oidc add cookie logs (ydb-platform#11367)

Co-authored-by: Andrey Molotkov <molotkov-and@ydb.tech>

ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp

@@ -1,6 +1,7 @@
 #include <library/cpp/json/json_reader.h>
 #include <library/cpp/string_utils/base64/base64.h>
 #include <ydb/library/actors/http/http.h>
+#include <ydb/library/security/util.h>
 #include <ydb/mvp/core/appdata.h>
 #include <ydb/mvp/core/mvp_tokens.h>
 #include <ydb/mvp/core/mvp_log.h>
@@ -23,10 +24,16 @@ void THandlerSessionServiceCheckNebius::StartOidcProcess(const NActors::TActorCo
     LOG_DEBUG_S(ctx, EService::MVP, "Start OIDC process");
 
     NHttp::TCookies cookies(headers.Get("Cookie"));
+    TString sessionCookieName = CreateNameSessionCookie(Settings.ClientId);
+    TStringBuf sessionCookieValue = cookies.Get(sessionCookieName);
+    if (!sessionCookieValue.Empty()) {
+        LOG_DEBUG_S(ctx, EService::MVP, "Using session cookie (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")");
+    }
+
 
     TString sessionToken;
     try {
-        Base64StrictDecode(cookies.Get(CreateNameSessionCookie(Settings.ClientId)), sessionToken);
+        Base64StrictDecode(sessionCookieValue, sessionToken);
     } catch (std::exception& e) {
         LOG_DEBUG_S(ctx, EService::MVP, "Base64Decode session cookie: " << e.what());
         sessionToken.clear();

ydb/mvp/oidc_proxy/oidc_proxy_ut.cpp

@@ -395,7 +395,7 @@ Y_UNIT_TEST_SUITE(Mvp) {
         EatWholeString(incomingRequest, "GET /" + allowedProxyHost + "/counters HTTP/1.1\r\n"
                                 "Host: oidcproxy.net\r\n"
                                 "Cookie: yc_session=allowed_session_cookie;"
-                                + CreateSecureCookie(settings.ClientId, "session_cookie") + "\r\n\r\n");
+                                + CreateNameSessionCookie(settings.ClientId) + "=" + Base64Encode("session_cookie") + "\r\n\r\n");
         runtime.Send(new IEventHandle(target, edge, new NHttp::TEvHttpProxy::TEvHttpIncomingRequest(incomingRequest)));
         TAutoPtr<IEventHandle> handle;
 

ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp

@@ -1,6 +1,8 @@
 #include <ydb/library/actors/http/http.h>
+#include <ydb/library/security/util.h>
 #include "openid_connect.h"
 #include "oidc_session_create_nebius.h"
+#include <library/cpp/string_utils/base64/base64.h>
 
 namespace NMVP {
 namespace NOIDC {
@@ -33,8 +35,12 @@ void THandlerSessionCreateNebius::RequestSessionToken(const TString& code, const
 }
 
 void THandlerSessionCreateNebius::ProcessSessionToken(const TString& sessionToken, const NActors::TActorContext& ctx) {
+    TString sessionCookieName = CreateNameSessionCookie(Settings.ClientId);
+    TString sessionCookieValue = Base64Encode(sessionToken);
+    LOG_DEBUG_S(ctx, EService::MVP, "Set session cookie: (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")");
+
     NHttp::THeadersBuilder responseHeaders;
-    responseHeaders.Set("Set-Cookie", CreateSecureCookie(Settings.ClientId, sessionToken));
+    responseHeaders.Set("Set-Cookie", CreateSecureCookie(sessionCookieName, sessionCookieValue));
     responseHeaders.Set("Location", Context.GetRequestedAddress());
     NHttp::THttpOutgoingResponsePtr httpResponse;
     httpResponse = Request->CreateResponse("302", "Cookie set", responseHeaders);

ydb/mvp/oidc_proxy/openid_connect.cpp

@@ -114,9 +114,9 @@ const TString& GetAuthCallbackUrl() {
     return callbackUrl;
 }
 
-TString CreateSecureCookie(const TString& key, const TString& value) {
+TString CreateSecureCookie(const TString& name, const TString& value) {
     TStringBuilder cookieBuilder;
-    cookieBuilder << CreateNameSessionCookie(key) << "=" << Base64Encode(value)
+    cookieBuilder << name << "=" << value
             << "; Path=/; Secure; HttpOnly; SameSite=None; Partitioned";
     return cookieBuilder;
 }