Problem
In lib/app/dev_console/tabs/storage_tab.dart:43, only jwtToken is masked. The refreshToken is shown in plaintext, which could expose credentials in the dev console.
Fix
Mask refreshToken as well, and consider a general rule to mask any key containing token, secret, etc.
Source
Copilot review on PR #59
Problem
In
lib/app/dev_console/tabs/storage_tab.dart:43, onlyjwtTokenis masked. TherefreshTokenis shown in plaintext, which could expose credentials in the dev console.Fix
Mask
refreshTokenas well, and consider a general rule to mask any key containingtoken,secret, etc.Source
Copilot review on PR #59