refresh and access token filtering

8 years ago · 414af9bec8
parent 35d5dfcb26
commit 414af9bec8
1 changed files with 25 additions and 8 deletions
--- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.c
+++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.c
@ -392,15 +392,32 @@ grpc_refresh_token_credentials_create_from_auth_refresh_token(
  return &c->base.base;
 }

+static char *create_loggable_refresh_token(grpc_auth_refresh_token *token) {
+  if (strcmp(token->type, GRPC_AUTH_JSON_TYPE_INVALID) == 0) {
+    return gpr_strdup("<Invalid json token>");
+  }
+  char *loggable_token = NULL;
+  gpr_asprintf(&loggable_token,
+               "{\n type: %s\n client_id: %s\n client_secret: "
+               "<redacted>\n refresh_token: <redacted>\n}",
+               token->type, token->client_id);
+  return loggable_token;
+}
+
 grpc_call_credentials *grpc_google_refresh_token_credentials_create(
    const char *json_refresh_token, void *reserved) {
-  GRPC_API_TRACE(
-      "grpc_refresh_token_credentials_create(json_refresh_token=%s, "
-      "reserved=%p)",
-      2, (json_refresh_token, reserved));
+  grpc_auth_refresh_token token =
+      grpc_auth_refresh_token_create_from_string(json_refresh_token);
+  if (grpc_api_trace) {
+    char *loggable_token = create_loggable_refresh_token(&token);
+    gpr_log(GPR_INFO,
+            "grpc_refresh_token_credentials_create(json_refresh_token=%s, "
+            "reserved=%p)",
+            loggable_token, reserved);
+    gpr_free(loggable_token);
+  }
  GPR_ASSERT(reserved == NULL);
-  return grpc_refresh_token_credentials_create_from_auth_refresh_token(
-      grpc_auth_refresh_token_create_from_string(json_refresh_token));
+  return grpc_refresh_token_credentials_create_from_auth_refresh_token(token);
 }

 //
@ -430,9 +447,9 @@ grpc_call_credentials *grpc_access_token_credentials_create(
      gpr_malloc(sizeof(grpc_access_token_credentials));
  char *token_md_value;
  GRPC_API_TRACE(
-      "grpc_access_token_credentials_create(access_token=%s, "
+      "grpc_access_token_credentials_create(access_token=<redacted>, "
      "reserved=%p)",
-      2, (access_token, reserved));
+      1, (reserved));
  GPR_ASSERT(reserved == NULL);
  memset(c, 0, sizeof(grpc_access_token_credentials));
  c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;