Token authentication requirements for Git operations
Beginning November 13th, 2020, Github will no longer accept account passwords when authenticating with the REST API and will require the use of token-based authentication (e.g., personal access, OAuth, or GitHub App installation token) for all authenticated API operations on GitHub.com.
Additionally, nowadays they are announcing intent to similarly require the use of a personal access token, OAuth token, or SSH key for all authenticated Git operations at a future date. If you have two-factor authentication enabled for your account, you will not be affected by future Git authentication changes.
They have not announced any changes to GitHub Enterprise Server, which remains unaffected at this time. Likewise, GitHub Apps do not use password authentication and are similarly unaffected by these changes.
Workflows affected
- Command-line Git access
- Desktop applications using Git (GitHub Desktop is unaffected)
- Any apps/services that access Git repositories on GitHub.com directly using your password
The following customers remain unaffected by this change:
- If you have two-factor authentication enabled for your account, you are already required to use token- or SSH-based authentication.
- If you use GitHub Enterprise Server, we have not announced any changes to our on-premises offering.
- If you maintain a GitHub App, GitHub Apps do not support password authentication.
What do you need to do today?
- For developers, if you are using a password to authenticate Git operations with GitHub.com today, you must begin using a personal access token over HTTPS (recommended) or SSH key by August 13, 2021, to avoid disruption. If you receive a warning that you are using an outdated third-party integration, you should update your client to the latest version.
- For integrators, you must authenticate integrations using the web or device authorization flows by August 13, 2021, to avoid disruption. For more information, see Authorizing OAuth Apps and the announcement on the developer blog.
Let’s cover what developers need
From August 13, 2021, Github is no longer accepting account passwords when authenticating Git operations. You need to add PAT (Personal Access Token) instead, you can follow the below method to add PFA to your system.
Create Personal Access Token on Github
From your Github account, go to Settings => Developer Settings => Personal Access Token => Generate New Token (Give your password) => Fillup the form => click Generate token => Copy the generated Token, it will be something like ghp_sFhFsSHhTzMDreGRLjmks4Tzuzgthdvfsrta
Now follow the below method based on your machine:
For Windows OS ⤴
Go to Credential Manager from Control Panel => Windows Credentials => find
git:https://github.com
=> Edit => On Password replace with with your Github Personal Access Token => You are DoneIf you dont find
git:https://github.com
=> Click on Add a generic credential => Internet address will begit:https://github.com
and you need to type in your username and password will be your Github Personal Access Token => Click Ok and You are Done
For MAC OS ⤴
Click on the Spotlight icon (magnifying glass) on the right side of the menu bar. Type Keychain access then press the Enter key to launch the app => In Keychain Access, search for
github.com
=> Find the internet password entry forgithub.com
=> Edit or delete the entry accordingly => You are done
For Linux based OS ⤴
For Linux, You need to configure the local GIT client with a username and email address,
$ git config --global user.name "your_github_username" $ git config --global user.email "your_github_email" $ git config -l
Once GIT is configured, we can begin using it to access GitHub. Example :
$ git clone https://github.com/YOUR-USERNAME/YOUR-REPOSITORY > Cloning into `Spoon-Knife`... $ Username for 'https://github.com' : username $ Password for 'https://github.com' : give your personal access token here
Now cache the given record in your computer to remembers the token :
$ git config --global credential.helper cache
If needed, anytime you can delete the cache record by :
$ git config --global --unset credential.helper $ git config --system --unset credential.helper
Now try to pull with
-v
to verify
$ git pull -v
Resources
- https://github.blog/2020-07-30-token-authentication-requirements-for-api-and-git-operations/
- https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
- https://stackoverflow.com/questions/68775869/support-for-password-authentication-was-removed-please-use-a-personal-access-to
Collaborate
If you want and you liked the content you can support this writer, thank you very much 😀