Closed
Description
Doorkeeper's engine initializes [:client_secret, :code, :token] filter parameters and they are compiled further to /client_secret|code|secret|password/ regexp inside ParameterFilter module (password is Rails default). That means application specific parameters, like postcode, codebase, tokenization, etc., will be filtered out.
What do you think if symbols will be replaced with word boundaries regexp like
/^(client_secret|code|authentication_token|refresh_token)$/ and others? Sorry, I'm not aware of all possible parameters in use.
Also I've described this problem in rails issue with more details.
Metadata
Metadata
Assignees
Labels
No labels