Merge pull request #13301 from mitake/jwt-exp-log

server/auth: avoid logging for JWT token
2024-09-27 06:25:44 +00:00 · 2022-03-23 22:39:28 +09:00 · 2022-03-23 22:39:28 +09:00 · 43e39d362d
commit 43e39d362d
parent 4504daa6b0 2e74e4d636
1 changed files with 1 additions and 2 deletions
--- a/server/auth/jwt.go
+++ b/server/auth/jwt.go
@ -62,7 +62,6 @@ func (t *tokenJWT) info(ctx context.Context, token string, rev uint64) (*AuthInf
 	if err != nil {
 		t.lg.Warn(
 			"failed to parse a JWT token",
-			zap.String("token", token),
 			zap.Error(err),
 		)
 		return nil, false
@ -70,7 +69,7 @@ func (t *tokenJWT) info(ctx context.Context, token string, rev uint64) (*AuthInf

 	claims, ok := parsed.Claims.(jwt.MapClaims)
 	if !parsed.Valid || !ok {
-		t.lg.Warn("invalid JWT token", zap.String("token", token))
+		t.lg.Warn("failed to obtain claims from a JWT token")
 		return nil, false
 	}