Update logging of CommandParameters - Githubissues

AzureAD / microsoft-authentication-library-common-for-android

Common code used by both the Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL)

MIT License

41 stars 35 forks source link

Update logging of CommandParameters #2398

Closed SammyO closed 5 months ago

SammyO commented 6 months ago

Use different logic to log CommandParameters in CommandDispatcher in the case of native auth command parameters.
Update native auth CommandParameters to use the new safe-logging framework ILoggable.

SammyO commented 6 months ago

If username under SignInStartCommandParameters, userattributes under SignUpStartCommandParameters are not sensitive info under allowPii=true mode, and challengeTypes can be logged under allowPii=false mode, then I am fine with the PR and have double checked the logging.

Good points.

MSAL logs loginHint when allowPII=true, which I would consider the same as username. So I'm following existing practices.
Given the above, I don't think userAttributes is more PII than the previous. So I'm following existing practices here as well
challengeType is a developer config, like client ID and authority. It's not PII. Similarly, existing MSAL logs the authority value, regardless of PII setting.