Skip to content

More error logging and customizable error handling with JWT policy #7429

New issue
New issue
Open
Open
More error logging and customizable error handling with JWT policy#7429
Labels
area/securityIssues related to security capabilities or concernsproposalAn issue that proposes a feature requestready for refinementAn issue that was triaged and it is ready to be refined
@anderius

Description

@anderius
anderius
opened on Feb 28, 2025

Is your feature request related to a problem? Please describe.

Some commons errors could be easily solved if the logging or response was improved. For example, we see that many consumers use wrong issuer, or use an recently expired token.

Describe the solution you'd like

It would be very helpful if the reason the token was rejected, was logged with context making it possible to correlate it with the access log.

Sometimes, these error happens so often, that it is desired to give the error message back to the user. In that case, it should be customizable. For example, a list of error codes, and a subset of those that we can choose to expose to the client.

Describe alternatives you've considered

To get some logging, we currently parse and validates the token manually AFTER it is rejected, to catch some common errors. That is not ideal.

Additional context

None.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securityIssues related to security capabilities or concernsproposalAn issue that proposes a feature requestready for refinementAn issue that was triaged and it is ready to be refined

    Type

    No type

    Projects

    NGINX Ingress Controller

    Status

    Prioritized backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions