Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
authn/bearer: Remove support for access_token in query or body params
Query params aren't safe for credentials because they often appear in access logs. Body params aren't necessary for our usage (and they're also logged sometimes, though more rarely). Supporting more authn code paths than we need only makes it harder to reason about the security of the system as a whole.
- Loading branch information