revomatico · seboudry · Jan 29, 2024 · Jan 29, 2024
diff --git a/kong-oidc.rockspec → kong-plugin-oidc-1.4.0-1.rockspec b/kong-oidc.rockspec → kong-plugin-oidc-1.4.0-1.rockspec
@@ -1,9 +1,8 @@
-package = "kong-oidc"
+package = "kong-plugin-oidc"
 version = "1.4.0-1"
 source = {
-    url = "git://github.com/revomatico/kong-oidc",
-    tag = "master",
-    dir = "kong-oidc"
+    url = "git://github.com/revomatico/kong-oidc.git",
+    tag = "master"
 }
 description = {
     summary = "A Kong plugin for implementing the OpenID Connect Relying Party (RP) functionality",
@@ -18,7 +17,7 @@ description = {
 
         It can be used as a reverse proxy terminating OAuth/OpenID Connect in front of an origin server so that the origin server/services can be protected with the relevant standards without implementing those on the server itself.
     ]],
-    homepage = "https://github.com/nokia/kong-oidc",
+    homepage = "https://github.com/revomatico/kong-oidc",
     license = "Apache 2.0"
 }
 dependencies = {
@@ -27,10 +26,10 @@ dependencies = {
 build = {
     type = "builtin",
     modules = {
-    ["kong.plugins.oidc.filter"] = "kong/plugins/oidc/filter.lua",
-    ["kong.plugins.oidc.handler"] = "kong/plugins/oidc/handler.lua",
-    ["kong.plugins.oidc.schema"] = "kong/plugins/oidc/schema.lua",
-    ["kong.plugins.oidc.session"] = "kong/plugins/oidc/session.lua",
-    ["kong.plugins.oidc.utils"] = "kong/plugins/oidc/utils.lua"
+        ["kong.plugins.oidc.filter"]  = "kong/plugins/oidc/filter.lua",
+        ["kong.plugins.oidc.handler"] = "kong/plugins/oidc/handler.lua",
+        ["kong.plugins.oidc.schema"]  = "kong/plugins/oidc/schema.lua",
+        ["kong.plugins.oidc.session"] = "kong/plugins/oidc/session.lua",
+        ["kong.plugins.oidc.utils"]   = "kong/plugins/oidc/utils.lua"
     }
 }
diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua
@@ -1,5 +1,5 @@
 local OidcHandler = {
-    VERSION = "1.3.0",
+    VERSION = "1.4.0",
     PRIORITY = 1000,
 }
 local utils = require("kong.plugins.oidc.utils")
@@ -95,6 +95,7 @@ function make_oidc(oidcConfig)
   local res, err = require("resty.openidc").authenticate(oidcConfig, ngx.var.request_uri, unauth_action)
 
   if err then
+    kong.log.err("Authentication failed: " .. err)
     if err == 'unauthorized request' then
       return kong.response.error(ngx.HTTP_UNAUTHORIZED)
     else
@@ -117,6 +118,7 @@ function introspect(oidcConfig)
       res, err = require("resty.openidc").introspect(oidcConfig)
     end
     if err then
+      kong.log.err("Introspect failed: " .. err)
       if oidcConfig.bearer_only == "yes" then
         ngx.header["WWW-Authenticate"] = 'Bearer realm="' .. oidcConfig.realm .. '",error="' .. err .. '"'
         return kong.response.error(ngx.HTTP_UNAUTHORIZED)

diff --git a/kong/plugins/oidc/schema.lua b/kong/plugins/oidc/schema.lua
@@ -18,13 +18,15 @@ return {
           {
             client_id = {
               type = "string",
-              required = true
+              required = true,
+              referenceable = true
             }
           },
           {
             client_secret = {
               type = "string",
-              required = true
+              required = true,
+              referenceable = true
             }
           },
           {
@@ -123,7 +125,8 @@ return {
           {
             session_secret = {
               type = "string",
-              required = false
+              required = false,
+              referenceable = true
             }
           },
           {