Allowing user to download a private repo package with an API-generated access token possible?

Hey!

I’m trying to allow users the access to a private repo package published to GitHub packages without having actual access to the repo itself. They should just be able to download the package.

I’m thinking of something like this:

  1. User authenticates with GitHub (Firebase)
  2. Within the app, he can generate a token for later access (possible with the GH API?)
  3. This token needs to be added in the .npmrc file
  4. The package with the specified scope can now be installed

It’s pretty much like FontAwesome describes it here: Font Awesome

Does this work with GH packages or do I need to use something like Verdaccio?