OneIdentity
diff --git a/‎src/pysafeguard/errors.py‎
Lines changed: 3 additions & 26 deletions b/‎src/pysafeguard/errors.py‎
Lines changed: 3 additions & 26 deletions
diff --git a/‎src/pysafeguard/pkce.py‎
Lines changed: 5 additions & 5 deletions b/‎src/pysafeguard/pkce.py‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎tests/test_credential_redaction_audit.py‎
Lines changed: 0 additions & 122 deletions b/‎tests/test_credential_redaction_audit.py‎
Lines changed: 0 additions & 122 deletions
diff --git a/‎tests/test_dependency_versions.py‎
Lines changed: 0 additions & 30 deletions b/‎tests/test_dependency_versions.py‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎tests/test_samples_documentation.py‎
Lines changed: 0 additions & 36 deletions b/‎tests/test_samples_documentation.py‎
Lines changed: 0 additions & 36 deletions
@@ -18,29 +18,6 @@
     from requests import Response
 
 
-# D-013: cap how much of a response body we splice into an exception's human-facing
-# message. The full body remains available to callers via :attr:`SafeguardError.response_body`
-# for diagnostic use; this limit only bounds what lands in ``str(exc)`` (the form that
-# typically reaches logs, crash reporters, and SIEMs). Truncation — not field-level
-# redaction — is the chosen mitigation: it never wrongly masks legitimate Safeguard
-# payload fields like ``PasswordRulesPolicyId``, ``ApiKeyName``, or
-# ``RequirePasswordChange``.
-_MAX_BODY_IN_MESSAGE = 200
-
-
-def _truncate_for_message(body: str | None, limit: int = _MAX_BODY_IN_MESSAGE) -> str:
-    """Bound a response body for inclusion in a human-readable exception message.
-
-    Returns ``body`` unchanged if it is already at or under ``limit`` characters,
-    otherwise returns the first ``limit`` characters followed by a
-    ``... (truncated, N total chars)`` marker so the reader knows it was elided.
-    """
-    if body is None:
-        return ""
-    if len(body) <= limit:
-        return body
-    return f"{body[:limit]}... (truncated, {len(body)} total chars)"
-
 
 class SafeguardError(Exception):
     """Base exception for all PySafeguard errors.
@@ -105,9 +82,9 @@ class ApiError(SafeguardError):
     @classmethod
     def from_response(cls, resp: Response) -> ApiError:
         """Create an ApiError from a sync ``requests.Response``."""
-        body = resp.text
-        message = f"{resp.status_code} {resp.reason}: {resp.request.method} {resp.url}\n{_truncate_for_message(body)}"
+        message = f"{resp.status_code} {resp.reason}: {resp.request.method} {resp.url}\n{resp.text}"
         status_code = resp.status_code
+        body = resp.text
 
         subclass = _STATUS_MAP.get(status_code, cls)
         return subclass(message, status_code=status_code, response_body=body)
@@ -120,7 +97,7 @@ def from_async_response(cls, resp: ClientResponse, body: str) -> ApiError:
         :param body: The response body text (must be read by the caller
             with ``await resp.text()`` before calling this method).
         """
-        message = f"{resp.status} {resp.reason}: {resp.method} {resp.url}\n{_truncate_for_message(body)}"
+        message = f"{resp.status} {resp.reason}: {resp.method} {resp.url}\n{body}"
         status_code = resp.status
 
         subclass = _STATUS_MAP.get(status_code, cls)
 
@@ -18,7 +18,7 @@
 
 from requests import Response, Session
 
-from .errors import SafeguardError, _truncate_for_message
+from .errors import SafeguardError
 
 DEFAULT_TIMEOUT = 300
 
@@ -93,7 +93,7 @@ def get_pkce_token(
         claims_resp = _rsts_request(session, pkce_base_url + _STEP_GENERATE_CLAIMS, form_data)
         if claims_resp.status_code != 200:
             raise SafeguardError(
-                f"Failed to generate claims: {_truncate_for_message(claims_resp.text)}",
+                f"Failed to generate claims: {claims_resp.text}",
                 status_code=claims_resp.status_code,
                 response_body=claims_resp.text,
             )
@@ -164,7 +164,7 @@ def _rsts_request(session: Session, url: str, form_data: dict[str, str]) -> Resp
     if not (200 <= status < 300):
         error_message = resp.text.strip() if resp.text.strip() else str(status)
         raise SafeguardError(
-            f"rSTS authentication error: {_truncate_for_message(error_message)}",
+            f"rSTS authentication error: {error_message}",
             status_code=status,
             response_body=resp.text,
         )
@@ -375,7 +375,7 @@ def _post_authorization_code(session: Session, appliance: str, code: str, code_v
 
     if not resp.ok:
         raise SafeguardError(
-            f"Failed to exchange authorization code: {resp.status_code} {_truncate_for_message(resp.text)}",
+            f"Failed to exchange authorization code: {resp.status_code} {resp.text}",
             status_code=resp.status_code,
             response_body=resp.text,
         )
@@ -400,7 +400,7 @@ def _post_login_response(session: Session, appliance: str, rsts_token: str, api_
 
     if not resp.ok:
         raise SafeguardError(
-            f"Failed to exchange RSTS token: {resp.status_code} {_truncate_for_message(resp.text)}",
+            f"Failed to exchange RSTS token: {resp.status_code} {resp.text}",
             status_code=resp.status_code,
             response_body=resp.text,
         )