[Critical] API token is in the repository

[anjannair]

WOC-certificate-generator-Hactoberfest2021/token.json

Line 1 in ba3b018

{"token": "ya29.a0ARrdaM-6wjwFO0wxhoLSzEXVCGnmcp0vg78RHVfgiveISTiWOs6UeKtRJ9qW1iSggXgQK0m7XkOeytJswkncIgV_nKdL4kRxnL4ihI0IULrJ1Lbe11FiJT65V8aBUXIzSAsvUx7VlrA-EG4C6DsIS5RpaB6Y", "refresh_token": "1//0gKEeIhPbzDGtCgYIARAAGBASNwF-L9IrE120mfn6V2adCtXSq4Zw94tlLQIernNFxdKYxgvEodK1SMKcR2sj4oaaHpsIiNgfkXU", "token_uri": "https://oauth2.googleapis.com/token", "client_id": "420556009191-lr62rd8ln1dqg75i8q0to0c4asuk9koi.apps.googleusercontent.com", "client_secret": "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", "scopes": ["https://www.googleapis.com/auth/gmail.send"], "expiry": "2021-10-28T04:58:51.831263Z"}

WOC-certificate-generator-Hactoberfest2021/credentials.json

Line 1 in ba3b018

{"installed":{"client_id":"420556009191-lr62rd8ln1dqg75i8q0to0c4asuk9koi.apps.googleusercontent.com","project_id":"email-sending-330402","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"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","redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]}}

Your Google token and client secret are pushed publicly in the repository. Please use dotevn and .gitignore to avoid such tokens to be pushed into the public repository.

These tokens and credentials are meant to be hidden and not to be made public. I would advice you to reset these tokens so as to avoid misuse by anyone else.

[yogesh-9999]

@anjannair assign me this issue