-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up native auth common logging #2396
Conversation
# Conflicts: # common4j/src/main/com/microsoft/identity/common/java/logging/Logger.java
...va/com/microsoft/identity/common/nativeauth/internal/controllers/NativeAuthMsalController.kt
Show resolved
Hide resolved
...rc/main/com/microsoft/identity/common/java/nativeauth/authorities/NativeAuthCIAMAuthority.kt
Show resolved
Hide resolved
@@ -385,7 +385,15 @@ class NativeAuthResponseHandler { | |||
response.body, | |||
MicrosoftStsTokenResponse::class.java | |||
) | |||
// TODO add safe logging | |||
|
|||
Logger.info(TAG, "MicrosoftStsTokenResponse " + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we putting this back?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, because there's a TODO there. IMO we don't need this log. Does the browser-delegated flow log something like this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The browser-delegated flow log something like this:
In terms of the TokenResponse of MSAL:
MicrosoftStsOAuth2Strategy:TokenResult:MicrosoftStsTokenResponse INFO {"ext_expires_in":4165,"expires_in":4165,"mResponseReceivedTime":0,"scope":"email openid profile Application.Read.All User.Read","token_type":"Bearer"}
BaseController:TokenResult:MicrosoftStsTokenResponse INFO {"ext_expires_in":4165,"mRefreshTokenAge":"","mSpeRing":"","expires_in":4165,"mResponseReceivedTime":0,"scope":"email openid profile Application.Read.All User.Read","token_type":"Bearer"}
Thus update the contents of the log to include what MSAL displays. But we can remove this log as well because token seems very risky and sensitive to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, let's remove this for now until we have a reason to put it back.
...m/microsoft/identity/common/java/nativeauth/providers/interactors/ResetPasswordInteractor.kt
Show resolved
Hide resolved
# Conflicts: # common/src/main/java/com/microsoft/identity/common/nativeauth/internal/commands/AcquireTokenNoFixedScopesCommand.kt
...rc/main/com/microsoft/identity/common/java/nativeauth/authorities/NativeAuthCIAMAuthority.kt
Outdated
Show resolved
Hide resolved
...rc/main/com/microsoft/identity/common/java/nativeauth/authorities/NativeAuthCIAMAuthority.kt
Outdated
Show resolved
Hide resolved
...m/microsoft/identity/common/nativeauth/internal/commands/AcquireTokenNoFixedScopesCommand.kt
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: In the ApiResponse files where you have removed the calls to logMethodCall() there are the LogSession import statements left. These statements are unused now so they can be removed for code cleanup
### Goal: - Review our log statements and reduce to only those that are relevant and useful. Especially the logMethodCall should be much reduced. Not every method call is relevant to know about when debugging. - Double check that the existing logs use string interpolation correctly to avoid leaking sensitive information in the logs. ### Changes summary: - Apply the rule "only logger unknown error" to NativeAuthPublicClientApplication and states. Exception: Sign in has password CodeRequired since it's unusual for the case. - Add arguments under method LogSession.logMethodCall tp distinguish callback and coroutine. ### Company PR: AzureAD/microsoft-authentication-library-common-for-android#2396
Goal:
Changes summary:
Company PR:
Previous comments for reference: #2374
msal: AzureAD/microsoft-authentication-library-for-android#2071