fix: log at debug when openid scope not included#3727
fix: log at debug when openid scope not included#3727strehle merged 1 commit intocloudfoundry:developfrom
Conversation
mikeroda
commented
Jan 28, 2026
mikeroda
commented
- Should be able to request an access token without openid scope (i.e. ID token not requested) and not log an info-level message. Make the log debug instead.
- Should be able to request an access token without openid scope (i.e. ID token not requested) and not log an info-level message. Make the log debug instead.
cf-foundation-community-automation
Bot
moved this to Inbox
in Foundational Infrastructure Working Group
There was a problem hiding this comment.
Pull request overview
Adjusts logging behavior so requesting an access token without the openid scope no longer emits an info-level log when an ID token is not applicable.
Changes:
- Downgrades the “openid missing” message in
IdTokenGranterfrominfotodebug. - Updates the related test to temporarily set the Log4j root level to
DEBUGso the message can still be observed during assertions.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranter.java |
Changes the missing-openid log from INFO to DEBUG. |
uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java |
Adjusts test logging setup to capture DEBUG logs and restore the original root level. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| LoggerContext context = (LoggerContext) LogManager.getContext(false); | ||
| originalLevel = context.getRootLogger().getLevel(); | ||
| Configurator.setRootLevel(DEBUG); | ||
| context.getRootLogger().addAppender(appender); | ||
| } |
There was a problem hiding this comment.
This test sets the root logger level to DEBUG and adds an appender to the root logger, which can capture a lot of unrelated debug output and makes the assertion less targeted. Consider attaching the appender to the specific logger (e.g., org.cloudfoundry.identity.uaa.oauth.openid.IdTokenGranter) and/or filtering events by event.getLoggerName(), and capture LogEvents so you can assert the log level is DEBUG (so the test actually validates the INFO→DEBUG change).
| @@ -189,6 +195,7 @@ void removeAppender() { | |||
| if (appender != null) { | |||
| context.getRootLogger().removeAppender(appender); | |||
There was a problem hiding this comment.
removeAppender() restores the root level but doesn't stop the AbstractAppender. Stopping it (e.g., appender.stop()) after removal helps avoid lingering resources/threads and matches the lifecycle implied by appender.start() in the setup.
| context.getRootLogger().removeAppender(appender); | |
| context.getRootLogger().removeAppender(appender); | |
| appender.stop(); |
strehle
left a comment
strehle
left a comment
There was a problem hiding this comment.
from my side ok if you dont want the id token
github-project-automation
Bot
moved this from Inbox
to Pending Merge | Prioritized
in Foundational Infrastructure Working Group
github-project-automation
Bot
moved this from Pending Merge | Prioritized
to Done
in Foundational Infrastructure Working Group
