Search code examples
loggingoauthwso2tokenapim

Gnereta oauth token - log user information

is it possible to log information about which user is trying to generate an oauth token? I would like to see user login or consumerKey. I know that the login can be seen in the audit.log file when the user generates the token via grant type password. Is this possible with grant type client_credentials?

Solution

  • You can add the following configuration to the API Manager deployment.toml

    [event.default_listener.oauth_listener]
priority= 12
enable = true

    Additionally add the following configurations to the log4j2.properties file in repository/conf location.

    1. Add the following appender and logger

      appender.TRANSACTION_LOGFILE.type = RollingFile appender.TRANSACTION_LOGFILE.name = TRANSACTION_LOGFILE appender.TRANSACTION_LOGFILE.fileName = ${sys:carbon.home}/repository/logs/transaction.log appender.TRANSACTION_LOGFILE.filePattern = ${sys:carbon.home}/repository/logs/transaction-%d{MM-dd-yyyy}.%i.log appender.TRANSACTION_LOGFILE.layout.type = PatternLayout appender.TRANSACTION_LOGFILE.layout.pattern = [%d] - %mm %n appender.TRANSACTION_LOGFILE.policies.type = Policies appender.TRANSACTION_LOGFILE.policies.time.type = TimeBasedTriggeringPolicy appender.TRANSACTION_LOGFILE.policies.time.interval = 1 appender.TRANSACTION_LOGFILE.policies.time.modulate = true appender.TRANSACTION_LOGFILE.policies.size.type = SizeBasedTriggeringPolicy appender.TRANSACTION_LOGFILE.policies.size.size=10MB appender.TRANSACTION_LOGFILE.strategy.type = DefaultRolloverStrategy appender.TRANSACTION_LOGFILE.strategy.max = 20 appender.TRANSACTION_LOGFILE.threshold.type = ThresholdFilter appender.TRANSACTION_LOGFILE.threshold.level = INFO

      logger.TRANSACTION_LOGGER.name=TRANSACTION_LOGGER logger.TRANSACTION_LOGGER.level=INFO logger.TRANSACTION_LOGGER.appenderRef.TRANSACTION_LOGFILE.ref = TRANSACTION_LOGFILE

      logger.DELETE_EVENT_LOGGER.name=DELETE_EVENT_LOGGER logger.DELETE_EVENT_LOGGER.level=INFO logger.DELETE_EVENT_LOGGER.appenderRef.TRANSACTION_LOGFILE.ref = TRANSACTION_LOGFILE

    2. Add TRANSACTION_LOGFILE as appender.

    3. Add TRANSACTION_LOGGER and DELETE_EVENT_LOGGER as loggers.

    Sample log line:

    [2023-01-09 19:52:11,537]  INFO - TRANSACTION_LOGGER Type: OAUTH TOKEN | Info: {"expires_in_seconds":3600,"grant_type":"client_credentials","success":true,"time_taken_in_millis":128,"type":"oauth","issued_time":1673274131530,"user":"[email protected]","client_id":"SWxioTfcxLBsZobPbs29hjxhTLUa"}

    Refer https://is.docs.wso2.com/en/latest/guides/access-delegation/oauth-transaction-logs/