Commit a0aa19d
committed
server: redact client secret from authentication error messages
The allowRelyingParty function included the plaintext client secret
in the error message on authentication failure. This leaks credentials
into server logs, which may be aggregated into centralised logging
systems.
Replace the secret with only the client ID, which is sufficient for
debugging authentication failures.
Signed-off-by: Piers Dawson-Damer <piers@groupthink.asia>1 parent c2c1d8d commit a0aa19d
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
920 | 920 | | |
921 | 921 | | |
922 | 922 | | |
923 | | - | |
| 923 | + | |
924 | 924 | | |
925 | 925 | | |
926 | 926 | | |
0 commit comments