https://kylemdouglass.com/enContents © 2024 <a href="mailto:kyle.m.douglass@gmail.com">Kyle M. Douglass</a> <a rel="license" href="https://creativecommons.org/licenses/by-nc-sa/4.0/"> <img alt="Creative Commons License BY-NC-SA" style="border-width:0; margin-bottom:12px;" src="https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png"></a>Fri, 04 Oct 2024 12:52:24 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rsshttps://kylemdouglass.com/posts/github-cli-authorization-with-a-fine-grained-access-token/Kyle M. Douglass<p>It is a good idea to use fine-grained access tokens for shared PCs in the lab that require access to private GitHub repos so that you can restrict the scope of their use to specific repositories and not use your own personal SSH keys on the shared machines. I am experimenting with the GitHub command line tool <code>gh</code> to authenticate with GitHub using fine-grained access tokens and make common remote operations on repos easier.</p> <p>Today I encountered a subtle problem in the <code>gh</code> authentication process. If you set the protocol to <code>ssh</code> during login, then you will not have access to the repos that you granted permissions to in the fine-grained access token. This can lead to a lot of head scratching because it's not at all clear which permissions map to which git operations. In other words, what you think is a specific permissions error with the token is actually an authentication error.</p> <p>To avoid the problem, be sure to specify <code>https</code> and not <code>ssh</code> as the protocol during authentication:</p> <div class="code"><pre class="code literal-block"><span class="go"> echo "$ACCESS_TOKEN" | gh auth login -p https --with-token</span> </pre></div>githubhttps://kylemdouglass.com/posts/github-cli-authorization-with-a-fine-grained-access-token/Fri, 04 Oct 2024 12:18:48 GMT