Closed mguthrie88 closed 1 year ago
Currently when new identities are created, the entityChange event emits the JWT token. This field should be masked or redacted so it doesn't leak sensitive info where it is not intended to go.
Example Event (some info redacted):
{ "namespace": "entityChange", "eventId": "82383e5e-1adc-4206-b960-35c1730d4f97", "eventType": "created", "timestamp": "2023-08-31T18:44:49.502569449Z", "metadata": { "author": { "type": "identity", "id": "ycSAYCWKA", "name": "Default Admin" }, "source": { "type": "rest", "auth": "edge", "localAddr": "REDACTED", "remoteAddr": "REDACTED", "method": "POST" }, "version": "v0.28.1" }, "entityType": "enrollments", "isParentEvent": false, "initialState": null, "finalState": { "id": "Zl8wegI3KI", "createdAt": "0001-01-01T00:00:00Z", "updatedAt": "0001-01-01T00:00:00Z", "tags": null, "isSystem": false, "token": "REDACTED", "method": "ott", "identityId": "ZfMwegI3K", "transitRouterId": null, "edgeRouterId": null, "expiresAt": "2023-09-02T18:44:49.479606485Z", "issuedAt": "2023-08-31T18:44:49.479607245Z", "caId": null, "username": null, "jwt": "eyJhbGc...REDACTED" } }
I'll also drop api session and session tokens, if that makes sense
Currently when new identities are created, the entityChange event emits the JWT token. This field should be masked or redacted so it doesn't leak sensitive info where it is not intended to go.
Example Event (some info redacted):
{ "namespace": "entityChange", "eventId": "82383e5e-1adc-4206-b960-35c1730d4f97", "eventType": "created", "timestamp": "2023-08-31T18:44:49.502569449Z", "metadata": { "author": { "type": "identity", "id": "ycSAYCWKA", "name": "Default Admin" }, "source": { "type": "rest", "auth": "edge", "localAddr": "REDACTED", "remoteAddr": "REDACTED", "method": "POST" }, "version": "v0.28.1" }, "entityType": "enrollments", "isParentEvent": false, "initialState": null, "finalState": { "id": "Zl8wegI3KI", "createdAt": "0001-01-01T00:00:00Z", "updatedAt": "0001-01-01T00:00:00Z", "tags": null, "isSystem": false, "token": "REDACTED", "method": "ott", "identityId": "ZfMwegI3K", "transitRouterId": null, "edgeRouterId": null, "expiresAt": "2023-09-02T18:44:49.479606485Z", "issuedAt": "2023-08-31T18:44:49.479607245Z", "caId": null, "username": null, "jwt": "eyJhbGc...REDACTED" } }