* Redacts sensitive OAuth query parameters from a URL for safe logging. * Prevents exposure of state, nonce, code_challenge, code_verifier, and authorization codes.
(url: string)
| 110 | * Prevents exposure of state, nonce, code_challenge, code_verifier, and authorization codes. |
| 111 | */ |
| 112 | function redactSensitiveUrlParams(url: string): string { |
| 113 | try { |
| 114 | const parsedUrl = new URL(url) |
| 115 | for (const param of SENSITIVE_OAUTH_PARAMS) { |
| 116 | if (parsedUrl.searchParams.has(param)) { |
| 117 | parsedUrl.searchParams.set(param, '[REDACTED]') |
| 118 | } |
| 119 | } |
| 120 | return parsedUrl.toString() |
| 121 | } catch { |
| 122 | // Return as-is if not a valid URL |
| 123 | return url |
| 124 | } |
| 125 | } |
| 126 | |
| 127 | /** |
| 128 | * Some OAuth servers (notably Slack) return HTTP 200 for all responses, |
no test coverage detected