From e230dbd7a3154924a67f39d35aa08062a139a354 Mon Sep 17 00:00:00 2001
From: Matthias Keck <mke@scireum.de>
Date: Thu, 4 Apr 2024 09:41:36 +0200
Subject: [PATCH] Censures some more field use with oauth

---
 src/main/java/sirius/web/http/Response.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/sirius/web/http/Response.java b/src/main/java/sirius/web/http/Response.java
index 311a8ad79..8836809c3 100644
--- a/src/main/java/sirius/web/http/Response.java
+++ b/src/main/java/sirius/web/http/Response.java
@@ -105,7 +105,7 @@ public class Response {
      * Contains a set of parameter names which are censored in any output as we do not want to log user passwords etc.
      */
     private static final Set<String> CENSORED_LOWERCASE_PARAMETER_NAMES =
-            Set.of("password", "passphrase", "secret", "secretKey");
+            Set.of("password", "passphrase", "secret", "secretKey", "client_secret", "refresh_token", "access_token");
 
     /**
      * Contains the content type used for html.