Redact user event for direct logins #291
Description
When a user logs in with two steps, e.g.
> login token
> {"field_id_1":"xyz...","field_id_2":"abc..."}
the user's second message gets redacted to hide the field values (they might contain tokens or other secrets).
When a user logs in direct (checkLoginCommandDirectParams), e.g.:
> login token xyz... abc...
the message is left unredacted, with the values in plaintext.
Any reason for this differing behavior with respect to redactions? Can we assume that if the user provided extra ce.Args, they're probably attempting to provide login secrets, and we should issue a redaction for them? Or do some login flows allow only non-secret extra args that we want to keep around and not redact? Thoughts?