Code of Conduct
What article on docs.github.com is affected?
Lists personal access tokens for all users
What part(s) of the article would you like to see updated?
The example (below) shows a full token value:
[
{
"id": 2,
"url": "https://enterprise.octocat.com/api/v3/authorizations/2",
"app": {
"name": "My personal access token",
"url": "https://docs.github.com/enterprise/rest/reference/enterprise-admin#list-personal-access-tokens",
"client_id": "00000000000000000000"
},
"token": "ghp_16C7e42F292c6912E7710c838347Ae178B4a",
"hashed_token": "23cffb2fab1b0a62747863eba88cb9327e561f2f7a0c8661c0d9b83146cb8d45",
"token_last_eight": "Ae178B4a",
"note": "My personal access token",
"note_url": null,
"created_at": "2019-04-24T21:49:02Z",
"updated_at": "2019-04-24T21:49:02Z",
"scopes": [
"admin:business",
"admin:gpg_key",
"admin:org",
"admin:org_hook",
"admin:pre_receive_hook",
"admin:public_key",
"admin:repo_hook",
"delete_repo",
"gist",
"notifications",
"repo",
"user",
"write:discussion"
],
"fingerprint": null
}
]
But in the actual call, no token value should return. It should show:
This is misleading because it lead developers/admins into thinking they can get the tokens of users, which they can't (and shouldn't) be able to do.
And, I think we should add a comment here that specifically states that the token value is not included in the result, but that hashed token value, token_id, and last 8 digits of the token are included.
Additional information
No response
Code of Conduct
What article on docs.github.com is affected?
Lists personal access tokens for all users
What part(s) of the article would you like to see updated?
The example (below) shows a full
tokenvalue:But in the actual call, no token value should return. It should show:
This is misleading because it lead developers/admins into thinking they can get the tokens of users, which they can't (and shouldn't) be able to do.
And, I think we should add a comment here that specifically states that the token value is not included in the result, but that hashed token value, token_id, and last 8 digits of the token are included.
Additional information
No response