out",
+                    log.info("User {}@{} with profile [{}] successfully logged out, refresh_token: {}",
                             SsoService.getUserId(ssoSession.getPrincipalRecord()),
                             ssoContext.getUserAuthzName(ssoSession),
-                            ssoSession.getProfile());
+                            ssoSession.getProfile(),
+                            ssoSession.getRefreshToken());
                     TokenCleanupService.cleanupSsoSession(ssoContext, ssoSession, associatedClientIds);
                 }
             }