HI Rushmin, It is valid requirement to log the information. Access log is the the right place for this kind of logs, as it logs who/what accessed the Application with token.
Audit log in contrast logs who did what modification at what resource. Cheers. Ruwan On Mon, Aug 6, 2018 at 1:36 PM Rushmin Fernando <rush...@wso2.com> wrote: > It is a valid requirement for a production deployment to publish/log > context data during the operations like OAuth token generation. > > As of now, we don't log these audio data. One close existing candidate is > HTTP access logs. But it doesn't contain any context information like > client ID. > > What we can do is, use an audit logger in relevant classes and start > logging the data. > > Do we have any concerns with this? > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94775615183 > > > -- *Ruwan Abeykoon* *Associate Director/Architect**,* *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * *lean.enterprise.middleware.*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture