Home > Back-end >  X-access-token vs a-githib-access-token (username vs password)
X-access-token vs a-githib-access-token (username vs password)

Time:03-25

I'm not sure what the difference is between the x-access-token and a-github-access-token?

I assume the password is generated from "Personal access tokens" in Developer Options in GitHub. But, what/where is the token for my username? (These are setting up credentials to read from a repo)

  [{
    "type" => "git_source",
    "host" => "github.com",
    "username" => "x-access-token",
    "password" => "a-github-access-token"
  }]

CodePudding user response:

When you use a GitHub personal access token for Git access, the token itself is sufficient to identify the user and the access granted. A separate username is not needed, and is ignored. (I can provide the username as x-access-token, token, torvalds, or anything else.)

GitHub allows you to use the token as either the username or the password in Git authentication. I recommend that you always store the token as the password, since generally tooling is much better about obscuring or not printing things it thinks are passwords and usually usernames are not considered sensitive. Therefore, it is less likely you will accidentally leak the token in logs or elsewhere if you store it as the password.

For the username, you can use x-access-token if you like, or the username if you prefer that (or, as I said, almost anything at all). The advantage of specifying the actual username of the owner of the PAT is that if you need to find out later whose PAT it is, it makes your life a lot easier if you recorded that fact. However, as I mentioned, it can be anything you like, and different people prefer different things.

  • Related