Why Personal Access Token? How to generate it in Github ?


👤 Diwas Poudel    🕒 May 31 2022    📁 Fix    📜 0 comment

If you are using GitHub and try to access a private repository to perform git operations like cloning, pushing, pull request, fork repository, etc with your git username and password using GIT CLI you might be getting errors like "Support for password authentication was removed. Please use a personal access token". This error is because Github from August 13, 2021, no longer accepts Password-based authentication. Github provides a more secure alternative to it and ie. PATs(Personal Access Tokens). And this may frustrate you at first. But do not worry I will explain to you why this new authentication technique is used. What is the process to resolve it?

github-pat-error
fig. Personal Access Token 

PATs

PATs stand for Personal Authentication Tokens. It is a long string of characters that are not human-readable and are used for authenticating a  user when accessing a resource server(Github) instead of old user password-based authentication.

Advantages of Using PAT over password authentication

Some of the common advantages of PAT are:

1 Performance: The authentication Process is fast from Github because tokens are just simple hash which is more efficient than heavy encryption/unencrypted used in password-based authentication. so Performance and CPU resources are saved.

2 Unique: Tokens are Github-specific and can be generated per use or per device.

3 Revokable: Tokens can revoke access to each one at any time.

4 Secure: Tokens are random strings of characters that cannot be attacked by brute force attacks which were possible in Password-based authentication. So, token-based is less hackable than a password.

5 Quantity: In PATs, any number of access tokens can be created. But only one user and password can be created.

So nowadays GitHub suggest using a Token or (SSH key) for git authentication 

Note that: PAT only works with HTTPS, not for SSH authentication.

How to Generate Personal Access Tokens (PATs)?

You don't have token auto-generated by Github. You have to generate it.

Note that this method works with every operating system including windows, mac, and Linux.

These are the step for generating tokens in Github.

1 . log in to your GitHub account

2.  Click on the profile icon located at the top right corner.

3.  Select "Settings" from the dropdown.

github-setting

4. On the right side, click on "Developer settings".

developer-setting

5. Next click on "Personal access tokens".

6. Click on "Generate new token"

personal-access-token-generate

7. Under the notes field, give the name for the token.

8. Change the Expiration day of the token. By default, the token will be valid for 1 year.

9. Next select the scope you want.

note expiration date and scopes

You can create full control over what the user can do to the repository with this token. Here, I am giving full control over the private repository by checking on the repo. Now you can also call git operation from the command line.

10. Click on the "Generate token" button

generate-token-button

This will generate a random token as shown below.

11. Copy that token.

Do not forget to copy that token and keep it safe because it cannot be accessible later on from Github. If you lost then you are forced to regenerate a new one to perform git operations.

12. Then you can use that token to authenticate the user with a remote server.

You can use a token as a password for accessing git as follow:

$ git clone https://github.com/username/repo.git
Username: your_username
Password: your_PAT_token(Github)

From now if you try to push changes,clone the projects, and pull the changes you do not have to type your username and password every time. You can just use git push, git pull etc.

How to remote add origin using Token?

We can remote add origin using PAT token but for this, we have to change remote your remote authentication.

First of all, remove the current origin with follow command in git bash or command line.

git remote remove origin

git remote remove does nothing but it just removes all references to the remote repository ie. it removes the entries about the remote repository from the git config file. Here, in the example, reference remote origin now no longer points to the remote repository because the above command removes entries from the git/config file.

Note this above action does not remove the remote repository from the remote git server.

Then use the below command

git remote add origin https://<TOKEN>@github.com/<USERNAME>/<REPONAME>.git

How to set or increase/decrease the expiration date of PAT in Github?

You can easily set and increase/decrease the expiration date of the token. For this just go to your profile >Settings > Developer Settings > Personal Access Tokens. Then under the Expiration dropdown, select your desired expiration date.

You can clearly see by default token lifetime is 30 days. You can decrease it to 7 days. Also, you create PAT with no expiration, for this, you have to select No expiration from the dropdown.

Note that selecting no expiration is not recommended option by Github. Also, long-life tokens can create security implications as they are leaked so it's better to keep a lifetime of tokens to be short.

FAQ:

How to push with token authentication?

We can use below one line for this:

git push https://<token>@github.com/<username>/<reponame>.git

Setting PAT Based on Various Machine 

You can set your PAT Token which is based on Machine.

Setting PAT on Windows OS

The steps are as follows:

1. Goto search and type 'credential' then you will get Credential Manager from the list click on it.

credential manager
fig. Credential Manager

2  You will see Web Credential and Windows Credentials. Click on Windows Credentials

3 Then in the list of Credentials search for git:https://github.com. Click on it 

Change Github password with PAT
fig. Change Github password with PAT

4 Next click on Edit and then paste your generate PAT in the password field.

pat-token-in-edit-generic-credential
fig. Edit Generic Credential for github.com

5 Click on the Save button.

In the process, if you do not find git:https://github.com Then we have to add a generic credential. So, just click on add generic credential label. Then just provide:

Internet or network address: git:https://github.com
User name : <username>
Password: <pat_token_here>.

Setting PAT in mac OS

You will need to make changes to the credentials that you have previously saved in the git-credential-osxkeychain helper.Steps are as follows:

1 Simply select the Spotlight icon located on the right-hand side of the menu bar.

2 type "Keychain access" and press Enter button. This will launch the app.

3 In the Keychain Acces, Look for github.com.

4 Find the entry labelled "internet password" for github.com.

5 Edit or delete the entry as needed. Then you are done.

source