Why Personal Access Token? How to generate it in Github ?


👤 Diwas Poudel    🕒 03 Oct 2022    📁 TECH

If you are using GitHub and try to access a private repository to perform git operations like cloning, pushing, pull request, fork repository, etc with your git username and password using GIT CLI you might be getting errors like "Support for password authentication was removed. Please use a personal access token". This error is because Github from August 13, 2021, no longer accepts Password-based authentication.

GitHub provides a more secure alternative to it and ie. PATs(Personal Access Tokens). And this may frustrate you at first. But do not worry I will explain to you why this new authentication technique is used. What is the process to resolve it?

github-pat-error
fig. Personal Access Token 

PATs

PATs stand for Personal Authentication Tokens. It is a long string of characters that are not human-readable and are used for authenticating a  user when accessing a resource server(Github) instead of old user password-based authentication.

Advantages of Using PAT over password authentication

Some of the common advantages of PAT are:

1 Performance: Tokens on Github are merely a basic hash, which is more efficient than the heavy encryption/unencryption that is needed in password-based authentication. This allows the authentication process on Github to be completed quickly. in order to preserve both performance and CPU resources.

2 Unique: Tokens are Github-specific and can be generated per use or per device.

3 Revokable: Tokens can revoke access to each one at any time.

4 Secure: Tokens are strings of characters that are generated at random and are immune to brute force assaults, which are able to be launched against password-based authentication systems. Therefore, a token-based system is more secure than one that relies on a password.

5 Quantity: In PATs, any number of access tokens can be created. But only one user and password can be created.

So nowadays GitHub suggests using a Token or (SSH key) for git authentication 

Note that: PAT only works with HTTPS, not for SSH authentication.

Now we will discuss, how to generate a PAT token, and use the Token. Stick with us.

How to Generate Personal Access Tokens (PATs)?

You don't have token auto-generated by Github. You have to generate it.

Note that this method works with every operating system including windows, mac, and Linux.

These are the step for generating tokens in Github.

1 . log in to your GitHub account

2.  Click on the profile icon located at the top right corner.

3.  Select "Settings" from the dropdown.

github-setting

4. On the right side, click on "Developer settings".

developer-setting

5. Next click on "Personal access tokens".

6. Click on "Generate new token"

personal-access-token-generate

7. Under the notes field, give the name of the token.

8. Change the Expiration day of the token. By default, the token will be valid for 1 year.

9. Next select the scope you want.

note expiration date and scopes

You can create full control over what the user can do to the repository with this token. Here, I am giving full control over the private repository by checking on the repo. Now you can also call git operation from the command line.

10. Click on the "Generate token" button

generate-token-button

This will generate a random token as shown below.

11. Copy that token.

Do not forget to copy that token and keep it safe because it cannot be accessible later on from Github. If you lost then you are forced to regenerate a new one to perform git operations.

12. Then you can use that token to authenticate the user with a remote server.

You can use a token as a password for accessing git as follow:

$ git clone https://github.com/username/repo.git
Username: your_username
Password: your_PAT_token(Github)

From now if you try to push changes, clone the projects, and pull the changes you do not have to type your username and password every time. You can just use git push, git pull, etc.

Also read: What is the .vs folder in visual studio? Can I delete it?

How to remote add origin using Token?

We can remote add origin using PAT token but for this, we have to change remote your remote authentication.

First of all, remove the current origin with follow command in git bash or command line.

git remote remove origin

git remote remove does nothing but it just removes all references to the remote repository ie. it removes the entries about the remote repository from the git config file. Here, in the example, reference remote origin now no longer points to the remote repository because the above command removes entries from the git/config file.

Note this above action does not remove the remote repository from the remote git server.

How to use the PAT token?

After you have removed the origin by the above steps you can again add the origin with a token as shown below.

git remote add origin https://<TOKEN>@github.com/<USERNAME>/<REPONAME>.git

How to set or increase/decrease the expiration date of PAT in Github?

You can easily set and increase/decrease the expiration date of the token. For this just go to your profile >Settings > Developer Settings > Personal Access Tokens. Then under the Expiration dropdown, select your desired expiration date.

You can clearly see by default token lifetime is 30 days. You can decrease it to 7 days. Also, you create PAT with no expiration, for this, you have to select No expiration from the dropdown.

Note that selecting no expiration is not recommended option by Github. Also, long-life tokens can create security implications as they are leaked so it's better to keep a lifetime of tokens to be short.

FAQ:

How to push with token authentication?

We can use below one line for this:

git push https://<token>@github.com/<username>/<reponame>.git

Setting PAT Based on Various Machine 

You can set your PAT Token which is based on Machine.

Setting PAT on Windows OS

The steps are as follows:

1. Goto search and type 'credential' then you will get Credential Manager from the list click on it.

credential manager
fig. Credential Manager

2  You will see Web Credential and Windows Credentials. Click on Windows Credentials

3 Then in the list of Credentials search for git:https://github.com. Click on it 

Change Github password with PAT
fig. Change Github password with PAT

4 Next click on Edit and then paste your generate PAT in the password field.

pat-token-in-edit-generic-credential
fig. Edit Generic Credential for github.com

5 Click on the Save button.

In the process, if you do not find git:https://github.com Then we have to add a generic credential. So, just click on add generic credential label. Then just provide:

Internet or network address: git:https://github.com
User name : <username>
Password: <pat_token_here>.

Also read: Language Translator in Computer and its Types?

Setting PAT in mac OS

You will need to make changes to the credentials that you have previously saved in the git-credential-osxkeychain helper. The steps are as follows:

1 Simply select the Spotlight icon located on the right-hand side of the menu bar.

2 type "Keychain Access" and press Enter button. This will launch the app.

3 In the Keychain Acces, Look for github.com.

4 Find the entry labeled "internet password" for github.com.

5 Edit or delete the entry as needed. Then you are done.

source

Setting PAT in Linux

For Setting PAT permanently in Linux you have to apply the following steps:

Type this in command and press Enter

git config credential.helper store

Next time when you are accessing Github for any push, pull, or operation, it will prompt you for a GitHub username and token, then enter the token you have generated in the token field then the information will be stored permanently in a .git-credentials file located in your home folder. Take into account, however, that the security of this file cannot be guaranteed as they are in unencrypted form. If you want that to be guaranteed then use SSH instead of PAT. To know about SSH click here.