microsoft
Write-Error contains bearer access token and is written in the console log
Using EntraExporter and not having sufficient rights, it give an error. This error is not handled by the module and passed through the console log and we can clearly see the bearer access token (stripped from this capture)
Any way to hive this part of the request? I don't mind having the error but having the access token all over in the logs....even if it's valid only for 1 hour and having limited access, I prefer not having it :)
Thanks !
The skiptoken field wouldn't be an access token, it's just used for pagination in the Graph API to handle large datasets. If you wanted to redact that or something from the output you could always wrap the command in a try/catch and use regex to redact any output that you don't want to see.
See below, I mask the authorization header bearer... its weird on dark mode browser 😅
Plus, I run this inside an azure function so maybe its more verbose than usually.
I'm going to add this to my next-up list. @milapointe, do you have a good way to reproduce this for testing?
Just to be clear, I don't own this repo or have the ability to merge changes but I know how to bug a guy that can. 😉 Let's keep contributing to improve and enhance a great community tool.
Hi, I was doing a full export into an azure function. A simple powershell script that import the module EntraExporter. Keep in mind you have to put greater timeout for the azure function so that it wont fail.
the initial problem I was working on was this : https://github.com/microsoft/EntraExporter/issues/62
Returning the token in an error message is a bug/bad design by the API owners. In this case it would be for the /privilegedAccess/azureResource.
This error would need to be reported to the API owners. Can you please share repro steps for this if you are still seeing it?
I don't think we can do much in this module to fix this issue.
Closing for now. Please re-open if you see an issue.
