Skip to content

Commit fa2cbc6

Browse files
committed
server: redact client secret from authentication error messages
The allowRelyingParty function included the plaintext client secret in the error message on authentication failure. This leaks credentials into server logs, which may be aggregated into centralised logging systems. Replace the secret with only the client ID, which is sufficient for debugging authentication failures.
1 parent c2c1d8d commit fa2cbc6

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

server/token.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -920,7 +920,7 @@ func (ar *AuthRequest) allowRelyingParty(r *http.Request) (int, error) {
920920
return http.StatusBadRequest, fmt.Errorf("tsidp: client_id mismatch")
921921
}
922922
if clientSecretcmp != 1 {
923-
return http.StatusUnauthorized, fmt.Errorf("tsidp: invalid client secret: [%s] [%s]", clientID, clientSecret)
923+
return http.StatusUnauthorized, fmt.Errorf("tsidp: invalid client secret for client %q", clientID)
924924
}
925925
return http.StatusOK, nil
926926
}

0 commit comments

Comments
 (0)