From 27f1e910e9732156b18f65a8561e354c198416a9 Mon Sep 17 00:00:00 2001
From: Celian GARCIA <celian.garcia@amadeus.com>
Date: Mon, 30 Mar 2026 15:48:47 +0200
Subject: [PATCH] feat: Add log when groups do not match allowed groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Célian Garcia <celian.garcia@amadeus.com>
Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com>
---
 providers/provider_default.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/providers/provider_default.go b/providers/provider_default.go
index dbd93c91..ca418b2d 100644
--- a/providers/provider_default.go
+++ b/providers/provider_default.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
 )
 
@@ -132,6 +133,8 @@ func (p *ProviderData) Authorize(_ context.Context, s *sessions.SessionState) (b
 		}
 	}
 
+	logger.Println("session groups do not match any allowed groups")
+
 	return false, nil
 }