OpenIDC
diff --git a/‎ChangeLog‎
Lines changed: 6 additions & 0 deletions b/‎ChangeLog‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎auth_openidc.conf‎
Lines changed: 2 additions & 1 deletion b/‎auth_openidc.conf‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎configure.ac‎
Lines changed: 1 addition & 1 deletion b/‎configure.ac‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/handle/authz.c‎
Lines changed: 2 additions & 2 deletions b/‎src/handle/authz.c‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/http.c‎
Lines changed: 4 additions & 4 deletions b/‎src/http.c‎
Lines changed: 4 additions & 4 deletions
@@ -1,3 +1,9 @@
+02/13/2025
+- metrics: add support for claim value counters in OIDCMetricsData
+- metrics: do not reset Prometheus counters by default, only when explicitly specified
+- metrics: reset to 0 in case of an integer overflow
+- bump to 2.4.16.8rc0
+
 01/29/2025
 - add OIDCProfile to configure OpenID Connect profile behaviours for, so far "FAPI20" only, which configures:
   Authentication Request method, DPoP, PKCE, ID token aud values requirements
 
@@ -1082,13 +1082,14 @@
 #   authn           Authentication request creation and response processing.
 #   authz           Authorization errors per OIDCUnAutzAction (per Require statement, not overall).
 #   require.claim   Match/failure count of Require claim directives (per Require statement, not overall).
+#   claim.*         ID token / Userinfo claim name/value at login and refresh.
 #   provider        Requests to the provider [token, userinfo, metadata] endpoints.
 #   session         Existing session processing.
 #   cache           Cache read/write timings and errors.
 #   redirect_uri    Requests to the Redirect URI, per type.
 #   content         Requests to the content handler, per type of request: info, metrics, jwks, etc.
 # When not defined no metrics will be recorded.
-#OIDCMetricsData [ authtype | authn | authz | require.claim | requests | session | cache | redirect_uri | content ]+
+#OIDCMetricsData [ authtype | authn | authz | require.claim | claim.id_token.* | claim.userinfo.* | requests | session | cache | redirect_uri | content ]+
 
 # Specify the path where metrics are published and can be consumed.
 # The format parameter can be passed to specify the format in which the collected data is returned.
 
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.16.7],[[email protected]])
+AC_INIT([mod_auth_openidc],[2.4.16.8rc0],[[email protected]])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
 
 
@@ -436,7 +436,7 @@ authz_status oidc_authz_24_worker(request_rec *r, json_t *claims, const char *re
 		/* see if we can match any of out input claims against this Require'd value */
 		if (match_claim_fn(r, w, claims) == TRUE) {
 
-			OIDC_METRICS_COUNTER_INC_SPEC(r, cfg, OM_AUTHZ_MATCH_REQUIRE_CLAIM, require_args);
+			OIDC_METRICS_COUNTER_INC_VALUE(r, cfg, OM_AUTHZ_MATCH_REQUIRE_CLAIM, require_args);
 
 			oidc_debug(r, "require claim/expr '%s' matched", w);
 			return AUTHZ_GRANTED;
@@ -448,7 +448,7 @@ authz_status oidc_authz_24_worker(request_rec *r, json_t *claims, const char *re
 		oidc_warn(r, "'require claim/expr' missing specification(s) in configuration, denying");
 	}
 
-	OIDC_METRICS_COUNTER_INC_SPEC(r, cfg, OM_AUTHZ_ERROR_REQUIRE_CLAIM, require_args);
+	OIDC_METRICS_COUNTER_INC_VALUE(r, cfg, OM_AUTHZ_ERROR_REQUIRE_CLAIM, require_args);
 
 	oidc_debug(r, "could not match require claim expression '%s'", require_args);
 	oidc_authz_error_add(r, require_args);
 
@@ -914,13 +914,13 @@ static apr_byte_t oidc_http_request(request_rec *r, const char *url, const char
 			 * retry */
 			oidc_error(r, "curl_easy_perform failed with a timeout for %s: [%s]; won't retry", url,
 				   curl_err[0] ? curl_err : "<n/a>");
-			OIDC_METRICS_COUNTER_INC_SPEC(r, c, OM_PROVIDER_CONNECT_ERROR,
-						      curl_err[0] ? curl_err : "timeout")
+			OIDC_METRICS_COUNTER_INC_VALUE(r, c, OM_PROVIDER_CONNECT_ERROR,
+						       curl_err[0] ? curl_err : "timeout")
 			break;
 		}
 		oidc_error(r, "curl_easy_perform(%d/%d) failed for %s with: [%s]", i + 1, http_timeout->retries + 1,
 			   url, curl_err[0] ? curl_err : "<n/a>");
-		OIDC_METRICS_COUNTER_INC_SPEC(r, c, OM_PROVIDER_CONNECT_ERROR, curl_err[0] ? curl_err : "undefined")
+		OIDC_METRICS_COUNTER_INC_VALUE(r, c, OM_PROVIDER_CONNECT_ERROR, curl_err[0] ? curl_err : "undefined")
 		/* in case of a connectivity/network glitch we'll back off before retrying */
 		if (i < http_timeout->retries)
 			apr_sleep(apr_time_from_msec(http_timeout->retry_interval));
@@ -931,7 +931,7 @@ static apr_byte_t oidc_http_request(request_rec *r, const char *url, const char
 	curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
 	oidc_debug(r, "HTTP response code=%ld", http_code);
 
-	OIDC_METRICS_COUNTER_INC_SPEC(r, c, OM_PROVIDER_HTTP_RESPONSE_CODE, apr_psprintf(r->pool, "%ld", http_code));
+	OIDC_METRICS_COUNTER_INC_VALUE(r, c, OM_PROVIDER_HTTP_RESPONSE_CODE, apr_psprintf(r->pool, "%ld", http_code));
 
 	*response = apr_pstrmemdup(r->pool, d_buf.memory, d_buf.size);
 	if (response_code)
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-AC_INIT([mod_auth_openidc],[2.4.16.7],[[email protected]])`
	`1`	`+AC_INIT([mod_auth_openidc],[2.4.16.8rc0],[[email protected]])`
`2`	`2`
`3`	`3`	`AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())`
`4`	`4`