rusackas commented on code in PR #40864:
URL: https://github.com/apache/superset/pull/40864#discussion_r3375313965
##########
superset/mcp_service/jwt_verifier.py:
##########
@@ -273,7 +273,13 @@ async def load_access_token(self, token: str) ->
AccessToken | None: # noqa: C9
)
return None
- # All validations passed
+ # All validations passed -- record a success entry so that
+ # successful access leaves an audit trail, not just failures.
+ logger.info(
+ "JWT authentication succeeded for client '%s' (scopes=%s)",
+ client_id,
+ sorted(scopes),
+ )
Review Comment:
Thanks — this one is intentional. The documented WARNING/DEBUG tiers govern
*failure* logging, where the goal (per RFC 6750 3.1 and the referenced CVEs) is
to avoid leaking claim values that help an attacker probe why a token was
rejected. A *successful*-auth audit entry has the opposite purpose: it must
identify the principal that authenticated to be useful as an audit trail, so
recording client_id (the resolved identity) and granted scopes at INFO is by
design, not a leak. These are the credentials of an already-authenticated,
authorized caller — not attacker-probing surface — and no token contents or
secrets are logged. I noted this explicitly in the comment above the log call.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
