requests_auth icon indicating copy to clipboard operation
requests_auth copied to clipboard

Published 20 hours ago verified publisher icon Colin-b

Debug log should not display token

Open sdementen opened this issue 4 years ago • 1 comments

In debug mode, the logger display a message "Inserting token expiring on ..." with the complete token (https://github.com/Colin-b/requests_auth/blob/develop/requests_auth/oauth2_tokens.py#L82).

Display secret in logs is not recommended (AFAIK). Maybe replace in the message the token by just the beginning/end of token ?

sdementen avatar Jun 23 '20 13:06 sdementen

Indeed it would be better to avoid sending tokens in logs. You can submit a PR or I will have a look as soon as I can find some time, as this is for client usage and the usual TTL of a token is of a few hours I don't think it's critical right ?

Colin-b avatar Jun 23 '20 13:06 Colin-b

Version 8.0.0 is available on pypi and fixes this issue

Colin-b avatar Jun 18 '24 18:06 Colin-b