From 0f078f6cbf6e567f69d694e096ea56465f2789a8 Mon Sep 17 00:00:00 2001
From: Omer Aplatony <omerap12@gmail.com>
Date: Thu, 21 Nov 2024 20:05:58 +0200
Subject: [PATCH] oidc: Add log client IP address

Signed-off-by: Omer Aplatony <omerap12@gmail.com>
---
 util/oidc/oidc.go     | 1 +
 util/oidc/provider.go | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/util/oidc/oidc.go b/util/oidc/oidc.go
index 2f01dc167e3d4..5d742548e7e7d 100644
--- a/util/oidc/oidc.go
+++ b/util/oidc/oidc.go
@@ -376,6 +376,7 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) {
 	idToken, err := a.provider.Verify(idTokenRAW, a.settings)
 	if err != nil {
 		log.Warnf("Failed to verify token: %s", err)
+		log.Infof("Client IP: %s", r.RemoteAddr)
 		http.Error(w, common.TokenVerificationError, http.StatusInternalServerError)
 		return
 	}
diff --git a/util/oidc/provider.go b/util/oidc/provider.go
index 36601314d00f4..20f0bbaa6b703 100644
--- a/util/oidc/provider.go
+++ b/util/oidc/provider.go
@@ -130,9 +130,6 @@ func (p *providerImpl) Verify(tokenString string, argoSettings *settings.ArgoCDS
 			if err == nil {
 				break
 			}
-			// We store the error for each audience so that we can return a more detailed error message to the user.
-			// If this gets merged, we'll be able to detect failures unrelated to audiences and short-circuit this loop
-			// to avoid logging irrelevant warnings: https://github.com/coreos/go-oidc/pull/406
 			tokenVerificationErrors[aud] = err
 		}
 		// If the most recent attempt encountered an error, and if we have collected multiple errors, switch to the