Improve debug logging around callback URL matching (#126)

* Add debug logging around callback URL matching in ServeHTTP

The callback URL comparison at the core of OIDC flow had zero logging,
making it extremely difficult to diagnose redirect loop issues caused
by misconfigured callbackURL (e.g., full URL vs path-only).

Every other path comparison in ServeHTTP already logs debug info
(logout, backchannel, frontchannel, excluded URLs), but the callback
URL check was completely silent.

Added debug logs that show:
- The values being compared (request path vs configured callback)
- Whether the match succeeded or failed
- Configured redirURLPath during initialization

This would have immediately revealed the root cause of issue #1
where callbackURL was set as a full URL but compared against
req.URL.Path which only contains the path component.

Closes #3

* improve-callback-url-logging: Add init-time logging for callbackURL config

main.go

@@ -303,6 +303,12 @@ func NewWithContext(ctx context.Context, config *Config, next http.Handler, name
 
 	logger.Debugf("TraefikOidc.New: Final t.scopes initialized to: %v", t.scopes)
 
+	// Log callback URL configuration to help diagnose redirect loop issues.
+	// If callbackURL is a full URL instead of a path, the callback matching
+	// in ServeHTTP will silently fail because req.URL.Path is compared directly.
+	logger.Debugf("TraefikOidc.New: callbackURL (redirURLPath) configured as: %q", t.redirURLPath)
+	logger.Debugf("TraefikOidc.New: logoutURLPath configured as: %q", t.logoutURLPath)
+
 	t.providerURL = config.ProviderURL
 
 	// Use singleton resource manager for metadata initialization

middleware.go

@@ -173,10 +173,14 @@ func (t *TraefikOidc) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	host := utils.DetermineHost(req)
 	redirectURL := buildFullURL(scheme, host, t.redirURLPath)
 
+	// Check if the current request is the OIDC callback
+	t.logger.Debugf("Checking callback URL match: request_path=%q, configured_callback=%q", req.URL.Path, t.redirURLPath)
 	if req.URL.Path == t.redirURLPath {
+		t.logger.Debugf("Callback URL matched, processing OIDC callback (redirect_url=%s)", redirectURL)
 		t.handleCallback(rw, req, redirectURL)
 		return
 	}
+	t.logger.Debugf("Callback URL did not match (request_path=%q != configured=%q), continuing auth flow", req.URL.Path, t.redirURLPath)
 
 	authenticated, needsRefresh, expired := t.isUserAuthenticated(session)