Merge pull request #382 from AzureAD/bogavril/logging

Logging audit and logging docs
AzureAD · Feb 16, 2023 · 048f40f · 048f40f
2 parents a382af4 + 02c91b6
commit 048f40f
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/apps/design/design.md b/apps/design/design.md
@@ -5,6 +5,7 @@ Contributors:
 - Keegan Caruso(Keegan.Caruso@microsoft.com)
 - Joel Hendrix(jhendrix@microsoft.com)
 - Santiago Gonzalez(Santiago.Gonzalez@microsoft.com)
+- Bogdan Gavril (bogavril@microsoft.com)
 
 ## History
 
@@ -140,6 +141,10 @@ Since we have representation from the Go SDK team, we might have them go bridge
 the current implementation using some of that code so its possible for our users to store the
 cert in Keyvault.
 
-## Notes:
+## Logging
 
-Do we need: AcquireTokenSilent()??  Seems like we could just bake this into other acquire calls automatically????
+For errors, see [error design](../errors/error_design.md).
+
+This library does not log personal identifiable information (PII). For a definition of PII, see https://www.microsoft.com/en-us/trust-center/privacy/customer-data-definitions. MSAL Go does not log any of the 3 data categories listed there. 
+
+The library may log information related to your organization, such as tenant id, authority, client id etc. as well as information that cannot be tied to a user such as request correlation id, HTTP status codes etc.
diff --git a/apps/errors/error_design.md b/apps/errors/error_design.md
@@ -69,7 +69,7 @@ func (e CallErr) Error() string {
 
 // Verbose prints a versbose error message with the request or response.
 func (e CallErr) Verbose() string {
-    e.Resp.Request = nil // This brings in a bunch of TLS crap we don't need
+    e.Resp.Request = nil // This brings in a bunch of TLS stuff we don't need
     e.Resp.TLS = nil     // Same
     return fmt.Sprintf("%s:\nRequest:\n%s\nResponse:\n%s", e.Err, prettyConf.Sprint(e.Req), prettyConf.Sprint(e.Resp))
 }

diff --git a/apps/internal/oauth/oauth.go b/apps/internal/oauth/oauth.go
@@ -171,7 +171,7 @@ func (t *Client) UsernamePassword(ctx context.Context, authParams authority.Auth
 
 	userRealm, err := t.Authority.UserRealm(ctx, authParams)
 	if err != nil {
-		return accesstokens.TokenResponse{}, fmt.Errorf("problem getting user realm(user: %s) from authority: %w", authParams.Username, err)
+		return accesstokens.TokenResponse{}, fmt.Errorf("problem getting user realm from authority: %w", err)
 	}
 
 	switch userRealm.AccountType {