In fairness, they posted Okta tokens to Okta support. Cloudflare already trust Okta with their auth anyway.
Sure, it’s still not a good idea for them to give Okta their tokens. But the above, combined with the fact that forgetting to redact a HAR is an incredibly easy mistake to make, makes me tend towards giving them a pass on this one.
Sure, it’s still not a good idea for them to give Okta their tokens. But the above, combined with the fact that forgetting to redact a HAR is an incredibly easy mistake to make, makes me tend towards giving them a pass on this one.