From c981a596113725721b196ccd8e5eba965bdc3dda Mon Sep 17 00:00:00 2001
From: tianj7 <jtian1@uchicago.edu>
Date: Tue, 9 Apr 2024 13:56:57 -0500
Subject: [PATCH] add logging

---
 fence/models.py           |  7 +++++++
 fence/oidc/oidc_server.py | 25 +++++++++++++++++++++----
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/fence/models.py b/fence/models.py
index 791b8f790..8a58a0585 100644
--- a/fence/models.py
+++ b/fence/models.py
@@ -349,6 +349,13 @@ def check_endpoint_auth_method(self, method, endpoint):
         """
         Only basic auth is supported. If anything else gets added, change this
         """
+        logger.info("checking endpoint and auth method")
+        logger.info("method is ")
+        logger.info(method)
+        logger.info("endpoint is")
+        logger.info(endpoint)
+        logger.info("confidential is ")
+        logger.info(self.is_confidential)
         if endpoint == "token":
             protected_types = [ClientAuthType.basic.value, ClientAuthType.post.value]
             return (self.is_confidential and method in protected_types) or (
diff --git a/fence/oidc/oidc_server.py b/fence/oidc/oidc_server.py
index 6ac81a5e2..e564e6f53 100644
--- a/fence/oidc/oidc_server.py
+++ b/fence/oidc/oidc_server.py
@@ -32,9 +32,25 @@ def authenticate(self, request, methods, endpoint):
         """
         Override method from authlib
         """
-        client = super(ClientAuthentication, self).authenticate(
-            request, methods, endpoint
-        )
+        logger.info("oidc_server.py cleintAuthentioncatoin authenticate")
+        logger.info("request is")
+        logger.info(request)
+        logger.info("methods are")
+        logger.info(methods)
+        logger.info("endpoint is")
+        logger.info(endpoint)
+
+        try:
+            client = super(ClientAuthentication, self).authenticate(
+                request, methods, endpoint
+            )
+        except AuthlibClientError:
+            raise InvalidClientError(
+                "OAuth client failed to authenticate; client ID or secret is"
+                " missing or incorrect"
+            )
+
+        logger.info("oidc_server.py clientAuthentioncation authenticate complete")
         # don't allow confidential clients to not use auth
         if client.is_confidential:
             m = list(methods)
@@ -46,9 +62,10 @@ def authenticate(self, request, methods, endpoint):
                 )
             except AuthlibClientError:
                 raise InvalidClientError(
-                    "OAuth client failed to authenticate; client ID or secret is"
+                    "Confidential OAuth client failed to authenticate; client ID or secret is"
                     " missing or incorrect"
                 )
+
         return client