tidying and more debug logging

src/auth_server/flows.py

@@ -120,7 +120,7 @@ async def _run_steps(self, steps: List[str]) -> Optional[GrantResponse]:
             logger.debug(f"step {flow_step} done, next step will be called")
         return None
 
-    async def continue_transaction(self, continue_request: ContinueRequest):
+    async def continue_transaction(self, continue_request: ContinueRequest) -> Optional[GrantResponse]:
         # check the client authentication for the continuation request against the same key used for the grant request
         self.state.proof_ok = await self.check_proof(
             gnap_key=self.state.grant_request.client.key, gnap_request=continue_request
@@ -326,7 +326,6 @@ async def handle_interaction(self) -> Optional[GrantResponse]:
             )
             wait = 30  # I guess it takes at least 30 seconds for a user to authenticate
 
-        # TODO: create jwt for continue access token?
         self.state.continue_access_token = get_hex_uuid4()
         continue_response = Continue(
             uri=str(continue_url),

src/auth_server/proof/mtls.py

@@ -27,16 +27,19 @@ async def check_mtls_proof(gnap_key: Key, cert: str) -> bool:
     if gnap_key.cert_S256 is not None:
         logger.debug(f"cert#S256: {gnap_key.cert_S256}")
         if tls_fingerprint == gnap_key.cert_S256:
-            logger.info(f"TLS cert fingerprint matches grant request cert#S256")
+            logger.info("TLS cert fingerprint matches grant request cert#S256")
             return True
-        logger.info(f"TLS cert fingerprint does NOT match grant request cert#S256")
+        logger.info("TLS cert fingerprint does NOT match grant request cert#S256")
     elif gnap_key.cert is not None:
         grant_cert = load_cert_from_str(gnap_key.cert)
         grant_cert_fingerprint = b64encode(grant_cert.fingerprint(algorithm=SHA256())).decode("utf-8")
         logger.debug(f"grant cert fingerprint: {grant_cert_fingerprint}")
         if tls_fingerprint == grant_cert_fingerprint:
-            logger.info(f"TLS cert fingerprint matches grant request cert fingerprint")
+            logger.info("TLS cert fingerprint matches grant request cert fingerprint")
             return True
-        logger.info(f"TLS cert fingerprint does NOT match grant request cert fingerprint")
+        logger.info("TLS cert fingerprint does NOT match grant request cert fingerprint")
 
+    logger.info("TLS cert does NOT match grant request cert")
+    logger.debug(f"tried gnap_key.cert_S256: {bool(gnap_key.cert_S256)}")
+    logger.debug(f"tried gnap_key.cert: {bool(gnap_key.cert)}")
     return False

src/auth_server/routers/root.py

@@ -130,16 +130,19 @@ async def continue_transaction(
         raise HTTPException(status_code=404, detail="transaction not found")
 
     transaction_state = TransactionState(**transaction_doc)
+    logger.debug(f"transaction_state loaded: {transaction_state}")
 
     # check continue access token
     if authorization != f"GNAP {transaction_state.continue_access_token}":
         raise HTTPException(status_code=401, detail="permission denied")
 
-    # return continue response again if interaction is not completed
+    # return continue response again if interaction is not completed or interaction reference is not used
     if transaction_state.flow_state != FlowState.APPROVED:
-        # TODO: update expires_in and return error message to clients not waiting long enough
+        logger.debug(f"transaction state: {transaction_state.flow_state}. Can not continue yet.")
+        # TODO: update expires_in, auth token and return error message to clients not waiting long enough
         return transaction_state.grant_response
 
+    logger.debug(f"transaction state: {transaction_state.flow_state}. Continuing flow")
     # initialize flow to continue
     auth_flow_name = transaction_state.flow_name
     auth_flow = request.app.auth_flows.get(auth_flow_name)