Auth Question - a CLI tool that creates a repo and some files in it

Hello everybody!

I have an auth-related question and I just need a recommendation on what would be the best approach.

So, to explain it as simply as possible…

Let’s say I want to create a small CLI tool for users, which creates a new repo for them and pushes some files into it (for example - some of the files are actually GH Actions Workflows). So, essentially, it setups the repository and that’s it.

If I wanted to achieve this, the GH (JavaScript) client must, obviously, be authenticated.

So the question is - what do you think… what would be the best way to perform authentication, in terms of user experience?

I’m aware that I could ask the user to create an access token with proper permissions assigned and give it to the CLI tool, but that doesn’t sound too user-friendly, and I feel there should be a better way to do it. Maybe I should just ask the user to type in his login credentials, and use Basic auth? It’s only a one-time thing, so, in terms of security, maybe it’s not that big of a deal. :thinking:

Anyways, if anybody could just provide a high-level idea, that’d make my day easier :slight_smile:

I know about the existence of GitHub Apps / GitHub OAuth Apps, but never used these, so I don’t know if these are adequate for the scenario I have here. Would maybe using one of the two be a good approach?


Stumbled upon this (basic auth no longer supported, so I guess that’s out of the question):

From the link:

You must now authenticate to the GitHub API with an API token, such as an OAuth access token, GitHub App installation access token, or personal access token, depending on what you need to do with the token.

Ultimately, I went with personal access tokens.

What made it a lot easier was the fact that you can, via URL, immediately set needed permissions for user, e.g.

That’s what made this whole process a lot easier so I decided to go with that.