GitHub OAuth App Keys
Service Name: GitHub
Service Description: GitHub is a web-based platform that provides hosting for software development and version control using Git. It offers the functionality of distributed version control and source code management, as well as its own features.
Service Address: https://github.com/
Validation Type: API Auth
IP Allow list: IP restrictions are available at the organization level through GitHub Enterprise security settings.
Secret Access Scope: GitHub OAuth App keys grant access to GitHub resources based on the scopes requested during OAuth authorization. This can include repository access, user data, organization management, and more.
Secret Revokement URL: https://github.com/settings/applications
Secret Example: client_id: 1a2b3c4d5e6f7g8h9i0j and client_secret: 98f7e6d5c4b3a2a1b2c3d4e5f6g7h8i9j0
Suspicious Activity Investigation Instructions:
- Review the OAuth application's access logs in GitHub settings.
- Check for unauthorized repository access or unexpected commits.
- Monitor for unusual authentication attempts from unfamiliar locations.
- Review webhooks and integrations for any unauthorized configurations.
- Check for unexpected organization membership changes or repository permission changes.
Mitigation Instructions:
- Navigate to GitHub Settings > Developer settings > OAuth Apps.
- Locate the compromised OAuth application.
- Click "Reset client secret" to invalidate the current secret.
- Update the new client secret in all legitimate applications using the OAuth app.
- Review and potentially revoke any suspicious OAuth tokens that were issued.
-
Consider implementing additional security measures like IP restrictions for your GitHub organization.
-
Enable two-factor authentication for all organization members if not already enabled.
-
Review GitHub audit logs for any suspicious activity related to the compromised credentials.