quarkusio · sberyozkin · May 16, 2024 · May 16, 2024
diff --git a/...sions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/...sions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java
@@ -872,10 +872,9 @@ public Throwable apply(Throwable tInner) {
 
     private static void logAuthenticationError(RoutingContext context, Throwable t) {
         final String errorMessage = errorMessage(t);
-        final boolean accessTokenFailure = context.get(OidcConstants.ACCESS_TOKEN_VALUE) != null
-                && context.get(OidcUtils.CODE_ACCESS_TOKEN_RESULT) == null;
+        final boolean accessTokenFailure = context.get(OidcUtils.CODE_ACCESS_TOKEN_FAILURE) != null;
         if (accessTokenFailure) {
-            LOG.errorf("Access token verification has failed: %s. ID token has not been verified yet", errorMessage);
+            LOG.errorf("Access token verification has failed: %s.", errorMessage);
         } else {
             LOG.errorf("ID token verification has failed: %s", errorMessage);
         }

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java
@@ -166,6 +166,7 @@ private Uni<SecurityIdentity> validateTokenWithUserInfoAndCreateIdentity(Map<Str
                     @Override
                     public Uni<SecurityIdentity> apply(TokenVerificationResult codeAccessToken, Throwable t) {
                         if (t != null) {
+                            requestData.put(OidcUtils.CODE_ACCESS_TOKEN_FAILURE, t);
                             return Uni.createFrom().failure(new AuthenticationFailedException(t));
                         }
 
@@ -217,6 +218,7 @@ public Uni<SecurityIdentity> apply(TokenVerificationResult result, Throwable t)
                                     public Uni<SecurityIdentity> apply(TokenVerificationResult codeAccessTokenResult,
                                             Throwable t) {
                                         if (t != null) {
+                                            requestData.put(OidcUtils.CODE_ACCESS_TOKEN_FAILURE, t);
                                             return Uni.createFrom().failure(t instanceof AuthenticationFailedException ? t
                                                     : new AuthenticationFailedException(t));
                                         }

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java
@@ -100,6 +100,7 @@ public final class OidcUtils {
     public static final String ANNOTATION_BASED_TENANT_RESOLUTION_ENABLED = "io.quarkus.oidc.runtime.select-tenants-with-annotation";
     static final String UNDERSCORE = "_";
     static final String CODE_ACCESS_TOKEN_RESULT = "code_flow_access_token_result";
+    static final String CODE_ACCESS_TOKEN_FAILURE = "code_flow_access_token_failure";
     static final String COMMA = ",";
     static final Uni<Void> VOID_UNI = Uni.createFrom().voidItem();
     static final BlockingTaskRunner<Void> deleteTokensRequestContext = new BlockingTaskRunner<Void>();