Leading to #13, I was troubleshooting the permissions on my access tokens, and since you cannot modify the permissions on an existing token, I had to create a new token for each permissions attempt.

If the token is set through the SAR console on creation, everything works fine. However, if the token is then changed in Secrets Manager, the Github call fails with Invalid Credentials.
I skimmed the github proxy, and it looks like everything is being done correctly (secret value pulled fresh each time), so I'm not entirely sure why this is failing

I did update the value through the Secrets Manager console, which makes me wonder if some whitespace might be sneaking its way in to the value. I'll do some testing with this to see if I can narrow this down.