globocom / aio-alf Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Hello,
when turning on debugging, aioalf
logs the Authorization
header of the request, thus disclosing private credentials.
I would like to suggest that such header is filtered before logging so credentials are not exposed (this is a security best practice).
For example, one could log the first 5 and last 2 characters of the token, something like:
DEBUG:aioalf.client:Header Authorization: Bearer abcde<...>fg
This happens in both the client and the manager:
Line 59 in 200ecb6
Line 77 in 200ecb6
I may be able to submit a PR if you are willing to take it.
Thanks
Hello,
line 79 in manager.py
initializes a TokenError
object with the wrong number of arguments, resulting in an unhelpful TypeError: __init__() takes 2 positional arguments but 3 were given
exception.
Line 79 in 65f6090
I think a viable solution would be to use something like
raise TokenError('Missing credentials (client_id:client_secret), {}'.format(e))
Many thanks
Hello,
thanks for creating aio-alf.
I have noticed that there is no way for TokenManager
to send the scope
[1] parameter in its token request:
Line 52 in 200ecb6
Specifying the scopes is quite useful and I was wondering whether this functionality could be added to the library.
As a (quite ugly) workaround, I have overridden the _request_token
method in a custom token manager class and using it in a custom subclass of Client
.
Line 15 in 200ecb6
What do you think about optionally passing the scopes to the Client
so it can forward them to its token manager?
Many thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.