This is a copy of the same issue in JS: Azure/azure-sdk-for-js#20502
Draft PR in JS: Azure/azure-sdk-for-js#20516
While investigating what sensitive logging to add to our credentials, we have determined that the most useful information we could log are the account identifiers after retrieving a token. This issue describes a flexible approach to add support to log the account information on our credentials.
Tasks:
- Add
allow_logging_account_adentifiers to the options of the credentials’ constructors.
- Retrieve the account identifiers after authenticating.
- Parse the first section of the access token after the
. (which can be obtained with access_token.split(“.”)[1]), then extract the following properties: appid, upn, tid, oid.
- After a token is retrieved and the identifiers have been extracted, if
allowLoggingAccountIdentifiers was set in the constructor of the credential, log a message similar to the following: [Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${upn || "No User Principal Name available"}. Object ID (user): ${oid}.
What do you think? Feedback appreciated.
This is a copy of the same issue in JS: Azure/azure-sdk-for-js#20502
Draft PR in JS: Azure/azure-sdk-for-js#20516
While investigating what sensitive logging to add to our credentials, we have determined that the most useful information we could log are the account identifiers after retrieving a token. This issue describes a flexible approach to add support to log the account information on our credentials.
Tasks:
allow_logging_account_adentifiersto the options of the credentials’ constructors..(which can be obtained withaccess_token.split(“.”)[1]), then extract the following properties:appid,upn,tid,oid.allowLoggingAccountIdentifierswas set in the constructor of the credential, log a message similar to the following:[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${upn || "No User Principal Name available"}. Object ID (user): ${oid}.What do you think? Feedback appreciated.