go-pkgz / auth / 25572510465

85%

master: 85%

Pull #284

github

fix(apple): redact tokens from exchange-response debug log

The handler logged the full appleVerificationResponse struct on a
DEBUG line:

    [DEBUG] response data {AccessToken:M... TokenType:bearer ...
        RefreshToken:Iw... IDToken:eyJ...}

AccessToken, RefreshToken and IDToken are bearer credentials. With
DEBUG-level logging enabled (default in many staging setups) these
ended up in stdout, file logs, centralised logging, crash bundles
and third-party observability — anywhere log access doesn't imply
auth-server-process compromise.

Replace the raw %+v dump with appleVerificationResponseLogSummary,
which logs only the non-secret fields plus presence indicators
(present|missing) for each token. Operators can still tell whether
a response carried each token; the value never leaks.

Same redaction in v1 (provider/apple.go:334) and v2
(v2/provider/apple.go:334), single PR.

Tests: TestAppleVerificationResponseLogSummary asserts the helper
omits the three secret values verbatim and reports presence/missing
correctly. Added in both modules.

11 of 11 new or added lines in 1 file covered. (100.0%)

2808 of 3315 relevant lines covered (84.71%)

7.76 hits per line