I am unable to push to git after generating a new personal access token. I've looked around at similar questions but think that I may have a more fundamental misunderstanding of how this works.
I got an email saying passwords were being phased out, so I generate a token and could no longer push a repo I've been working on using my password. From the instructions it looked like I can use the token just like a password, but to no avail. This is what the error looks like:
where I have pasted my token when prompted for password. (I've blacked out my username.) I am on Windows 10 and having checked my credentials manager do not appear to have credentials stored for github at the moment.
My questions are:
Ideas for immediate convenient fixes? I was seeing some suggestions about setting the remote-url, but a little concerned about doing this for every repo I have. I'd like to change my workflow minimally, if possible.
I'm probably grossly misunderstanding the point of the token. What is the "correct" way to set up a workflow to github? (Including maybe big changes that might take me a weekend to set up correctly, in a few weeks from now, say.) Am I supposed to set up a 2FA? (Will this change my web login at all?) Why is this more secure than a password? I've currently not setup SSH or anything else, really.
I followed a similar workflow, generating a new token (in github.com/settings/tokens), and using it as password without issues.
I just made sure:
its scope included repo, workflow, gist and user. (you can update those scopes without regenerating the token)
its expiration date was either not set, or set to a date far enough to allow me to test/use it.
The resulting token should start with ghp_
ghp_DUvWjre....(ghp_ followed by 36 alphanumerical chars)
The OP Tommy Tang confirms in the comments:
I didn't find a previous credential, so I just added a generic credential on the manager, and it works.
https://mycyberuniverse.com/how-fix-fatal-authentication-failed-for-https-github-com.html
After generating a new Personal Access Token, under 'Select Scopes', click on 'repo', then hit 'Generate new token'. This will give you a token which can be used to push code from the command line.
Related
I have a website that displays records from a database. I have set up a feedback form so if someone spots a mistake in a record, they can report it so it can be set right. I use a Github Personal Access Token (PAT) to create a Github issue when the form is submitted, and then the appropriate team member is notified. It all works fine, but my questions:
This is potentially opening up the possibility of spam issues being created. How can I catch that? I have also set up a question-answer barrier before the user can submit the form (to determine it is not a robot trying to create fake issues) but, of course, this is not fool-proof.
The PATs seem to expire after a certain period of time. Is there a way to generate a PAT that lasts a long time?
Any other gotchas I should be aware of before I unroll this to public users?
The PATs seem to expire after a certain period of time. Is there a way to generate a PAT that lasts a long time?
As documented, a PAT only expires if you selected an expiration period at its creation:
For creating issues, make sure you have selected only the scope public_repo or repo permission on your Personal Access Token.
public_repo will only grant the ability to manipulate public repositories.
repo will grant the ability to manipulate all repositories you have access to.
Note sure about issue spam, except for reporting those when you see them.
Other than emailing everyone and asking them (and hoping they respond), how do I get a list of which of my organization's members have created personal access tokens?
My immediate use for this is a rather sad one: Github only supports API tokens with write access bound to users. In years past, some people have created automatic processes using their private access token; this happens in early-stage startups. Occasionally we have the problem of people leaving under suboptimal conditions, so to speak, and of course when their credentials get revoked, something breaks.
I don't believe GitHub provides this information, so you'll have to email and ask.
However, because GitHub is deprecating password authentication for Git, almost every user will have a PAT. Even before this, they were required for everyone with 2FA using HTTPS, and because many organizations require 2FA, that practically means everyone will have them unless they're using SSH exclusively. So the answer this question doesn't really tell you anything related to your intended goal, since the likely answer is “everyone.”
What I would do in this case is create a bot or machine account with its own email address tied to your company's domain, and then rotate tokens individually using that account. If you need to keep track of which ones are rotated and which aren't, hash the ones you've issued with the machine account with SHA-256 and store them in a list. If the hashed token is in the list, then it's been rotated; otherwise, it hasn't.
This is basically the same question as How to get an access token without Box’s authorization page. I see that the Python package mentioned at the end (box.py) is no longer maintained because of support issues with Box. I suspect the solutions given might no longer work.
I'm just getting started with boxsdk and I want a way to periodically list the contents of my folder without requiring user interaction. This looks like the answer but it also seems very odd that a Developer Token, which is temporary, could be used for long-term queries like this.
I'm trying to work through boxsdk to see how I can implement the solution provided in 2014 but it would sure help to know whether or not it's still possible.
