oidc: Log when a subject tries to authenticate but isn't allowed

go.mod

@@ -5,6 +5,7 @@ go 1.17
 require (
 	github.com/TwiN/g8 v1.2.0
 	github.com/TwiN/gocache v1.2.4
+	github.com/TwiN/gocache/v2 v2.0.0
 	github.com/TwiN/health v1.3.0
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
@@ -51,7 +52,6 @@ require (
 )
 
 require (
-	github.com/TwiN/gocache/v2 v2.0.0 // indirect
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
 	google.golang.org/appengine v1.6.6 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect

security/oidc.go

@@ -27,7 +27,7 @@ type OIDCConfig struct {
 
 // isValid returns whether the basic security configuration is valid or not
 func (c *OIDCConfig) isValid() bool {
-	return len(c.IssuerURL) > 0 && len(c.RedirectURL) > 0 && len(c.ClientID) > 0 && len(c.ClientSecret) > 0 && len(c.Scopes) > 0
+	return len(c.IssuerURL) > 0 && len(c.RedirectURL) > 0 && strings.HasSuffix(c.RedirectURL, "/authorization-code/callback") && len(c.ClientID) > 0 && len(c.ClientSecret) > 0 && len(c.Scopes) > 0
 }
 
 func (c *OIDCConfig) initialize() error {
@@ -123,7 +123,7 @@ func (c *OIDCConfig) callbackHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	log.Println("user is not in the list of allowed subjects")
+	log.Printf("[security][callbackHandler] Subject %s is not in the list of allowed subjects", idToken.Subject)
 	http.Redirect(w, r, "/login?error=access_denied", http.StatusFound)
 }