Sensitive data like access token is logged in logs.
ygag-basil opened this issue · comments
It will be good if the logging is configurable. ie we can enable or disable logging such details via a flag in settings.py
Issuing token {'access_token': 'awRlgppKr55NWczY*****ocEg90', 'expires_in': 1800, 'token_type': 'Bearer', 'scope': 'read write', 'refresh_token': 'WOW077m*0kQWOm7cuatOW7aDNR'} to client id '85m3Y6uP5dG72ZyYGocXYU2xnsJelDAETteK' (<Application: Apple>)
Those lines are only logged with the log level set to debug[0][1].
You should be able to disable them by configuring the level of oauthlib.oauth2
to something different.
[0] https://github.com/oauthlib/oauthlib/blob/eddb461c1043f8ad583fd67af34749e32fdc19cc/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py#L82
[1] https://github.com/oauthlib/oauthlib/blob/eddb461c1043f8ad583fd67af34749e32fdc19cc/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py#L110
@Invisi Thanks for your solution.