I just stumbled across this:
Introducing Developer Tokens
"There is no refresh token paired with the token"
That's from February 18, 2014.
I've been trying to use Google's OAuth for authentication on a Catalyst app. I've tried using CatalystX::OAuth2 and Catalyst::Authentication::Credential::OAuth but it seems I get stuck on configuration.
I'd like to get it working on Google and then proceed to Facebook
Any good advice out there? I've googled to death, but there doesn't seem to be a lot out there.
I realise this question is almost 2 years old but just in case it helps anyone else, here is some information obtained from a couple of weeks of testing and debugging. I've also published a test oauth2 client project using CatalystX::OAuth2 at https://github.com/simonamor/oauth2-client - it sort of works with Google although I've not done anything with the token yet such as fetching user profile information and the 'protected' page is broken currently. It might be enough to point you in the right direction though.
There seemed to be a problem with CatalystX::OAuth2 in that it didn't send a scope value, nor could I find a way to make it send one and yet Google's API requires one. Not all providers have this requirement so work ok. Having made a slight alteration to a local copy of CatalystX::OAuth2, I managed to get it to authenticate via Google. The (minor) changes are in a fork of this module, also in my github account.
Visit the Google developers console and create the OAuth2 credentials to use. You'll need them below.
To my oauth2client.yml (from the github project referenced above) I added the following:
Plugin::Authentication:
default:
credential:
grant_uri: [provided by google, ends]/o/oauth2/v2/auth
token_uri: [provided by google, ends]/oauth2/v4/token
client_id: [issued by google]
client_secret: [issued by google]
scope: [provided by google, ends]/auth/userinfo.profile
I don't have a reputation high enough to post more than two links so apologies for missing out parts of the urls above!
This was the only real configuration I needed to setup. By modifying the credential settings I've also used it successfully with dropbox.com as well.
I'm still working on the OAuth2 server side of things and those are the default config within the project which is why you need to add an extra section for Google.
if you provided some info, like where you are stuck and why, I might be able to help.
The cpan has an example config. If you are not using a config file, you can also add it in your Catalyst app, though I would recommend using a config file, there just paste in the example with the data you need specifically.
Using this link I can see that my (tonylampada) id on github is 218821
https://api.github.com/users/tonylampada
How could I do the opposite? Given the user id = 218821, what's the username?
Update
Answering nulltoken here because it's a long story and it won't fit in a comment.
FreedomSponsors is a django application that uses django-social-auth to enable login with Github (and others).
(You should check it out, btw, please see the about page in the blog :-)
Django-social-auth has a configuration flag that allows the application to store the github username on the database.
A few days ago I deployed a new version of FS with github login enabled, but with "storeGithubUsername" set to false.
A few users registered their github accounts, and now the database has their github ids, but not their usernames.
You can se in my profile that I have github as a "connected account" but there's no link to my github page.
I need it to make the link point to https://github.com/tonylampada
I'm ready to deploy a new version that fixes this, by setting the "storeGithubUsername" (that's not what it is called, I'm just simplifying here) to true.
But I'd like to patch the database with the already github-registered users. I have their github ids, but not their github usernames.
We need to do this on Gitter to deal with the situation where a user has changed their username on GitHub and we get a 404 response when querying their old username.
Here's an undocumented endpoint, so use as your own peril, but it does work for now.
Use the endpoint: https://api.github.com/user/:id, where :id is the ID of the user.
Similar endpoints exist for repos and orgs, at
https://api.github.com/repositories/:id and https://api.github.com/organizations/:id respectively.
Note that the new repository redirects preview API only supports repositories, not renamed users or organizations. In fact, the HTTP 301 redirect actually points to https://api.github.com/repositories/:id, so there's a good chance that these "ID" endpoints may in fact become official soon.
There's no documented feature, nor undocumented ones that I know of, that expose the retrieval of the username from the id. From the GitHub API consumer perspective, the user id is an "implementation detail". The real key is the username.
From what I understand, you only require a batch of usernames given a list of ids. And this would be a one time only request, not a permanent need.
As your request seems legit and limited in its scope, you might get this answer directly from GitHub support by dropping them an email at support#github.com.
Indeed, xpaulbettsx, a GitHubber, even tweeted about this:
Support# is good for Anything you want to tell GitHub - bugs, features, high 5s; everything but security which go to security#
By the time I answer this question, the method that works is:
https://api.github.com/user/USER_ID
Remark: It is similar to what Andrew shared in 2015; you just have to remove the colon in the URL he shared.