spotifyBackup - GitHub automatically revokes PAT #52
Description
GitHub automatically revokes PAT
Extension: spotifyBackup
Hi there,
GitHub has begun to automatically remove Personal Access Tokens that appear in user Gists, whether public or secret. All extension users are affected.
Applies to public repositories and all gists, including secret gists. Secret gists are not private and can be accessed by anyone with the URL. (https://docs.github.com/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets)
This results in a successful backup, however once the Gist is updated and GitHub detects the PAT in the backup JSON, the PAT is revoked for account protection. This results in future backups failing due to invalid PAT.
I propose that the backup JSON should include all settings values except the PAT field value, leaving it blank. This should fix the issue.
Thank you.