Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debug log should not display token #62

Open
sdementen opened this issue Jun 23, 2020 · 1 comment
Open

Debug log should not display token #62

sdementen opened this issue Jun 23, 2020 · 1 comment
Labels
bug security

Comments

@sdementen
Copy link
Contributor

In debug mode, the logger display a message "Inserting token expiring on ..." with the complete token (https://github.com/Colin-b/requests_auth/blob/develop/requests_auth/oauth2_tokens.py#L82).

Display secret in logs is not recommended (AFAIK).
Maybe replace in the message the token by just the beginning/end of token ?
@Colin-b
Copy link
Owner

Colin-b commented Jun 23, 2020

Indeed it would be better to avoid sending tokens in logs. You can submit a PR or I will have a look as soon as I can find some time, as this is for client usage and the usual TTL of a token is of a few hours I don't think it's critical right ?

@Colin-b Colin-b changed the title logger should not display token in logs (security) Debug log should not display token Jan 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sdementen @Colin-b