Uploaded image for project: 'CAS Server'
  1. CAS-1306

Dont Log the clientSecret in OAuth module. Ensure OAuth params are consistent in logs.

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 4.0 RC1, 4.0
    • Component/s: OAuth
    • Labels:
      None

      Description

      The OAuth functionality, specifically the OAuth20AccessTokenController class logs the client secret. This has security side effects.

      Also we would want to ensure that expected OAuth params are consistently logged by their proper name.

        Attachments

          Activity

            People

            • Assignee:
              mmoayyed Misagh Moayyed
              Reporter:
              mmoayyed Misagh Moayyed
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: