This repository has been archived by the owner on Dec 14, 2023. It is now read-only.
entityChange events should mask or redact jwt token #1599
Assignees
Comments
|
I'll also drop api session and session tokens, if that makes sense |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently when new identities are created, the entityChange event emits the JWT token. This field should be masked or redacted so it doesn't leak sensitive info where it is not intended to go.
Example Event (some info redacted):
{ "namespace": "entityChange", "eventId": "82383e5e-1adc-4206-b960-35c1730d4f97", "eventType": "created", "timestamp": "2023-08-31T18:44:49.502569449Z", "metadata": { "author": { "type": "identity", "id": "ycSAYCWKA", "name": "Default Admin" }, "source": { "type": "rest", "auth": "edge", "localAddr": "REDACTED", "remoteAddr": "REDACTED", "method": "POST" }, "version": "v0.28.1" }, "entityType": "enrollments", "isParentEvent": false, "initialState": null, "finalState": { "id": "Zl8wegI3KI", "createdAt": "0001-01-01T00:00:00Z", "updatedAt": "0001-01-01T00:00:00Z", "tags": null, "isSystem": false, "token": "REDACTED", "method": "ott", "identityId": "ZfMwegI3K", "transitRouterId": null, "edgeRouterId": null, "expiresAt": "2023-09-02T18:44:49.479606485Z", "issuedAt": "2023-08-31T18:44:49.479607245Z", "caId": null, "username": null, "jwt": "eyJhbGc...REDACTED" } }The text was updated successfully, but these errors were encountered: