I have an auth-related question and I just need a recommendation on what would be the best approach.
So, to explain it as simply as possible…
Let’s say I want to create a small CLI tool for users, which creates a new repo for them and pushes some files into it (for example - some of the files are actually GH Actions Workflows). So, essentially, it setups the repository and that’s it.
I’m aware that I could ask the user to create an access token with proper permissions assigned and give it to the CLI tool, but that doesn’t sound too user-friendly, and I feel there should be a better way to do it. Maybe I should just ask the user to type in his login credentials, and use
Basic auth? It’s only a one-time thing, so, in terms of security, maybe it’s not that big of a deal.
Anyways, if anybody could just provide a high-level idea, that’d make my day easier
I know about the existence of GitHub Apps / GitHub OAuth Apps, but never used these, so I don’t know if these are adequate for the scenario I have here. Would maybe using one of the two be a good approach?
Stumbled upon this (basic auth no longer supported, so I guess that’s out of the question):
From the link:
You must now authenticate to the GitHub API with an API token, such as an OAuth access token, GitHub App installation access token, or personal access token, depending on what you need to do with the token.