Some authorization messages shouldn't be logging tokens at the INFO level

tl-its-umich-edu / canvas-app-explorer

A Web application that presents a list of Canvas external (LTI) tools with details. When integrated within Canvas, the user can search for specific LTI tool(s), and add or remove those tools from Canvas courses.

Apache License 2.0

4 stars 6 forks source link

Some authorization messages shouldn't be logging tokens at the INFO level #267

Closed jonespm closed 1 year ago

jonespm commented 2 years ago

I noticed a few log messages at the INFO level. These may be coming from the OAuth package. These are more debug level messages but we could also change the logger to make this package only log WARN as there are many INFO messages from here that seem to be noisy.

[2022-08-02 18:16:23 +0000] [INFO] [canvas.py:69] authorization_code POST response from Canvas is 
[2022-08-02 18:16:21 +0000] [INFO] [oauth.py:73] Redirecting user to https://umich.instructure.com/login/oauth2/auth?

jonespm commented 2 years ago

Will probably fix now that #263 is fixed and the logging block is cleaned up. Guessing to just increase this package to WARN.

zqian commented 1 year ago

Tested with CAE dev integrated with Canvas test, with ROOT_LOG_LEVEL = INFO:

Those OAuth logging messages are not in log file.