mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-05 13:07:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Backfill unit tests for paramsSafeToLog

Browse Source
This commit is contained in:
Joshua Casey
2024-11-19 14:06:34 -06:00
parent 51c86795af
commit c7e9ee1c61
5 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/federationdomain/endpoints/token/token_handler.go
View File

@@ -36,10 +36,11 @@ func paramsSafeToLog() sets.Set[string] {
// Standard params from https://openid.net/specs/openid-connect-core-1_0.html for authcode and refresh grants.
// Redacting code, client_secret, refresh_token, and PKCE code_verifier params.
"grant_type", "client_id", "redirect_uri", "scope",
// Token exchange params from https://datatracker.ietf.org/doc/html/rfc8693.
// Token exchange params from https://datatracker.ietf.org/doc/html/rfc8693#section-2.1.
// Redact subject_token and actor_token.
// We don't allow all of these, but they should be safe to log.
"audience", "resource", "scope", "requested_token_type", "actor_token_type", "subject_token_type",
// "scope" is already included from the authcode grant.
"audience", "resource", "requested_token_type", "actor_token_type", "subject_token_type",
)
}