Authenticate with GitHub using a token

wayofthefuture picture wayofthefuture · Sep 21, 2013 · Viewed 247.7k times · Source

I am trying to authenticate with GitHub using a personal access token. In the help files at github, it states to use the cURL method to authenticate (https://help.github.com/articles/creating-an-access-token-for-command-line-use). I have tried this, but I still cannot push to GitHub. Please note, I am trying to push from an unauthenticated server (Travis-CI).

cd $HOME
git config --global user.email "[email protected]"
git config --global user.name "username"

curl -u "username:<MYTOKEN>" https://github.com/username/ol3-1.git
git clone --branch=gh-pages https://github.com/username/ol3-1.git gh-pages

cd gh-pages
mkdir buildtest
cd buildtest
touch asdf.asdf

git add -f .
git commit -m "Travis build $TRAVIS_BUILD_NUMBER pushed to gh-pages"
git push -fq origin gh-pages

This code causes the errors:

remote: Anonymous access to scuzzlebuzzle/ol3-1.git denied.

fatal: Authentication failed for 'https://github.com/scuzzlebuzzle/ol3-1.git/'"

Answer

Ian Stapleton Cordasco picture Ian Stapleton Cordasco · Sep 21, 2013

Your curl command is entirely wrong. You should be using the following

curl -H 'Authorization: token <MYTOKEN>' ...

That aside, that doesn't authorize your computer to clone the repository if in fact it is private. (Taking a look, however, indicates that it is not.) What you would normally do is the following:

git clone https://scuzzlebuzzle:<MYTOKEN>@github.com/scuzzlebuzzle/ol3-1.git --branch=gh-pages gh-pages

That will add your credentials to the remote created when cloning the repository. Unfortunately, however, you have no control over how Travis clones your repository, so you have to edit the remote like so.

# After cloning
cd gh-pages
git remote set-url origin https://scuzzlebuzzle:<MYTOKEN>@github.com/scuzzlebuzzle/ol3-1.git

That will fix your project to use a remote with credentials built in.

Warning: Tokens have read/write access and should be treated like passwords. If you enter your token into the clone URL when cloning or adding a remote, Git writes it to your .git/config file in plain text, which is a security risk.