Verbose mode should not print access token

Question

Verbose mode should not print access token

Closed this issue 4 years ago · 3 comments

Although super useful, we have a tendency to copy-paste the entire verbose output into a group chat or forum.
This is probably not a great idea since it includes the access token in the output.
The access token can be used to access the API arbitrarily and should be treated a bit more securely.
I still like the access token to be able to troubleshoot tho. Can we add a -vv or env variable switch or something?

Answer 1 · 2019-05-07T20:30:04.000Z

Access token option will no longer be supported: #12.

Answer 2 · 2019-05-07T20:35:04.000Z

I don't think #12 actually addresses this issue. An access token will still show up in verbose mode, it will just be the one from the JWT swap rather than a user-provided one. They're both sensitive.

Answer 3 · 2021-04-16T16:58:37.000Z

Addressed by #43