Skip to main content

GitHub OAuth App Keys

Description#

General#

  • Documentation: https://docs.github.com/en/free-pro-team@latest/rest/reference/apps#oauth-applications
  • Summary: GitHub Applications are plugins that can be installed on GitHub accounts. This detector focuses on detecting the app's credentials used to retrieve data from GitHub. Note that these credentials are different than GitHub App Admin Keys, the main differences are listed here. When a user installs a GitHub application, he allows the app to act on his behalf within the defined scope.
  • IPs allowlist: This feature is not currently available.
  • Scopes: The app has the scope granted by the user when installing it.

Revoke the secret#

This feature is not described in the documentation.

Check for suspicious activity#

This feature is not described in the documentation.

Details for Github oauth app keys#

  • Category: Version control platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 70.38

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - git(hub|ment|alk)- type: ContentWhitelistPreValidator  patterns:  - secret  - key

Examples#

- text: >    gitalk:      clientID: c151f93feb034ed7da85      clientSecret: 0fd3f9942d1e65a267a5541ee1fc31d78d8aefda  client_id: c151f93feb034ed7da85  client_secret: 0fd3f9942d1e65a267a5541ee1fc31d78d8aefda