0

This is my request :

public class GenerateTokenRequest
{
    [AliasAs("code")]
    public string Code { get; set; } = string.Empty;
    
    [AliasAs("secret")]
    public string Secret { get; set; } = string.Empty;
}

This is my Refit Interface :

public interface IAuthServiceRefitApi 
{
    [Post("/token")]
    Task<GenerateTokenResponse> GenerateTokenAsync(
        [Query] GenerateTokenRequest command,
        CancellationToken cancellationToken = default);
}

This method gets called and then it creates a URL like this :

https://some-url.com/oauth/token?code=SOME_CODE&secret=SOME_SECRET

I want to mask secret values and code with *** in my logs.

For properties that are part of the body, I have used the PiiString concept and then added a custom delegating handler.

But for properties that become part of the URL as query params, I am unable to do it.

Any suggestions on how I should achieve that?

Improve this question

2 Answers 2

Reset to default
0

You have to pass variables directly in method like this:

public interface IAuthServiceRefitApi
{
    [Post("/token")]
    Task<GenerateTokenResponse> GenerateTokenAsync(string code, string secret, CancellationToken cancellationToken = default);
}

Using above code, Your URL will be this :

https://some-url.com/oauth/token?code=SOME_CODE&secret=SOME_SECRET

NOTE : As per your existing code, You have to pass JSON body with https://some-url.com/oauth/token URL.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I want to mask those values in URL in my logs
@Hakuna, Remove model GenerateTokenRequest & Directly use variables. Like this : Task<GenerateTokenResponse> GenerateTokenAsync(string code, string secret, CancellationToken cancellationToken = default)
How come that will mask the logs?
0

I assume that your question is not directly related to Refit. To mask some sensitive data in your logs you can use Serilog for logging and its enricher for sensitive data masking. Please refer to this

Improve this answer

2 Comments

I am interested in the masking query params that packages only works for body params
Have you had a look at github.com/serilog-contrib/… ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.