public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

partly address #2120 and more aggressively truncate access_token 

- leaking half of the access token to the logs seems problematic from
  a security point of view
- also noisier than necessary logging
- fixed by truncating to at most first 5 chars (e.g. `ya29.`)

Signed-off-by: Martin Nowak <code@dawg.eu>
This commit is contained in:
Martin Nowak 2025-11-15 20:15:35 +01:00
parent 7cf69b27fa
commit 636c112c71
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
providers/internal_util.go
View File

@ -36,7 +36,7 @@ func stripParam(param, endpoint string) string {
}
if val := values.Get(param); val != "" {
values.Set(param, val[:(len(val)/2)]+"...")
values.Set(param, val[:min(len(val)/2, 5)]+"...")
u.RawQuery = values.Encode()
return u.String()
}