Log Auth0 session_id for the callback request after login

[stephencdaly]

What problem does this pull request solve?

Trello card: https://trello.com/c/GB7aE55f/2090-spike-investigate-matching-up-auth0-logs-and-forms-admin-application-logs

Log the session_id that we get in the post-login callback request from Auth0 so that we can link this up to the login events logged by Auth0 itself. Without this, we have no link between the Auth0 logs and our application logs meaning that if Auth0 returns a success login response but we fail to handle it for any reason on our end, we can't match up the 2 sets of logs.

Example log line that will be logged by forms-runner for the callback request:

{
  "method": "GET",
  "path": "/auth/auth0/callback",
  "format": "html",
  "controller": "AuthenticationController",
  "action": "callback_from_omniauth",
  "status": 302,
  "allocations": 5779,
  "duration": 31.77,
  "view": 0.0,
  "db": 15.93,
  "location": "http://localhost:3000/account/organisation/edit",
  "request_host": "localhost",
  "request_id": "efed4709-819d-4d45-a422-4fced8b28fd8",
  "session_id_hash": "dfef79304e387ccb098355bab74c9740372d1205bef1814dae4517749ef6f37d",
  "auth0_session_id": "lPXuGGemIDlYpn8hilHGh0tquZW16PFk"
}

We can link this up to the Auth0 event using the auth0_session_id which is the session_id:

{
  "log_id": "90020250131120017824001000000000000001223372038040013851",
  "data": {
    "date": "2025-01-31T12:00:17.774Z",
    "type": "s",
    "connection_id": "",
    "client_id": "xxx",
    "client_name": "forms-admin-local-dev",
    "ip": "xx.xx.x.xx",
    "user_agent": "Chrome 132.0.0 / Mac OS X 10.15.7",
    "details": {
      "prompts": [],
      "completedAt": 1738324817772,
      "elapsedTime": null,
      "actions": {
        "executions": [
          "ZTJaugVeQVJLcrUWIZ7y6781MjAyNTAxMzH6HfnHelROypknl5CroSPz"
        ]
      },
      "session_id": "lPXuGGemIDlYpn8hilHGh0tquZW16PFk"
    },
    "hostname": "govuk-forms-dev.uk.auth0.com",
    "user_id": "email|xxx",
    "user_name": "xxx",
    "$event_schema": {
      "version": "1.0.0"
    },
    "log_id": "90020250131120017824001000000000000001223372038040013851",
    "tenant_name": "govuk-forms-dev"
  }
}

Things to consider when reviewing

• Ensure that you consider the wider context.
• Does it work when run on your machine?
• Is it clear what the code is doing?
• Do the commit messages explain why the changes were made?
• Are there all the unit tests needed?
• Has all relevant documentation been updated?

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud