I have to use my OAuth2 token in my API program.
But I also want to share my code via GitHub.
How can I use my secret token without having it in my source?
You could require the token as a runtime argument for the application or you could store the token in a file that is not added to the repository.
For a file, you could store the API token in token.txt and then add token.txt to your .gitignore
This way you can have people who want to use your project just include their own API tokens without having to modify the code!
(If you're trying to hide or obfuscate your own token, that will probably be more effort than it's worth.)