From 062dbeedfe80b1f7ef2884608ef686adcc72c4e5 Mon Sep 17 00:00:00 2001
From: Shaul Kremer <shaul@permit.io>
Date: Thu, 21 Sep 2023 09:03:03 +0300
Subject: [PATCH] Security: fix secret leakage in errors.

---
 packages/opal-common/opal_common/authentication/deps.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/opal-common/opal_common/authentication/deps.py b/packages/opal-common/opal_common/authentication/deps.py
index 4a93e6e16..390e8ce2d 100644
--- a/packages/opal-common/opal_common/authentication/deps.py
+++ b/packages/opal-common/opal_common/authentication/deps.py
@@ -32,11 +32,11 @@ def verify_logged_in(verifier: JWTVerifier, token: Optional[str]) -> JWTClaims:
             logger.debug("JWT verification disabled, cannot verify requests!")
             return {}
         if token is None:
-            raise Unauthorized(token=token, description="access token was not provided")
+            raise Unauthorized(description="access token was not provided")
         claims: JWTClaims = verifier.verify(token)
         subject = claims.get("sub", "")
 
-        invalid = Unauthorized(token=token, description="invalid sub claim")
+        invalid = Unauthorized(description="invalid sub claim")
         if not subject:
             raise invalid
         try: