From 213f4a5333c21020da030012979bd326a34fb28c Mon Sep 17 00:00:00 2001 From: Colin Arnott Date: Tue, 18 Feb 2020 08:00:18 +0000 Subject: [PATCH] context: use the real oauth credentials It is trivial to extract this information from the released artefacts, thus there is no security benefit to the safe/development credentials. This approach also prevents users from using go-get to install. As proof of concept, and to enable go-get, this change embeds the GitHub CLI credentials, instead of GitHub CLI (dev). --- context/config_setup.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/context/config_setup.go b/context/config_setup.go index 4d91a4c62..4236a81d9 100644 --- a/context/config_setup.go +++ b/context/config_setup.go @@ -18,10 +18,8 @@ const ( ) var ( - // The GitHub app that is meant for development - oauthClientID = "4d747ba5675d5d66553f" - // This value is safe to be embedded in version control - oauthClientSecret = "d4fee7b3f9c2ef4284a5ca7be0ee200cf15b6f8d" + oauthClientID = "178c6fc778ccc68e1d6a" + oauthClientSecret = "34ddeff2b558a23d38fba8a6de74f086ede1cc0b" ) // TODO: have a conversation about whether this belongs in the "context" package