In support of John Wuff’s comments, I agree that the online git documentation surrounding the replacement of User/Password with Personal Access Token (PAT) is conceptually clear but somewhat vague when it comes to how to actually create and use/apply a PAT. Like John, I have read and concentrated on implementing a PAT. The documentation ‘invites’ the reader to take certain steps, but then only describes further steps (or information) when one submits to taking any particular step. For example, when one goes to Developer Settings (not an obvious step for a start) one can only assume that the button labelled “Generate new token” should be selected. After it’s selection one is then faced with a ‘scopes’ page headed with “Scopes for OAuth Apps” which obviously may need to be studied before moving forward. BUT CONFUSINGLY, “OAuth Apps” was listed separately on the “Developer Setting” page. So how does “OAuth Apps” concern PATs and scoping? As I read through the various scope settings, I had several more questions. However, I did eventually find the steps defined under “Creating a personal access token” - which were a little more helpful , including with scope settings.
After following through with the latter found steps I continued to be confused because when I tried to sign in to github with my email address and new PAT, a message appeared indicating that my username was incorrect. Huh!?
This gradual information feed together with what seems to be confusing directions or pointers to information that does not necessarily seem relevant, is a problem (at least to me) - mainly because I am not entirely confident about the decisions I should make when confronted with a plethora of options. In this reagrd, I’m not sure how the document “Basics of Authentication” actually helps in prodcing PATs. Also I’m not sure that the information on “git-Credentials” is all that helpful in the context of simply producing a PAT.
Right now, I’m not sure what my status is! And (disappointingly) I remain somewhat confused.
In summary, I believe the basis for a PAT is without question. It’s quite appropriate. Also, the essential steps are reasonably defined in “Creating a personal access token”. However, one or two relevant and FULLY described examples (with and without failures) would be very useful and help dispel the ‘unsurety’ of what might happen as opposed to what should/must happen.