Square OAuth Secret
Bridgecrew Policy ID: BC_GIT_16
Severity: LOW
Square OAuth Secret
Description
The Square OAuth API uses the OAuth 2 protocol to get permission from the owner of the seller account to manage specific types of resources in that account.
Fix - Buildtime
Square
Step 1: Revoke the exposed secret.
POST /oauth2/revoke: Revokes an access token generated with the OAuth flow.
If an account has more than one OAuth access token for your application, this endpoint revokes all of them, regardless of which token you specify. When an OAuth access token is revoked, all of the active subscriptions associated with that OAuth token are canceled immediately.
Replace APPLICATION_SECRET with the application secret on the OAuth page in the developer dashboard.
Authorization: Client APPLICATION_SECRET
Step 2: Clean the git history.
Updated 4 months ago