From a5a6b90af984dd25e2e6dc2584a25dd06d004be4 Mon Sep 17 00:00:00 2001
From: Ray Luo <rayluo@microsoft.com>
Date: Wed, 19 May 2021 10:00:56 -0700
Subject: [PATCH] Also redact id token from now on

---
 msal/token_cache.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/msal/token_cache.py b/msal/token_cache.py
index d11d5c91..5b31b299 100644
--- a/msal/token_cache.py
+++ b/msal/token_cache.py
@@ -113,7 +113,7 @@ def wipe(dictionary, sensitive_fields):  # Masks sensitive info
             return self.__add(event, now=now)
         finally:
             wipe(event.get("response", {}), (  # These claims were useful during __add()
-                "access_token", "refresh_token", "username"))
+                "access_token", "refresh_token", "id_token", "username"))
             wipe(event, ["username"])  # Needed for federated ROPC
             logger.debug("event=%s", json.dumps(
             # We examined and concluded that this log won't have Log Injection risk,