Browse Source
debug: add comprehensive logging to JWT authentication flow
debug: add comprehensive logging to JWT authentication flow
Added detailed debug logging to identify the root cause of JWT authentication failures in S3 IAM integration tests. ### Debug Logging Added: **1. IsActionAllowed method (iam_manager.go):** - Session token validation progress - Role name extraction from principal ARN - Role definition lookup - Policy evaluation steps and results - Detailed error reporting at each step **2. ValidateJWTWithClaims method (token_utils.go):** - Token parsing and validation steps - Signing method verification - Claims structure validation - Issuer validation - Session ID validation - Claims validation method results **3. JWT Token Generation (s3_iam_framework.go):** - Updated to use exact field names matching STSSessionClaims struct - Added all required claims with proper JSON tags - Ensured compatibility with STS service expectations ### Key Findings: - Error changed from 403 AccessDenied to 501 NotImplemented after rebuild - This suggests the issue may be AWS SDK header compatibility - The 501 error matches the original GitHub Actions failure - JWT authentication flow debugging infrastructure now in place ### Next Steps: - Investigate the 501 NotImplemented error - Check AWS SDK header compatibility with SeaweedFS S3 implementation - The debug logs will help identify exactly where authentication fails This provides comprehensive visibility into the JWT authentication flow to identify and resolve the remaining authentication issues.pull/7160/head
4 changed files with 72 additions and 40 deletions
-
72test/s3/iam/s3_iam_framework.go
-
17weed/iam/integration/iam_manager.go
-
10weed/iam/policy/policy_engine.go
-
13weed/iam/sts/token_utils.go
Write
Preview
Loading…
Cancel
Save
Reference in new issue