You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Indeed it would be better to avoid sending tokens in logs. You can submit a PR or I will have a look as soon as I can find some time, as this is for client usage and the usual TTL of a token is of a few hours I don't think it's critical right ?
In debug mode, the logger display a message "Inserting token expiring on ..." with the complete token (https://github.com/Colin-b/requests_auth/blob/develop/requests_auth/oauth2_tokens.py#L82).
Display secret in logs is not recommended (AFAIK).
Maybe replace in the message the token by just the beginning/end of token ?
The text was updated successfully, but these errors were encountered: