"Personal access tokens" with an Github organization instead of user account

About

Asked 15/1, 2022 at 21:13 Answered 15/1, 2022 at 21:13

github oauth github-api github-app personal-access-token

Currently I am using a "Personal access tokens" for the JS script of my google form, so the script can automatically create GitHub issues. I would like to maintain the scrip's access but change the token or permission to an GitHub organization one, so the access permission is not tied to me but to the team. I have been reading about GitHub Apps and OAuth Apps, is it possible that neither of these is useful for my use case? This is for a script, I don't want any human interaction in the middle, like approving access and the like.

Foliated answered 15/1, 2022 at 21:13 Comment(4)

Are you putting the token in the JavaScript that you send to the user, or is this on the server side? – Jat 15/1, 2022 at 23:12

Are you referring to the current version of the script using the Personal access tokens? In that case, yes, the access token is in the script. – Foliated 16/1, 2022 at 14:25

You should avoid putting any PAT or other secret into scripts you serve to the user because they can just extract the secret and perform unauthorized actions. Using an organization PAT, if there were such a thing, wouldn't make this any better. – Jat 16/1, 2022 at 15:15

The script is not used by the user, it's used by google forms. Anyways, I would like to know if I can use any other authentication way for my script apart from a token linked to an user account. Is GitHub Apps what I need? – Foliated 17/1, 2022 at 1:56

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags