Merge pull request #364 from AzureAD/redact-id-token-from-debug-log

rayluo · web-flow · commit 9ffecd5320e2 · 2021-05-19T10:10:57.000-07:00
Also redact id token from now on
diff --git a/msal/token_cache.py b/msal/token_cache.py
@@ -113,7 +113,7 @@ def wipe(dictionary, sensitive_fields):  # Masks sensitive info
             return self.__add(event, now=now)
         finally:
             wipe(event.get("response", {}), (  # These claims were useful during __add()
-                "access_token", "refresh_token", "username"))
+                "access_token", "refresh_token", "id_token", "username"))
             wipe(event, ["username"])  # Needed for federated ROPC
             logger.debug("event=%s", json.dumps(
             # We examined and concluded that this log won't have Log Injection risk,
