maskedAccessToken property

String get maskedAccessToken

Returns a partially-redacted form of accessToken suitable for logs.

Shows the first 4 and last 4 characters joined by … (e.g. eyJh…sR2c). Tokens with 8 characters or fewer are fully redacted as *** so short opaque tokens don't leak verbatim.

Never log the raw accessToken in production — use this getter or toString (which already redacts) instead.

Implementation

String get maskedAccessToken {
  if (accessToken.length <= 8) return '***';
  return '${accessToken.substring(0, 4)}…'
      '${accessToken.substring(accessToken.length - 4)}';
}