Refactor GitHub OAuth credential handling (#3693)

Continues the work of #3652.

services/github/github-constellation.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const path = require('path')
+const { AuthHelper } = require('../../core/base-service/auth-helper')
 const RedisTokenPersistence = require('../../core/token-pooling/redis-token-persistence')
 const FsTokenPersistence = require('../../core/token-pooling/fs-token-persistence')
 const serverSecrets = require('../../lib/server-secrets')
@@ -12,6 +13,17 @@ const { setRoutes: setAcceptorRoutes } = require('./auth/acceptor')
 // Convenience class with all the stuff related to the Github API and its
 // authorization tokens, to simplify server initialization.
 class GithubConstellation {
+  static _createOauthHelper(privateConfig) {
+    return new AuthHelper(
+      {
+        userKey: 'gh_client_id',
+        passKey: 'gh_client_secret',
+        isRequired: true,
+      },
+      privateConfig
+    )
+  }
+
   constructor(config) {
     this._debugEnabled = config.service.debug.enabled
     this._debugIntervalSeconds = config.service.debug.intervalSeconds
@@ -40,6 +52,8 @@ class GithubConstellation {
       withPooling: !globalToken,
       onTokenInvalidated: tokenString => this.onTokenInvalidated(tokenString),
     })
+
+    this.oauthHelper = this.constructor._createOauthHelper(config.private)
   }
 
   scheduleDebugLogging() {
@@ -70,9 +84,10 @@ class GithubConstellation {
 
     setAdminRoutes(this.apiProvider, server)
 
-    if (serverSecrets.gh_client_id && serverSecrets.gh_client_secret) {
+    if (this.oauthHelper.isConfigured) {
       setAcceptorRoutes({
         server,
+        authHelper: this.oauthHelper,
         onTokenAccepted: tokenString => this.onTokenAdded(tokenString),
       })
     }