Hi. I created a GitHub App (not OAuth) and want to use it as an automatic issue report bot. I have read the docs about getting the access token using Private keys.
Everything works fine until I read the article
Refreshing user-to-server access tokens, which uses Client secrets.
Now I am confused about the terms Private keys and Client secrets.
Which of these is more “sensitive” (aka which one has more power)?
What are the usages of both?
Right now, I do token refreshes by regenerating the jwt token and post a request to