Creating and using a github personal access token

From Hall A Wiki
Revision as of 15:44, 16 September 2021 by Pking (Talk | contribs) (Creating a personal access token)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

On the a-onl and adaq accounts, we use HTTPS clones of the github repositories. Because of this, you need to set up a personal access token to be able to push changes to github.

Creating a personal access token

The Github documentation for how to create a personal access token is here.

Here's the summary (pictures of the screens are available in the Github documentation page):

  1. Log into your Github account in a browser, select "Settings" from the pulldown menu under your profile photo, then select "Developer settings" from the left sidebar (near the bottom of the sidebar).
  2. In the left sidebar, click Personal access tokens.
  3. Click Generate new token.
    1. Give the token a name
    2. Select an expiration date for the token. I suppose you could choose no expiration, but I generally use a shorter expiration time. The longest duration allowed (other than forever) is one year.
    3. Select the repo scope
    4. Generate the token, and then save the token. I save it in my password manager, but you could store it in another way.

Let me repeat the warning from the documentation page: Treat your tokens like passwords and keep them secret. When working with the API, use tokens as environment variables instead of hardcoding them into your programs.

I keep my token in my personal machine's password manager, and paste it from there while logged in remotely to the hall A machines. If you do a lot of pushes while sitting at one of the counting house machines, you can either type it in, or have it saved in a user-readable-only file on your farm account.

Another option would be that you create a new token as needed, and then delete the token when you're done. That would save the effort of needing to save the token.

Using your personal access token

If you want to push changes from a clone on an adaq machine to a repo for which your github account has push authorization:

  1. git push origin <branchname>
  2. On some counting house machines, you will be prompted to enter your github username in the console, and in others a gnome-ssh-askpass popup window will appear to enter your github username
  3. At the password prompt (in the console or popup window), enter your personal access token. The push should then go through and you would see the response like you were doing the push from your own account.

On the a-onl account, we have set up a credential cache with a five minute time-out. If you do additional pushes within five minutes, you will not need to re-enter your account and token.

Possible problems

  • If you see the following message, it means your personal access token was not recognized. Try again and verify that you are entering it correctly. If this error persists, you may have corrupted your token, so you should log onto Github to either regenerate the token or create a new one.
 [a-onl@aonl2 analyzer-mine]$ git push origin feature-new-branch
 Username for '': paulmking
 Password for '':
 remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
 remote: Please see for more information.
 fatal: Authentication failed for ''
  • If you see an error message like this one, it means your github account does not have permission to push to that repo on github.
 [a-onl@aonl2 SBS-offline]$ git push origin pking-new-test-branch
 Username for '': paulmking
 Password for '':
 remote: Permission to JeffersonLab/SBS-offline.git denied to paulmking.
 fatal: unable to access '': The requested URL returned error: 403