Issue: Token authentication requirements for Git operations

Hi guys,

I got an email a few months ago, saying that “Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations on GitHub.com.” The related blog is “Token authentication requirements for Git operations | The GitHub Blog”.

We use command line access, which should be affected by this change, based on the article.

But we just tested the use case, it still works now in September.

Does anyone know the reason?

Thanks,
Jay

Are you possibly using SSH? Nothing changed for that. It’s also possible you were already using tokens, either manually or through some sort of OAuth integration.

No, actually we still tested with the usr/pw to login to the github website… as far as I understand, this is the way that was not gonna be supported begining Aug 13 2021.

You’re still supposed to use username and password for the website (optionally plus 2FA), the thing that’s not supported any more is using username and password for Git operations (e.g. git push).

Hi, basically what we did and found that still working is, we use GUI usr/pw to run some git cmd within our APP. Based on the email, I thought using the GUI usr/pw to run git cmd in APP should NOT work any more, but we found it still works.

I’ve seen some mention of OAuth workflows that’d provide a token to an app via web authentication (where the password is supposed to work). It’s not something I’m familiar with, if you provide more details on that GUI maybe someone who is will see it.

No problem… I was wondering if I can have a call with Github tech support so we can better clarify the issue… but I couldn’t find out how to talk with support.

Thanks anyway!

you could try running:
git remote -v
in your repository to determine whether you’re using ssh or https

It’s possible your git client is using a credential helper, if you’re curious, you could look into:
https://git-scm.com/docs/gitcredentials

Re OAuth flows, they’re documented here:

It’s possible they’re being used, but I’d imagine you’d notice, because I’d expect your push to show up w/ a hint of the OAuth app in the push events (probably saying “app pushed x commits”)…