Y
Hacker News
new
|
ask
|
show
|
jobs
by
dboreham
3075 days ago
Good point: Credentials must not be logged. The easiest way to achieve this is to use HTTP basic auth for the token because web server infrastructure already knows not to log that, or a header OAuth2 style.