From f1c4b79d4d07922fab99c458e7d7ffc6d96d7293 Mon Sep 17 00:00:00 2001
From: jevanlingen <jacobvanlingen@hotmail.com>
Date: Tue, 29 Mar 2016 10:44:28 +0200
Subject: [PATCH] Log response body if one exists

If the OpenID Connect server returns an invalid client error, you can't find that in the logging (because the real error is only visible in the response body).

Logged:
`HTTP Status 401 - Authentication Failed: Unable to obtain Access Token: 401 Unauthorized`

Non logged:
`{"error_description":"Client authentication failed: Invalid authentication","error":"invalid_client"}`
---
 .../mitre/openid/connect/client/OIDCAuthenticationFilter.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
index bbb1b1c01..dcbc4349e 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
@@ -415,6 +415,10 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 			// Handle error
 
 			logger.error("Token Endpoint error response:  " + e.getMessage());
+			
+			if (e instanceof HttpClientErrorException) {
+				logger.debug("Token Endpoint message body: " + ((HttpClientErrorException) e).getResponseBodyAsString());
+			}
 
 			throw new AuthenticationServiceException("Unable to obtain Access Token: " + e.getMessage());
 		}