[BUG] TokenHandling class now verbose logs Graph access token to the console

[mbice]

Reporting an Issue or Missing Feature

As of 2.2.0, we have noticed that when deploying a provisioning template, an access token is output to the console (we verbose log by default to help with potential troubleshooting).

powershell/src/Commands/Base/TokenHandling.cs

Line 84 in 38a9c74

cmdlet.WriteVerbose($"Access token acquired: {accessToken}");

Expected behavior

Maybe this was an intentional change, but my expectation would be that no token that could be used to make unauthorized calls is ever output to the console.

Actual behavior

Graph access token is output to the verbose console log.

Steps to reproduce behavior

1. Use Invoke-PnPTenantTemplate -Verbose to deploy a tenant provisioning template
2. See access token logged to the console

What is the version of the Cmdlet module you are running?

2.2.0

Which operating system/environment are you running PnP PowerShell on?

• Windows

[KoenZomers]

Fair concern @mbice. It was a deliberate change as it is of huge help when troubleshooting, but I see where you're coming from. Just know that removing it from the verbose output might conceal it a little more, but a cmdlet like 'Get-PnPAccesstoken` or just by looking at the network traffic using i.e. Fiddler will also reveal it. Will proceed with the PR that has been proposed to remove it again from the verbose output to grant your request.