Should make use of SecretStr for any Token or Password fields

[sammaphey]

To avoid logging tokens or passwords accidentally pydantic provides a nice SecretStr model as a way to reduce these issues.

Can change instances like:

class Token(BaseModel):
    access_token: str
    refresh_token: Optional[str] = None
    token_type: str

to

from pydantic import SecretStr

class Token(BaseModel):
    access_token: SecretStr
    refresh_token: Optional[SecretStr] = None
    token_type: str

[Jibola]

Thanks for providing this suggestion! We've gone ahead and created a JIRA ticket for this change to track this issue.

Feel free to provide a contribution as well, and we will happily review it. :)

[FlorianEisenbarth]

If SecretStr is used on the Token model how could we use the Oauth2 login workflow then ? The method login_with_oauth2 would output:

{'access_token': '*******',
'refresh_token': '********',
'token_type': 'bearer'}`

so, how can we use the access token to access other API endpoints ? If I misunderstood something could you explain what I’m doing wrong.

[thoth2357]

@FlorianEisenbarth you aren't wrong , with the use of secretstr, the Oauth2 login workflow wouldn't work as expected as the authorization headers would be in '*******'. I think the only workaround would be to create a new base model that wont type it field with secretstr