zquestz
commented
4 weeks ago This looks great. Thx. I do wish there were some clear docs though. =\
Closed flux-ricky closed 4 weeks ago
zquestz
commented
4 weeks ago This looks great. Thx. I do wish there were some clear docs though. =\
To avoid leaking access tokens in logs or traces from the client application.
I struggled to find specific documentation that this endpoint (https://www.googleapis.com/oauth2/v3/tokeninfo) can receive GET and POST, if anyone knows where to find API docs for these endpoints that would be assuring.
I've lightly tested the fork in my own organisation and it appears to work as expected. I verified the change by using application traces which record metadata about HTTP requests made and I saw the expected change and no more leakage of the access token.
Before:
After: