diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py index f571c81..56972a4 100644 --- a/oidc_provider/lib/endpoints/authorize.py +++ b/oidc_provider/lib/endpoints/authorize.py @@ -60,15 +60,15 @@ class AuthorizeEndpoint(object): try: self.client = Client.objects.get(client_id=self.params.client_id) except Client.DoesNotExist: - logger.error('[Authorize] Invalid client identifier: %s', self.params.client_id) + logger.debug('[Authorize] Invalid client identifier: %s', self.params.client_id) raise ClientIdError() if self.is_authentication and not self.params.redirect_uri: - logger.error('[Authorize] Missing redirect uri.') + logger.debug('[Authorize] Missing redirect uri.') raise RedirectUriError() if not self.grant_type: - logger.error('[Authorize] Invalid response type: %s', self.params.response_type) + logger.debug('[Authorize] Invalid response type: %s', self.params.response_type) raise AuthorizeError(self.params.redirect_uri, 'unsupported_response_type', self.grant_type) @@ -83,7 +83,7 @@ class AuthorizeEndpoint(object): clean_redirect_uri = urlsplit(self.params.redirect_uri) clean_redirect_uri = urlunsplit(clean_redirect_uri._replace(query='')) if not (clean_redirect_uri in self.client.redirect_uris): - logger.error('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri) + logger.debug('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri) raise RedirectUriError() @@ -138,7 +138,7 @@ class AuthorizeEndpoint(object): query_fragment['state'] = self.params.state if self.params.state else '' except Exception as error: - logger.error('[Authorize] Error when trying to create response uri: %s', error) + logger.debug('[Authorize] Error when trying to create response uri: %s', error) raise AuthorizeError( self.params.redirect_uri, 'server_error', diff --git a/oidc_provider/lib/endpoints/token.py b/oidc_provider/lib/endpoints/token.py index a134f4f..a981eee 100644 --- a/oidc_provider/lib/endpoints/token.py +++ b/oidc_provider/lib/endpoints/token.py @@ -65,34 +65,34 @@ class TokenEndpoint(object): try: self.client = Client.objects.get(client_id=self.params.client_id) except Client.DoesNotExist: - logger.error('[Token] Client does not exist: %s', self.params.client_id) + logger.debug('[Token] Client does not exist: %s', self.params.client_id) raise TokenError('invalid_client') if not (self.client.client_secret == self.params.client_secret): - logger.error('[Token] Invalid client secret: client %s do not have secret %s', + logger.debug('[Token] Invalid client secret: client %s do not have secret %s', self.client.client_id, self.client.client_secret) raise TokenError('invalid_client') if self.params.grant_type == 'authorization_code': if not (self.params.redirect_uri in self.client.redirect_uris): - logger.error('[Token] Invalid redirect uri: %s', self.params.redirect_uri) + logger.debug('[Token] Invalid redirect uri: %s', self.params.redirect_uri) raise TokenError('invalid_client') try: self.code = Code.objects.get(code=self.params.code) except Code.DoesNotExist: - logger.error('[Token] Code does not exist: %s', self.params.code) + logger.debug('[Token] Code does not exist: %s', self.params.code) raise TokenError('invalid_grant') if not (self.code.client == self.client) \ or self.code.has_expired(): - logger.error('[Token] Invalid code: invalid client or code has expired', + logger.debug('[Token] Invalid code: invalid client or code has expired', self.params.redirect_uri) raise TokenError('invalid_grant') elif self.params.grant_type == 'refresh_token': if not self.params.refresh_token: - logger.error('[Token] Missing refresh token') + logger.debug('[Token] Missing refresh token') raise TokenError('invalid_grant') try: @@ -100,11 +100,11 @@ class TokenEndpoint(object): client=self.client) except Token.DoesNotExist: - logger.error('[Token] Refresh token does not exist: %s', self.params.refresh_token) + logger.debug('[Token] Refresh token does not exist: %s', self.params.refresh_token) raise TokenError('invalid_grant') else: - logger.error('[Token] Invalid grant type: %s', self.params.grant_type) + logger.debug('[Token] Invalid grant type: %s', self.params.grant_type) raise TokenError('unsupported_grant_type') def create_response_dic(self): diff --git a/oidc_provider/lib/utils/oauth2.py b/oidc_provider/lib/utils/oauth2.py index 9d54e75..eba482c 100644 --- a/oidc_provider/lib/utils/oauth2.py +++ b/oidc_provider/lib/utils/oauth2.py @@ -42,15 +42,15 @@ def protected_resource_view(scopes=[]): try: kwargs['token'] = Token.objects.get(access_token=access_token) except Token.DoesNotExist: - logger.error('[UserInfo] Token does not exist: %s', access_token) + logger.debug('[UserInfo] Token does not exist: %s', access_token) raise BearerTokenError('invalid_token') if kwargs['token'].has_expired(): - logger.error('[UserInfo] Token has expired: %s', access_token) + logger.debug('[UserInfo] Token has expired: %s', access_token) raise BearerTokenError('invalid_token') if not set(scopes).issubset(set(kwargs['token'].scope)): - logger.error('[UserInfo] Missing openid scope.') + logger.debug('[UserInfo] Missing openid scope.') raise BearerTokenError('insufficient_scope') except (BearerTokenError) as error: response = HttpResponse(status=error.status)