Change error handling and logging in auth

django_backend/backend/auth/v1/views.py

@@ -26,6 +26,10 @@ def idp_id_from_request(request):
     return default_idp().id
 
 
+class AuthException(Exception):
+    pass
+
+
 class Auth(View):
     def get(self, request):
         try:
@@ -41,7 +45,7 @@ class Auth(View):
                 state,
             )
 
-            LOGGER.debug('redirecting user to oidc client %s', oidc_config)
+            LOGGER.debug('Auth: redirecting %s to IdP %s', state, oidc_config)
             return redirect(auth_redirect)
 
         except Exception as exception:
@@ -57,16 +61,21 @@ class AuthCallback(View):
         try:
             state = utils.get_session(request, 'state', None)
             idp_id = utils.get_session(request, 'idp_id', default_idp().id)
+
             oidc_config = OIDCConfig.objects.get(id=idp_id)
+            LOGGER.debug('AuthCallback: %s returned from IdP %s', state, oidc_config)
 
             aresp = oidc_config.oidc_client.parse_response(
                 AuthorizationResponse,
                 info=json.dumps(request.GET),
             )
+            if 'error' in aresp:
+                LOGGER.debug('AuthCallback: error response: %s', aresp)
+                raise AuthException('Erroneous callback from IdP {}'.format(oidc_config))
 
             if not state == aresp['state']:
-                LOGGER.error('states do not match')
-                raise Exception('States do not match')
+                LOGGER.error('AuthCallback: states do not match')
+                raise AuthException('AuthCallbackStates do not match')
 
             ac_token_response = (
                 oidc_config.oidc_client.do_access_token_request(
@@ -114,7 +123,7 @@ class AuthCallback(View):
 
             return response
 
-        except Exception as exception:
+        except AuthException as exception:
             LOGGER.error('AuthCallback: %s', exception)
 
             # the error is deleted from the session when the state is delivered