From 6882021670d91aab91b85e9828b258b78b07c952 Mon Sep 17 00:00:00 2001
From: Steve Hu <stevehu@gmail.com>
Date: Tue, 14 Apr 2020 00:32:10 -0400
Subject: [PATCH] fixes #250 remove http_url tag for Jaeger tracer as it
 contains password

---
 .../com/networknt/oauth/auth/LightPortalAuthenticator.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authhub/src/main/java/com/networknt/oauth/auth/LightPortalAuthenticator.java b/authhub/src/main/java/com/networknt/oauth/auth/LightPortalAuthenticator.java
index 59e691cd..24c16dbf 100644
--- a/authhub/src/main/java/com/networknt/oauth/auth/LightPortalAuthenticator.java
+++ b/authhub/src/main/java/com/networknt/oauth/auth/LightPortalAuthenticator.java
@@ -94,7 +94,8 @@ public Account authenticate(String id, Credential credential) {
                 if(tracer != null && tracer.activeSpan() != null) {
                     Tags.SPAN_KIND.set(tracer.activeSpan(), Tags.SPAN_KIND_CLIENT);
                     Tags.HTTP_METHOD.set(tracer.activeSpan(), request.getMethod().toString());
-                    Tags.HTTP_URL.set(tracer.activeSpan(), request.getPath());
+                    // remove the url as it contains password which is sensitive.
+                    // Tags.HTTP_URL.set(tracer.activeSpan(), request.getPath());
                     tracer.inject(tracer.activeSpan().context(), Format.Builtin.HTTP_HEADERS, new ClientRequestCarrier(request));
                 }
             }