|
|
|
|
|
|
by Thom2000
241 days ago
|
|
|
Exactly! Bearer tokens should be replaced with schemes based on signing and the private keys should never be directly exposed (if they are there's no difference between them and a bearer token). Signing agents do just that. Github's API is based on HTTP but mutual TLS authentication with a signing agent should be sufficient. |
|
|