AppAuth-iOS icon indicating copy to clipboard operation
AppAuth-iOS copied to clipboard
verified publisher icon openid

Strip logging for non-trace errors

Open markojovanov opened this issue 1 year ago • 3 comments

For OpenID Connect (OIDC) implementations, it is recommended to remove any logging from release builds for security and performance reasons. During my investigation of this project, I identified two log messages that were not covered by the newly introduced request trace mechanism, which was designed to allow logging only for debugging purposes.

This improvement aims to enhance security by ensuring that sensitive or unnecessary logs are not present in release builds.

Request: If these log messages are intentional and have a specific purpose, please provide an explanation of why they should remain. Your feedback will help clarify their necessity.

markojovanov avatar Dec 02 '24 16:12 markojovanov

Can we please have some feedback on this? Or better, an approval so it can be merged and go into an upcoming release?

Christophorus3 avatar Oct 16 '25 15:10 Christophorus3

Can we please have some feedback on this? Or better, an approval so it can be merged and go into an upcoming release?

Someone from the core team should review this pull request.

ankushkushwaha avatar Oct 21 '25 14:10 ankushkushwaha

Who is part of the core team, to ping here?

Christophorus3 avatar Oct 27 '25 10:10 Christophorus3