GitHub OAuth Token
Description
General
-
Documentation: https://docs.github.com/en/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens
-
Summary: GitHub OAuth Tokens are used to authenticate API requests on behalf of a user through an OAuth flow. These tokens are issued to third-party applications and grant access to GitHub resources based on the permissions requested during the OAuth authorization process.
-
IPs allowlist: No
-
Scopes: OAuth Tokens have permissions defined by the OAuth App's configuration. These permissions can include access to repositories, user data, organizations, and more. For a full list of available permissions, refer to the GitHub documentation.
Revoke the secret
Tokens can be revoked from the OAuth Apps panel. Navigate to the "Authorized OAuth Apps" section and revoke access for the application.
Check for suspicious activity
There is no way to check the exact last API calls made with a token. However, GitHub provides security logs to review account activity and detect suspicious behavior.
Details for Github oauth access token v2
-
Family: token
-
Category: version_control_platform
-
Company: GitHub
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 2.83
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^(cs|x|p|s|r|m)?html5?~?$
- ^[aps]?cssc?~?$
- ^csv$
- ^ebuild$
- ^storyboard(c|er)?~?$
- ^xib$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- gho_
Examples
- text: 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
apikey: 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
# Fat-fingered secret
- text: X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
apikey: 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
