Add logging for token introspection and user activity check

Additional logging has been inserted into the OktaOAuthAuthenticationService class. The log records token introspection response and a new check is also implemented to ensure user activity, logging failure if the user is not active.
hms-dbmi · Jan 22, 2024 · 8e6a6a9 · 8e6a6a9
1 parent 43099eb
commit 8e6a6a9
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/.../java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OktaOAuthAuthenticationService.java b/.../java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OktaOAuthAuthenticationService.java
@@ -55,6 +55,8 @@ public Response authenticate(UriInfo uriInfo, Map<String, String> authRequest) {
                 return PICSUREResponse.error("Failed to introspect access token.");
             }
 
+            logger.info("Introspection Token: " + introspectResponse);
+
             User user = initializeUser(introspectResponse);
             if (user == null) {
                 logger.info("LOGIN FAILED ___ USER NOT FOUND ___ " + userToken.get("email").asText() + ":" + userToken.get("sub").asText() + " ___");
@@ -72,6 +74,12 @@ public Response authenticate(UriInfo uriInfo, Map<String, String> authRequest) {
     }
 
     private User initializeUser(JsonNode introspectResponse) {
+        boolean isActive = introspectResponse.get("active").asBoolean();
+        if (!isActive) {
+            logger.info("LOGIN FAILED ___ USER IS NOT ACTIVE ___ ");
+            return null;
+        }
+
         User user = loadUser(introspectResponse);
         clearCache(user);
         user = addUserRoles(user);