I wanted to push my react project to github, but if I try putting in my username and password, I get this message:
The annoying part is when I try using a personal access token instead, I get the "fatal: unable to access 'https://github.com/samisamara/personalWebpage.git/': The requested URL returned error: 403" error.
I used all saved tokens I had on me (I always remember to save my tokens so I don't lose them) and I even tried to make a new token, but neither worked. So git is making me use my github password instead of a personal access token, but it also requires a personal access token instead. I'm basically locked out of doing any commits, and I have no idea what to do. Does anyone have a solution to this?
I found an answer to this. When you generate a new token, you have to check mark the "repo" checkbox. I didn't check mark that last time, so the key didn't have permission to actually do anything.
Related
Github refused to clone a private repo:
$ git clone https://github.com/jamesbond/secretmission
Cloning into 'secretmission'...
Username for 'https://github.com': kilojoules
Password for 'https://kilojoules#github.com':
remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: Authentication failed for 'https://github.com/jamesbond/secretmission/'
In my opinion, the blog they post to is not clear about what I can do here. I am trying to add a security key to see if that helps. When I try to enter a security key on firefox on my mac, I see this: github.com wants to register an account with one of your security keys. You can connect and authorize one now, or cancel. I have no calls actions available I am aware of past this point.
I'm out of my element. How do I connect and authorize a security key? When I use the firefox plugin, it asked for the issuer and secret, of which I have neither. Can I use an ethereum wallet as an authentication?
To push to GitHub, you don't need to set up a security key. A security key is a special device that plugs into the USB port, such as a YubiKey, and typically acts as a second factor.
In your case, to push, you need to use a personal access token. While Git asks you generally for a username and password, GitHub doesn't permit the use of your actual login password here. You must go to the token page and create a personal access token that has at least the repo scope. Then, when you're prompted for your password, paste the token in instead of entering your password (note that nothing will be echoed to the screen, including asterisks).
GitHub requires this for several reasons. First, passwords are generally of poor quality, whereas GitHub's tokens contain at least 128 bits of entropy and are effectively unguessable. Second, tokens can be restricted to have access to only some repositories or some functionalities, whereas having your password allows the attacker to log in and do anything. Third, tokens can be rotated or deleted if they're compromised, which is much easier than forcing the user to change their password. And finally, tokens typically have a special fixed form that makes it obvious when they're leaked, so if a token is leaked, it can be automatically revoked.
I try to force push and get the login script, enter my username and password, and even though they are correct, I get "Invalid Password" error.
It doesn't seem like I need to do any terminal stuff with it, since it seems like a simple login and I do not yet have any SSH keys associated with the account.
Does the two-factor auth mess it up? Just trying to make things work and as I type this I HAVE been checking the questions that pop up and none are of the same issue.
Does the two-factor auth mess it up?
Possibly: with 2FA, you need to generate a PAT (Personal Access Token) and use that token as your password.
Can GitHub personal access tokens be set to single use only?
I'm reading the GitHub Personal Access Token setup guide. It appears that I create a 'token' to eliminate the need for my 2FA code when using GitHub from the command line.
I want this token to either expire after I use it, or I want the ability to delete it permanently somehow after I use it. Is this possible? Otherwise it seems to defeat the purpose of 2FA because if somebody got my token they could get into my GitHub without 2FA.
There are two options to Delete a single token or Revoke All tokens in Github.
Maybe I am stupid or something.
But I have not been able to make the Box API work for me.
I cannot even get the authorization code and the refresh token etc.
I had wanted to write an automated powershell script that would upload to box twice a day from my server, without requiring the user being signed in for box sync.
I cant use the developer token all the time since it only works manually for 60 mins, and cannot be refreshed.
I try to follow the instructions and try to get the url with the id and token data etc that you are supposed to get after hitting "GRANT ACCESS" to the app. but that takes me directly to my folders.
What can I do here?
found my issue
I had to make sure the redirect uri was https:\\localhost and then copy the authorization code from there and proceed to use the API without the developer token
I can retrieve my App users information using access token just after the user accepted my App, and I have stored the access token into my database.
However, when I want to update the information later, the access token become invalid and Facebook returned "message": "Error validating application.". It's quite interesting that only some of my users have this problem.
I have already set "offline_access" into the permission dialog, so the token should not expire. Also, I'm sure that the users have neither changed password nor removed App.
So, will the token become invalid sometimes even with "offline_access" set?
I had this problem and found it was due to coding error. The variable I used to hold the token was being garbage collected. It didn't always happen at the same point in time so it was a bit confusing.
So, my suggestion is, make sure the variable holding the token is a class varible.