@@ -70,6 +70,11 @@ export async function proxyAuth(url: URL, method: 'forward-auth' | 'auth-request
7070 amr = [ 'pwd' ]
7171 } else {
7272 // User not logged in, redirect to login
73+ const logInfo = {
74+ reason : 'session_not_found' ,
75+ url : url . href ,
76+ }
77+ logger . debug ( `session not found, redirect to login: ${ JSON . stringify ( logInfo ) } )
7378 res . redirect ( redirCode , `${ appConfig . APP_URL } ${ oidcLoginPath ( appConfig . APP_URL , { redirectUrl : url . href , isProxyAuth : true } ) } )
7479 res . send ( )
7580 return
@@ -78,6 +83,11 @@ export async function proxyAuth(url: URL, method: 'forward-auth' | 'auth-request
7883 // Check that user is approved and verified and should be able to continue
7984 if ( ! userCanLogin ( user , amr ) ) {
8085 // If not, redirect to login flow, which will send to correct redirect
86+ const logInfo = {
87+ reason : 'login_not_finished' ,
88+ url : url . href ,
89+ }
90+ logger . debug ( `user has not finished login: ${ JSON . stringify ( logInfo ) } )
8191 res . redirect ( redirCode , `${ appConfig . APP_URL } ${ oidcLoginPath ( appConfig . APP_URL , { redirectUrl : url . href , isProxyAuth : true } ) } )
8292 res . send ( )
8393 return
@@ -86,6 +96,12 @@ export async function proxyAuth(url: URL, method: 'forward-auth' | 'auth-request
8696 // Check that proxyAuth domain does not require MFA or user is logged in with MFA already
8797 if ( ! ! match ?. mfaRequired && loginFactors ( amr ) < 2 ) {
8898 // If not, redirect to login flow, which will send to correct redirect
99+ const logInfo = {
100+ reason : 'domain_mfa_required' ,
101+ url : url . href ,
102+ domain : match . domain ,
103+ }
104+ logger . debug ( `mfa required for domain: ${ JSON . stringify ( logInfo ) } )
89105 res . redirect ( redirCode , `${ appConfig . APP_URL } ${ oidcLoginPath ( appConfig . APP_URL , { redirectUrl : url . href , isProxyAuth : true } ) } )
90106 res . send ( )
91107 return
0 commit comments