From 636c112c71a8d78d9dc118f377ec6cd5f5dc4004 Mon Sep 17 00:00:00 2001
From: Martin Nowak <code@dawg.eu>
Date: Sat, 15 Nov 2025 20:15:35 +0100
Subject: [PATCH] partly address #2120 and more aggressively truncate
 access_token

- leaking half of the access token to the logs seems problematic from
  a security point of view
- also noisier than necessary logging
- fixed by truncating to at most first 5 chars (e.g. `ya29.`)

Signed-off-by: Martin Nowak <code@dawg.eu>
---
 providers/internal_util.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/internal_util.go b/providers/internal_util.go
index 52cfd0a7..feb3726a 100644
--- a/providers/internal_util.go
+++ b/providers/internal_util.go
@@ -36,7 +36,7 @@ func stripParam(param, endpoint string) string {
 		}
 
 		if val := values.Get(param); val != "" {
-			values.Set(param, val[:(len(val)/2)]+"...")
+			values.Set(param, val[:min(len(val)/2, 5)]+"...")
 			u.RawQuery = values.Encode()
 			return u.String()
 		}