Are you still using outdated GitHub Oauth apps for this, or have you swapped to GitHub Apps? GitHub Apps are newer and have Oauth flows, but have a fine-grained permissions model instead of the Oauth permission model.
More-over, can you document the GitHub permissions needed and which GitHub App(s) this tool uses? Are you using device-flow, online oauth-flow, etc? And where are the Oauth tokens stored if so? Is there any server-side component where you might be storing tokens?
More info: https://docs.github.com/en/apps/oauth-apps/building-oauth-ap...
More-over, can you document the GitHub permissions needed and which GitHub App(s) this tool uses? Are you using device-flow, online oauth-flow, etc? And where are the Oauth tokens stored if so? Is there any server-side component where you might be storing tokens?
Thanks!