feat: improve logging

Security/Services/OAuthService.cs

@@ -110,21 +110,25 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
     {
         var (clientId, _) = providers[provider];
 
+        var requestInfo = new RequestContextInfo(context, cookieOptions);
+        var state = GetHmacString(requestInfo, secretKey);
+
         var redirectUrl = $"?client_id={clientId}" +
                                 "&response_type=code" +
                                 $"&redirect_uri={redirectUri}" +
                                 $"&scope={ProviderData[provider].Scope}" +
-                                $"&state={GetHmacString(new RequestContextInfo(context, cookieOptions), secretKey)}_{Enum.GetName(provider)}";
-
+                                $"&state={state}_{Enum.GetName(provider)}";
 
+        logger.LogInformation("Redirecting user Fingerprint: {Fingerprint} to OAuth provider {Provider} with state: {State}",
+            requestInfo.Fingerprint,
+            provider,
+            state);
 
         return new Uri(ProviderData[provider].RedirectUrl + redirectUrl);
     }
 
-    public (OAuthProvider Provider, Uri Redirect)[] GetAvailableProviders(string redirectUri)
-    {
-        return [.. providers.Select(x => (x.Key, new Uri(redirectUri.TrimEnd('/') + "/?provider=" + (int)x.Key)))];
-    }
+    public (OAuthProvider Provider, Uri Redirect)[] GetAvailableProviders(string redirectUri) =>
+        [.. providers.Select(x => (x.Key, new Uri(redirectUri.TrimEnd('/') + "/?provider=" + (int)x.Key)))];
 
     public async Task<(OAuthProvider provider, OAuthUser User)> LoginOAuth(HttpContext context, CookieOptionsParameters cookieOptions, string redirectUrl, string code, string state, CancellationToken cancellation = default)
     {
@@ -139,11 +143,17 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
         }
 
         var secretStateData = string.Join("_", partsState.SkipLast(1));
-        var secretData = GetHmacString(new RequestContextInfo(context, cookieOptions), secretKey);
+        var requestInfo = new RequestContextInfo(context, cookieOptions);
+        var secretData = GetHmacString(requestInfo, secretKey);
 
         if (secretData != secretStateData)
         {
-            logger.LogWarning("Fingerprint mismatch. Possible CSRF attack detected.");
+            logger.LogWarning(
+                "Fingerprint mismatch. Possible CSRF attack detected. Fingerprint: {Fingerprint}, State: {State}, ExpectedState: {ExpectedState}",
+                requestInfo.Fingerprint,
+                secretData,
+                secretStateData
+            );
             throw new SecurityException("Suspicious activity detected. Please try again.");
         }
 
@@ -154,7 +164,7 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
         }
         catch (Exception ex)
         {
-            logger.LogWarning(ex, "Failed to exchange authorization code for tokens with provider {Provider}", provider);
+            logger.LogWarning(ex, "Failed to exchange code for access token with provider {Provider}. State: {State}", provider, state);
         }
 
         if (accessToken == null)