Currently I am using a "Personal access tokens" for the JS script of my google form, so the script can automatically create GitHub issues. I would like to maintain the scrip's access but change the token or permission to an GitHub organization one, so the access permission is not tied to me but to the team. I have been reading about GitHub Apps and OAuth Apps, is it possible that neither of these is useful for my use case? This is for a script, I don't want any human interaction in the middle, like approving access and the like.
Asked
Active
Viewed 2,970 times
5
-
Are you putting the token in the JavaScript that you send to the user, or is this on the server side? – bk2204 Jan 15 '22 at 23:12
-
Are you referring to the current version of the script using the Personal access tokens? In that case, yes, the access token is in the script. – Rick Jan 16 '22 at 14:25
-
You should avoid putting any PAT or other secret into scripts you serve to the user because they can just extract the secret and perform unauthorized actions. Using an organization PAT, if there were such a thing, wouldn't make this any better. – bk2204 Jan 16 '22 at 15:15
-
The script is not used by the user, it's used by google forms. Anyways, I would like to know if I can use any other authentication way for my script apart from a token linked to an user account. Is GitHub Apps what I need? – Rick Jan 17 '22 at 01:56