Authentication From a Shell Script

I am currently using the deprecated Authorizations API within a shell script to automatically create an access token and need guidance on how to port it to the new authentication mechanism.

My current workflow is as follows:

  1. User launches the script.
  2. The script looks for an access token which was previously saved to a local file.
  3. If there is no local access token, then ask for username and password to create a new access token using this endpoint. See code here.
  4. If the access token is successfully created, save it locally for future use.
  5. Fetch a list of accessible repos by executing a repositoryOwner query using GraphQL endpoint.

I have received a deprecation notice stating that:

On June 28th, 2020 at 17:37 (UTC) you or an application you used recently accessed the deprecated Authorizations endpoint on the GitHub API with the useragent curl/7.68.0.

We will remove the Authorizations API endpoint on November 13, 2020. If you accessed the API via password authentication, then we recommend you use the web flow to authenticate. Please check that your app uses the web flow for authentication …

I am confused as how to integrate the web flow within a shell script. Do I need to register my script as an OAuth app or a GitHub app? They both appear to need a Homepage URL where the app needs to be hosted. But all I have is a shell script that isn’t hosted anywhere. My workflow is completely local, and I don’t want to have to host a site to do something as basic as automating the creation of an access token.

It appears that I have to create a web app, host it somewhere, redirect from it to GitHub, let user authenticate, where GitHub would redirect back to my app, and then finally have my app write the access token to a local file. All this does not appear to be script-friendly and appears to be too much of an overkill for what I am trying to do.

Perhaps the ability to host the web app locally using localhost redirect urls may help? However, even that would require starting a web server to host the web app. Now I have to launch and stop a webserver from within my shell script? Can the redirect urls be of file:// scheme? This way, I can start the web app from within the shell script without needing a launch a server.

I don’t want to have to ask my users to manually create a Personal Access Token and save it to a local file as this would also require that they be given detailed step-by-step instructions as which scopes to select when generating a token. My current script takes care of asking for the needed scopes during token generation.