16Şub
Showing prefix of token in error message?
In our development context we have a lot of different tokens. If a developer gets "permission denied", it is often not immediately clear which token was used.
I would like to improve the error message and show a prefix of the token.
Imagine I have a token like this:
aragq29uFDgfDdgf44SdfgfSSgfdRsgdDG45
I would like to show:
permission denied (token starts with "aragq...")
Is this a security risk?