Skip to content

Instantly share code, notes, and snippets.

@moisoto

moisoto/macOS_GitHub_Using_Token_Authentication.md

Last active August 17, 2021 01:14
Show Gist options
  • Save moisoto/84e53bb69b680c438b96e33a96af2ad4 to your computer and use it in GitHub Desktop.
Save moisoto/84e53bb69b680c438b96e33a96af2ad4 to your computer and use it in GitHub Desktop.
Download ZIP
macOS / GitHub - Using Token Authentication
Raw
macOS_GitHub_Using_Token_Authentication.md

GitHub - Using Token Authentication

Since August 13, 2021 GitHub is no longer allowing users to access repositories with username/password authentication. This will affect users accesing github repositories from command line clients.

You will need to create a Personal Access Token (PAT) if you wish to continue accessing your repositories from the command line.

Instructions for how to create a PAT can be found on GitHub. It's a simple process and at the time of this writing it consists on going to your profile's Developer Settings at Your Github profile -> Settings -> Developer Settings (click on your profile picture to find the link to Your GitHub profile).

When creating yor access token for accessing your repositories it is better if you set an expiration date*.

After you generate your new PAT you will use your username as usual, but instead of the password you will use your new access token. However, if you are using macOS, you might wonder how can you tell git to stop using your old credentials when trying to clone repositories or add remotes.

As detailed here, you will need to run the following command and enter the specified text, then hit the <return> key:

$ git credential-osxkeychain erase
host=github.com
protocol=https
> [Press Return]

After you do this you will be asked your credentials the next time you try to do an operation against a GitHub repository.



* Some security tips:

  • Don't ever use personal access tokens without an expiration date.
  • You may even set it to 6-months or a year in the future to avoid the inconvenience of doing this a lot, but this is much better than not setting an expiration.
  • Also, don't write down your token. Create a new one every time you need to access GitHub from any other client.
  • Finally, if you are reading this, it means you don't have 2-factor authentication setup on your account. It is highly recommended that you setup 2-factor authentication on your account to prevent unauthorized access, otherwise all the trouble of usings PATs and setting expiration dates, and not writting your passwords might be of little value since your actual main credentials are not properly protected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment