-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create/Revoke Personal Access Tokens #2531
Comments
This comment has been minimized.
This comment has been minimized.
Currently there's no API for revoking tokens and it's expected that users will manage this themselves. This is really frustrating for any organization, we obviously can't rely on users to open up their browsers and check which tokens to revoke, we need to build this into scripts. The ability to revoke tokens would really help a lot. |
Any updates on a projected timeline for this addition? Thanks! |
Was just setting up a new work environment and was surprised to find that the
|
Even if the token couldn't be created through the CLI due to missing API's/etc at the moment, having a command that even directs us to do so in the web UI in the meantime would aid in discovery/etc. Particularly given the URL can be guided with url params (unsure if there are others besides
|
@0xdevalias The |
Ah, nice. I thought i'd seen that done, but couldn't remember the specifics for it. |
This comment was marked as spam.
This comment was marked as spam.
For anyone who doesn't want to wait until this gets an official API and implementation, here is a 3rd party CLI tool and Python library to create, list and delete fine-grained tokens (which are a bit different from classic personal access tokens, but if anyone wants, I can probably write a similar thing for the classic ones...): https://smheidrich.gitlab.io/github-fine-grained-token-client/ This is achieved by simulating the requests that would be triggered by a user clicking through the web interface. Obviously this approach can't be very stable because the web interface is subject to change without warning, so I'd strongly recommend against using this for anything critical. Intended usage is to just run this locally to make creating tokens less annoying, a bit faster and scriptable. |
@samcoe @williammartin: I think this issue might need to be closed due to the limitations of GitHub APIs around PATs and uncertainty when such APIs will materialize. GitHub has heard feedback around this area, however I haven't seen anything on the GitHub public roadmap to set reasonable expectations for this. Though tools like those mentioned #2531 (comment) are plausible, I don't recommend we implement something out of band of official GitHub APIs. My recommendation for this issue is that we close it until there's a better GitHub API story around token management. Thoughts? |
Personally I don't close issues just because of a lack of upstream support; as that tends to have the effect of hiding the demand/interest/etc among the noise. I would usually add a 'blocked by upstream' type tag to signal it's not something that can be actively worked on, then leave it open. /2c |
@andyfeller I would agree with @0xdevalias with marking it |
How can we surface this issue? it doesn't make sense to leave it behind for 3 years |
@ydekel6 : I can assure you that this has been raised to Engineering and Product. I don't think there is much else the GitHub CLI team can do independently as there are broader API and security design issues that go beyond our team. My advice is for you to engage the broader GitHub community through one of the 🔄API and Webhooks discussions that have touched on this. This is the best place for you to engage directly with the Engineering and Product hubbers around our APIs. |
Additional commentary. The ability. for Enterprise customers, to generate tokens on behalf of a user account could be beneficial. Especially in an environment where service accounts (bots) are used to setup integrations and PATs are required but enabling 2FA on the EMU platform would effectively disable those accounts from creating their own PAT by the respective owning team. |
I too deeply need an API for issuing and revoking PATs. |
+1 |
Describe the feature or problem you’d like to solve
I would like to be able to create and revoke personal access tokens from the CLI
Proposed solution
Calling
gh token create
will create a new token and output the token valueCalling
gh token revoke
will revoke the token passed inThe text was updated successfully, but these errors were encountered: