Use VCR's filter_sensitive_data to avoid writing access tokens and client secrets to YML recordings

dblock / strava-ruby-client

A complete Ruby client for the Strava API v3.

https://code.dblock.org/2018/11/27/writing-a-new-strava-api-ruby-client.html

MIT License

97 stars 22 forks source link

Use VCR's filter_sensitive_data to avoid writing access tokens and client secrets to YML recordings #13

Closed dblock closed 4 years ago

dblock commented 5 years ago

Couldn't make it work for the Bearer header. Currently having to constantly edit new YMLs and replace the access token with access-token when a new cassette is recorded.

scottolsen commented 4 years ago

Is this still an issue? This is what I have in my app.

VCR.configure do |config|
  config.filter_sensitive_data('access-token') { ENV['STRAVA_ACCESS_TOKEN'] }
end

dblock commented 4 years ago

Not sure. This is about this project, you can check whether it's reproduced, delete any .yml in specs, set STRAVA_ACCESS_TOKEN and run the spec. It will re-record a new VCR yml. Open it, does it have your STRAVA_ACCESS_TOKEN or "access-token"? If it's the former, the bug is the bug, if it's the latter we're good and this can be closed.

scottolsen commented 4 years ago

Looks like it can be closed. Some of the specs failed but it looks like it was due to data changing in Strava, like more people have completed a segment.

headers:
  Authorization:
  - Bearer access-token

dblock commented 4 years ago

Awesome, thanks for checking.