IdentityServer · brockallen · Oct 5, 2020 · Oct 3, 2020
diff --git a/src/IdentityServer4/src/Extensions/StringsExtensions.cs b/src/IdentityServer4/src/Extensions/StringsExtensions.cs
@@ -264,5 +264,16 @@ public static string GetOrigin(this string url)
 
             return null;
         }
+
+        public static string Obfuscate(this string value)
+        {
+            var last4Chars = "****";
+            if (value.IsPresent() && value.Length > 4)
+            {
+                last4Chars = value.Substring(value.Length - 4);
+            }
+
+            return "****" + last4Chars;
+        }
     }
 }
diff --git a/src/IdentityServer4/src/Logging/Models/TokenRequestValidationLog.cs b/src/IdentityServer4/src/Logging/Models/TokenRequestValidationLog.cs
@@ -43,8 +43,8 @@ public TokenRequestValidationLog(ValidatedTokenRequest request, IEnumerable<stri
             }
 
             GrantType = request.GrantType;
-            AuthorizationCode = request.AuthorizationCodeHandle;
-            RefreshToken = request.RefreshTokenHandle;
+            AuthorizationCode = request.AuthorizationCodeHandle.Obfuscate();
+            RefreshToken = request.RefreshTokenHandle.Obfuscate();
             UserName = request.UserName;
         }