authorize: log id token claims separately from id token (#4394)

2025-06-03 11:22:45 +02:00 · 2023-07-26 11:45:10 -06:00 · 2023-07-26 11:45:10 -06:00 · 6c1416fc0f
commit 6c1416fc0f
parent 05c6de3642
3 changed files with 10 additions and 4 deletions
--- a/authorize/log.go
+++ b/authorize/log.go
@ -164,12 +164,15 @@ func populateLogEvent(
 		return evt.Str(string(field), in.GetAttributes().GetRequest().GetHttp().GetHost())
 	case log.AuthorizeLogFieldIDToken:
 		if s, ok := s.(*session.Session); ok {
-			evt = evt.Str("id-token", s.GetIdToken().GetRaw())
-
+			evt = evt.Str(string(field), s.GetIdToken().GetRaw())
+		}
+		return evt
+	case log.AuthorizeLogFieldIDTokenClaims:
+		if s, ok := s.(*session.Session); ok {
 			if t, err := jwt.ParseSigned(s.GetIdToken().GetRaw()); err == nil {
 				var m map[string]any
 				_ = t.UnsafeClaimsWithoutVerification(&m)
-				evt = evt.Interface("id-token-claims", m)
+				evt = evt.Interface(string(field), m)
 			}
 		}
 		return evt