From 31b28e5df283228a68d3ff05089c3a0373fa7c59 Mon Sep 17 00:00:00 2001
From: Serreau Jovann <jovann@siteconseil.fr>
Date: Thu, 26 Mar 2026 09:46:49 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20ajouter=20log=20d=C3=A9taill=C3=A9=20sur?=
 =?UTF-8?q?=20SSO=20InvalidState=20pour=20diagnostic?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/Security/KeycloakAuthenticator.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/Security/KeycloakAuthenticator.php b/src/Security/KeycloakAuthenticator.php
index b1e5655..e682b57 100644
--- a/src/Security/KeycloakAuthenticator.php
+++ b/src/Security/KeycloakAuthenticator.php
@@ -19,18 +19,21 @@ use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPasspor
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Uid\Uuid;
 use KnpU\OAuth2ClientBundle\Security\Exception\InvalidStateAuthenticationException;
+use Psr\Log\LoggerInterface;
 
 class KeycloakAuthenticator extends OAuth2Authenticator implements AuthenticationEntryPointInterface
 {
     private $clientRegistry;
     private $entityManager;
     private $router;
+    private $logger;
 
-    public function __construct(ClientRegistry $clientRegistry, EntityManagerInterface $entityManager, RouterInterface $router)
+    public function __construct(ClientRegistry $clientRegistry, EntityManagerInterface $entityManager, RouterInterface $router, LoggerInterface $logger)
     {
         $this->clientRegistry = $clientRegistry;
         $this->entityManager = $entityManager;
         $this->router = $router;
+        $this->logger = $logger;
     }
 
     public function supports(Request $request): ?bool
@@ -93,6 +96,11 @@ class KeycloakAuthenticator extends OAuth2Authenticator implements Authenticatio
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
         if ($exception instanceof InvalidStateAuthenticationException) {
+            $this->logger->error('SSO Invalid State', [
+                'session_id' => $request->getSession()->getId(),
+                'has_session' => $request->hasSession(),
+                'state_param' => $request->query->get('state'),
+            ]);
             return new RedirectResponse($this->router->generate('app_home'));
         }