Skip to content

GitHub OAuth Client Secret

Service Name: GitHub

Service Description: GitHub is a web-based platform for version control and collaboration that enables developers to store, manage, and track changes to their code. It provides features for code hosting, pull requests, issue tracking, and integrations with various development tools.

Service Address: https://github.com

Validation Type: API Auth

IP Allow list: IP allow lists can be configured at the organization level through GitHub Enterprise security settings.

Secret Access Scope: Grants OAuth applications access to GitHub APIs on behalf of users who authorize the application. The scope depends on the specific permissions requested during OAuth authorization.

Secret Revokement URL: https://github.com/settings/applications

Secret Example: 3a1f2b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0

Suspicious Activity Investigation Instructions:

  • Review the OAuth application's access logs in GitHub Developer settings.
  • Check for unauthorized API calls or repository access.
  • Monitor for unusual authentication patterns or access from unexpected locations.
  • Review user authorization grants to identify potential unauthorized access.
  • Check for any changes to repository permissions or collaborator settings.

Mitigation Instructions:

  • Navigate to GitHub Developer settings.

  • Select the OAuth App containing the compromised client secret.

  • Select Reset client secret to invalidate the current secret and generate a new one.
  • Update your application with the new client secret.
  • Review and potentially revoke user authorizations for the application.
  • Consider implementing additional security measures like IP restrictions or SAML SSO.

  • Audit repository access and permissions to ensure no unauthorized changes were made.