Skip to content

fix: stop logging the client registration (it contains client_secret)#10

Merged
jeswr merged 1 commit into
mainfrom
fix/no-client-secret-logging
Jun 11, 2026
Merged

fix: stop logging the client registration (it contains client_secret)#10
jeswr merged 1 commit into
mainfrom
fix/no-client-secret-logging

Conversation

@jeswr

@jeswr jeswr commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

ClientCredentialsTokenProvider.upgrade() logged the oauth.Client object — including client_secret — to the console of every consumer on every client-credentials token mint (found while reviewing the Pod Manager's static bundle). Debug leftover; removed. tsc build is clean.

🤖 Generated with Claude Code

@jeswr
fix: stop logging the client registration (it contains client_secret)
f412896 
ClientCredentialsTokenProvider.upgrade() console.log'd the oauth.Client
object — including the client secret — into every consumer's console on
every token mint. Debug leftover; removed.
Copilot AI review requested due to automatic review settings June 11, 2026 15:14
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes a debug console.log in ClientCredentialsTokenProvider.upgrade() that logged the OAuth client registration object, which included client_secret, preventing accidental secret exposure in consumer consoles.

Changes:

  • Removed logging of clientRegistration from the client-credentials token mint flow to avoid leaking client_secret.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jeswr jeswr merged commit 5119828 into main Jun 11, 2026
7 checks passed
@jeswr jeswr deleted the fix/no-client-secret-logging branch June 11, 2026 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@langsamu langsamu langsamu approved these changes

@matthieubosquet matthieubosquet Awaiting requested review from matthieubosquet matthieubosquet is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jeswr @langsamu