-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to log attributes of access_token? #863
Comments
We avoid logging sensitive parameters with the following lines of code: https://github.com/doorkeeper-gem/doorkeeper/blob/master/lib/doorkeeper/engine.rb#L4-L5 You can tweak that configuration to enable logging of those. Does this answer your question? |
It totally makes sense to avoid logging those. My question is about logging attributes of access_token, usually the ones you would get from oauth_access_tokens and oauth_applications table, so that I can go through logs and see who is using/abusing those API calls. Hope it makes sense and thank you for your response. |
I did find a way to get it done but it's not optimal since I have to put it on API for every resource. Here is code snippet just in case it helps others.
|
That looks good. |
We are using Grape and Doorkeeper for our API. We have both password and client_credentials OAuth flow supported. I would like to log details of access_token for each API call for audit log. Since doorkeeper hits database to get token details already, I thought it would be a good place to log it but I have not found any documentation/wiki/SO post talking about this. Please point me to right direction.
If this is not the right place for this kind of question then pls suggest a place. Thanks.
The text was updated successfully, but these errors were encountered: