Open Source SoftwareTutorials

GitHub Deprecation Notice: Switching from password to token authentication

When pushing commits to a GitHub repository (or pulling from a private repo), the git command usually asks for authentication. In the past years this has always been the same credentials as if you would log in on GitHub (the website) itself.

But nowadays, the following e-mail will be sent to users after using the classical user/password credentials:

Hi @Napsty,
You recently used a password to access the repository at Napsty/check_smart with git using git/2.25.1.
Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.
Thanks,
The GitHub Team

How to create a GitHub token

Login on GitHub using your username and password.

GitHub Login

At the top right corner of the website, click on your profile icon and from the appearing menu select Settings.

GitHub Settings

A page with a left menu will appear. Scroll down until you find Developer settings and click on it. As of this writing, there are three menu options in the developer settings: GitHub Apps, OAuth Apps and Personal access tokens. Click on Personal access tokens, then on Generate new token button.

GitHub Personal Access Tokens

Now the overwhelming "scopes" (permissions) are showing up. If you simply want to pull/push code into repositories, the first section "repo" should be enough.

GitHub token scopes

Scroll down and then click on the "Generate token" button. Your token should now show up. Make sure to copy and save this token in a safe place (such as a Password Manager) – the token won't be shown anymore after this.

GitHub token

This is stupid, I can't remember such a long password!

Now you can start working with git again and instead of using your password, simply use your token.

$ git push origin master
Username for 'https://github.com': Napsty
Password for 'https://Napsty@github.com': ***token***
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 12 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 890 bytes | 890.00 KiB/s, done.
Total 4 (delta 1), reused 0 (delta 0)
remote: Resolving deltas: 100% (1/1), completed with 1 local object.
To https://github.com/Napsty/scripts.git
   c3f0237..29fc50a  master -> master

But of course, remembering the token is nearly impossible and copy/pasting it from a password manager for each git push makes you go bananas. If only git were able to remember the login credentials… And this exists!

Using the credential helper to remember the token (for a while)

Starting with Git version 1.7.10, the git config sub command supports a global option called credential.helper which remembers entered credentials – whether using password or token doesn't matter.

Simply launch the following command:

$ git config --global credential.helper 'cache --timeout=86400'

Here a cache timeout of 86400 (seconds) was defined. Meaning: The credential.helper should cache the git credentials for one full day.

At the next push or pull from a private repo, the credentials are asked once again:

$ git pull
Username for 'https://github.com': Napsty
Password for 'https://Napsty@github.com': ***token***
Already up to date.

This is the moment where the credential helper kicks in in the background and caches the credentials. From now on, pushes and pulls from private repositories won't ask for credentials anymore:

$ git pull
Already up to date.

Update: Support for password authentication was removed on August 13, 2021

So now it happened: GitHub has removed the password authentication and only tokens are now allowed to be used. The following error message shows now up in the git cli:

$ git pull
Username for 'https://github.com': Napsty
Password for 'https://Napsty@github.com': 
remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access 'https://github.com/example/repo.git/': The requested URL returned error: 403
Claudio Kuenzler
Claudio has been writing way over 1000 articles on his own blog since 2008 already. He is fascinated by technology, especially Open Source Software. As a Senior Systems Engineer he has seen and solved a lot of problems - and writes about them.

Comments are closed.