|
|
|
|
|
|
by Aeolun
1155 days ago
|
|
|
Yeah, but the secret in question is possessed by Github, not you or your source. PyPi will be able to verify that the id-token was signed with the Github secret, and therefore trust that the person described in the token is who they say they are. |
|
|