The RemoteToken.access_token variable is part of the repr string of the object which is problematic since one could use the access_token for performing any kind of authorized request on the remote application's API (e.g. GitHub).
It should generally be treated as a password field which means that it should not be displayed in plaintext in logs or any kind of object representation.
The
RemoteToken.access_tokenvariable is part of the repr string of the object which is problematic since one could use theaccess_tokenfor performing any kind of authorized request on the remote application's API (e.g. GitHub).It should generally be treated as a password field which means that it should not be displayed in plaintext in logs or any kind of object representation.