Merge pull request #4942 from IdentityServer/features/obfuscate-sensi…

…tive-data-in-logs Obfuscate refresh token and authorization code in logs
IdentityServer · Oct 5, 2020 · 2e27824 · 2e27824
2 parents 62d48b5 + 0b0f38f
commit 2e27824
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/src/IdentityServer4/src/Extensions/StringsExtensions.cs b/src/IdentityServer4/src/Extensions/StringsExtensions.cs
@@ -264,5 +264,16 @@ public static string GetOrigin(this string url)
 
             return null;
         }
+
+        public static string Obfuscate(this string value)
+        {
+            var last4Chars = "****";
+            if (value.IsPresent() && value.Length > 4)
+            {
+                last4Chars = value.Substring(value.Length - 4);
+            }
+
+            return "****" + last4Chars;
+        }
     }
 }
diff --git a/src/IdentityServer4/src/Logging/Models/TokenRequestValidationLog.cs b/src/IdentityServer4/src/Logging/Models/TokenRequestValidationLog.cs
@@ -43,8 +43,8 @@ public TokenRequestValidationLog(ValidatedTokenRequest request, IEnumerable<stri
             }
 
             GrantType = request.GrantType;
-            AuthorizationCode = request.AuthorizationCodeHandle;
-            RefreshToken = request.RefreshTokenHandle;
+            AuthorizationCode = request.AuthorizationCodeHandle.Obfuscate();
+            RefreshToken = request.RefreshTokenHandle.Obfuscate();
             UserName = request.UserName;
         }