Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apple: Log Message Parameters have incorrect order #381

Closed
ghost opened this issue Feb 13, 2020 · 2 comments · Fixed by #382
Closed

Apple: Log Message Parameters have incorrect order #381

ghost opened this issue Feb 13, 2020 · 2 comments · Fixed by #382
Assignees
@martincostello
Labels
bug
Milestone
3.1.0

Comments

@ghost
Copy link

ghost commented Feb 13, 2020

Describe the bug
Log message has parameters in wrong order in class DefaultAppleIdTokenValidator

   _logger.LogError(
                    ex,
                    "Apple ID token validation failed for issuer {TokenIssuer} and audience {TokenAudience}. ID Token: {IdToken}",
                    parameters.ValidAudience,
                    parameters.ValidIssuer,
                    context.IdToken);

parameters.ValidAudience and parameters.ValidIssuer is swapped

Also it is logging PII data because of context.IdToken

Steps To reproduce
Cause a validation error

Expected behaviour
Log message is correctly formatted

Apple ID token validation failed for issuer "https://appleid.apple.com" and audience "com.xxx.client". ID Token: xxxxxx

Actual behaviour

Apple ID token validation failed for issuer "com.xxx.client" and audience "https://appleid.apple.com". ID Token: xxxxxx

System information:

  • OS: Linux
  • Library Version [3.0.0]
  • .NET version 3.1.1

Additional context
This was seen when Apple rotated keys. cause the and error so the log message was triggeren
@martincostello martincostello self-assigned this Feb 13, 2020
@martincostello martincostello added this to the 3.1.0 milestone Feb 13, 2020
martincostello added a commit to martincostello/AspNet.Security.OAuth.Providers that referenced this issue Feb 13, 2020
@martincostello
Fix log message when Apple ID token validation fails
c1cf683 
Fix the issuer and audience parameters in log message being the wrong way around.
Log the Apple ID that failed token validation at trace, rather than in the error log message.
Resolves aspnet-contrib#381.
@martincostello martincostello mentioned this issue Feb 13, 2020
Merged
@martincostello
Copy link
Member

Thanks for reporting this @sawcmk - I've opened #382 to fix this as part of the next release.

martincostello added a commit that referenced this issue Feb 13, 2020
@martincostello
Fix log message when Apple ID token validation fails
451d8b9 
Fix the issuer and audience parameters in log message being the wrong way around.
Log the Apple ID that failed token validation at trace, rather than in the error log message.
Resolves #381.
@martincostello
Copy link
Member

This fix is now available from NuGet.org: https://www.nuget.org/packages/AspNet.Security.OAuth.Apple/3.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@martincostello martincostello

Labels
bug
Milestone
3.1.0
Development

Successfully merging a pull request may close this issue.

Fix log message when Apple ID token validation fails martincostello/AspNet.Security.OAuth.Providers
1 participant
@martincostello