simple-oauth2 icon indicating copy to clipboard operation
simple-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon lelylan

Obfuscate secret in Joi validation errors

Open nathanforce opened this issue 10 months ago • 0 comments

Context

  • 18
  • ^5.1.0
  • Node

What problem are you trying to solve?

When providing an invalid config to one of the constructors, in our case AuthorizationCode, we receive a helpful Joi ValidationError. The problem, though, is that this error includes the provided config, which includes the secret, which gets logged to stdout and picked up by logging services.

Do you have a new or modified API suggestion to solve the problem?

I'd suggested replacing the logged secret with [REDACTED].

nathanforce avatar Jan 21 '25 17:01 nathanforce