The RemoteToken.access_token variable is part of the repr string of the object which is problematic since one could use the access_token for performing any kind of authorized request on the remote application's API (e.g. GitHub).
It should generally be treated as a password field which means that it should not be displayed in plaintext in logs or any kind of object representation.
The
RemoteToken.access_token
variable is part of the repr string of the object which is problematic since one could use theaccess_token
for performing any kind of authorized request on the remote application's API (e.g. GitHub).It should generally be treated as a password field which means that it should not be displayed in plaintext in logs or any kind of object representation.