[OPENAM-5759] Update OAuth2 to display the token and user information in the OAuth2Provider.access log Created: 31/Mar/15  Updated: 20/Nov/16  Resolved: 03/Jul/15

Status: Resolved
Project: OpenAM
Component/s: audit logging, oauth2
Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0
Fix Version/s: 11.0.4, 12.0.3, 13.0.0

Type: Improvement Priority: Major
Reporter: Abel Hoxeng Assignee: Kamal Sivanandam
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: 0h
Time Spent: 10h
Original Estimate: 5h

Sprint: Sprint 82 - Sustaining, Sprint 83 - Sustaining, Sprint 84 - Sustaining
Support Ticket IDs:


In OpenAM 10.1.0 when the /oauth2/access_token endpoint was accessed, the users information would be stored in the OAuth2Provider.access log as follows:

"2015-03-31 09:35:10" "CREATED_TOKEN|{ ""type"": ""resource"", ""uuid"": ""765236ee-18dc-4a94-8220-16069b516359"", ""parent"":

{ ""type"": ""root"", ""uuid"": ""a7fa9f24-aa16-4817-aaa7-4bc392594822"", ""parent"": null }

, ""method"": ""create"", ""id"": ""46e4d1d6-f7b5-4a4f-82ea-a83d79567907"", ""value"":

{ ""id"": ""46e4d1d6-f7b5-4a4f-82ea-a83d79567907"", ""username"": [demo], ""scope"": [], ""expiry_time"": [1427823370751], ""realm"": [/], ""redirect_uri"": [null], ""parent"": [null], ""client_id"": [myClientID], ""type"": [refresh_token] }

}" "Not Available" "Not Available" "Not Available" "Not Available" "Not Available""cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" OAuth2Provider-1OAuth2Provider.access "Not Available" "Not Available"
"2015-03-31 09:35:10" "CREATED_TOKEN|{ ""type"": ""resource"", ""uuid"": ""5f3dca6a-3227-4476-8f2d-3a9467a55298"", ""parent"":

{ ""type"": ""root"", ""uuid"": ""9e82989a-52e6-4454-beea-19ef1e245c8e"", ""parent"": null }

, ""method"": ""create"", ""id"": ""356f9435-20c5-4230-bb90-f0edd1b0b44d"", ""value"":

{ ""id"": ""356f9435-20c5-4230-bb90-f0edd1b0b44d"", ""username"": [demo], ""scope"": [], ""expiry_time"": [1427823610764], ""realm"": [/], ""redirect_uri"": [null], ""parent"": [46e4d1d6-f7b5-4a4f-82ea-a83d79567907], ""client_id"": [myClientID], ""type"": [access_token] }

}" "Not Available" "Not Available" "Not Available" "Not Available" "Not Available" "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" OAuth2Provider-1 OAuth2Provider.access "Not Available" "Not Available"

As of OpenAM 11, this information is no longer displayed in the logs when accessing this end point. The logs record the following:

"2015-03-31 09:23:01" myClientID "Not Available" "Not Available" "Not Available" "Not Available" "Not Available" OAuth2Provider-15 "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" "Not Available" OAuth2Provider.access "Not Available"

This seems to be a result of AME-2375 when OpenDJTokenRepo.java was removed. This resulted in the audit logging also being removed.

Comment by Kamal Sivanandam [ 19/May/15 ]

Fixed in revision 14486,14487,14503

Comment by Kamal Sivanandam [ 09/Jul/15 ]

Fixed with 11.0.x r14547, 12.0.x r14545 and Trunk r14546

Generated at Wed Oct 21 10:36:52 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.