Commit fa2cbc6
committed
server: redact client secret from authentication error messages
The allowRelyingParty function included the plaintext client secret
in the error message on authentication failure. This leaks credentials
into server logs, which may be aggregated into centralised logging
systems.
Replace the secret with only the client ID, which is sufficient for
debugging authentication failures.1 parent c2c1d8d commit fa2cbc6
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
920 | 920 | | |
921 | 921 | | |
922 | 922 | | |
923 | | - | |
| 923 | + | |
924 | 924 | | |
925 | 925 | | |
926 | 926 | | |
0 commit comments