Allowing private repositories

[rudyrigot]

The behavior with private repositories has been for a while:

1. if you configure only the client ID and client secret, you get a 402.
2. if you configure also the token, then it works, but you're logged in even if you don't have the rights to be.

I think that the right way to do it is 1. but that a private API used not to return a valid token only from a client ID and a client secret. It looks like that has been fixed on the API side, it needs to be fixed on the kit's side.