proxy: improve debugability of JWT authenticator (#156)

Signed-off-by: aeneasr <[email protected]>

cmd/serve_api.go

@@ -26,7 +26,7 @@ import (
 	"net/http"
 
 	"github.com/julienschmidt/httprouter"
-	"github.com/meatballhat/negroni-logrus"
+	negronilogrus "github.com/meatballhat/negroni-logrus"
 	"github.com/rs/cors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"

cmd/serve_proxy.go

@@ -26,7 +26,7 @@ import (
 	"net/http"
 	"net/http/httputil"
 
-	"github.com/meatballhat/negroni-logrus"
+	negronilogrus "github.com/meatballhat/negroni-logrus"
 	"github.com/rs/cors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"

go.mod

@@ -4,32 +4,33 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-errors/errors v1.0.1
-	github.com/go-sql-driver/mysql v1.4.0
-	github.com/golang/mock v1.1.1
+	github.com/go-sql-driver/mysql v1.4.1
+	github.com/golang/mock v1.2.0
+	github.com/gorilla/sessions v1.1.3 // indirect
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/julienschmidt/httprouter v1.2.0
 	github.com/lib/pq v1.0.0
 	github.com/meatballhat/negroni-logrus v0.0.0-20170801195057-31067281800f
-	github.com/ory/dockertest v3.3.2+incompatible
-	github.com/ory/fosite v0.28.0
+	github.com/ory/dockertest v3.3.4+incompatible
+	github.com/ory/fosite v0.29.0
 	github.com/ory/go-convenience v0.1.0
 	github.com/ory/graceful v0.1.0
-	github.com/ory/herodot v0.5.0
+	github.com/ory/herodot v0.6.0
 	github.com/ory/hydra v0.0.0-20181208123928-e4bc6c269c6f
 	github.com/ory/keto v0.0.0-20181213093025-a8d7f9f546ae
 	github.com/ory/ladon v1.0.0
-	github.com/ory/x v0.0.34
+	github.com/ory/x v0.0.37
 	github.com/pborman/uuid v1.2.0
-	github.com/pkg/errors v0.8.0
+	github.com/pkg/errors v0.8.1
 	github.com/rs/cors v1.6.0
-	github.com/rubenv/sql-migrate v0.0.0-20181106121204-ba2c6a7295c5
-	github.com/sirupsen/logrus v1.1.1
+	github.com/rubenv/sql-migrate v0.0.0-20190212093014-1007f53448d7
+	github.com/sirupsen/logrus v1.3.0
 	github.com/spf13/cobra v0.0.3
-	github.com/spf13/viper v1.2.1
-	github.com/stretchr/testify v1.2.2
+	github.com/spf13/viper v1.3.1
+	github.com/stretchr/testify v1.3.0
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce
 	github.com/urfave/negroni v1.0.0
-	golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4
+	golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635
 	gopkg.in/resty.v1 v1.10.3
-	gopkg.in/square/go-jose.v2 v2.1.9
+	gopkg.in/square/go-jose.v2 v2.2.2
 )

proxy/authenticator_jwt.go

@@ -63,6 +63,10 @@ func (a *AuthenticatorJWT) GetID() string {
 	return "jwt"
 }
 
+type tracer interface {
+	StackTrace() errors.StackTrace
+}
+
 func (a *AuthenticatorJWT) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error) {
 	var cf AuthenticatorOAuth2JWTConfiguration
 	token := helper.BearerTokenFromRequest(r)
@@ -105,7 +109,11 @@ func (a *AuthenticatorJWT) Authenticate(r *http.Request, config json.RawMessage,
 	})
 
 	if err != nil {
-		return nil, errors.WithStack(err)
+		if _, ok := err.(tracer); ok {
+			return nil, err
+		} else {
+			return nil, errors.WithStack(err)
+		}
 	} else if !parsedToken.Valid {
 		return nil, errors.WithStack(fosite.ErrInactiveToken)
 	}

rule/manager_sql.go

@@ -28,7 +28,7 @@ import (
 	"github.com/jmoiron/sqlx"
 	_ "github.com/lib/pq"
 	"github.com/pkg/errors"
-	"github.com/rubenv/sql-migrate"
+	migrate "github.com/rubenv/sql-migrate"
 
 	"github.com/ory/oathkeeper/helper"
 )

rule/manager_sql_helper.go

@@ -25,7 +25,7 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
-	"github.com/rubenv/sql-migrate"
+	migrate "github.com/rubenv/sql-migrate"
 )
 
 type sqlRule struct {