Giters

google / go-github

Go library for accessing the GitHub v3 API

Home Page:https://pkg.go.dev/github.com/google/go-github/v62/github

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Username is required when using fine-grained vs classic PAT (personal access token) for PlainClone operation

byteams opened this issue · comments

commented

The documentation suggests that username can be left empty or filled with any empty string when using a PAT as follows

r, err = git.PlainClone(path, false, &git.CloneOptions{
        URL: repo_url,
        Auth: &gogithttp.BasicAuth{
	        Username: "", // can be anything except an empty string
	        Password: token,
        },
})

However, I'm finding that this behaves differently for the newer fine-grained tokens (as opposed to classic tokens), where now you're required to provide the actual username in the value.

Here's how to reproduce:

Get a new fine-grained access token from https://github.com/settings/personal-access-tokens/new:
Step 1: Give it a token name (not important)
Step 2: Select Resource Owner (important, select your organization with private repositories)
Step 3: Select All repositories
Step 4: From the list of permissions, find Contents then grant Read-only access.
Step 5: try running the above code with and without username

If it's reproducible, there are a few options I'd like to suggest:

  1. changing the code to maintain the same behavior for both types of tokens. We can do this by getting user info before calling clone,
    or
  2. introducing optional type to BasicAuth
    or
  3. introducing NonBasicAuth or "FineGrainedAuth"
    or
  4. just clarifying in the documentation

Curious to hear if others are able to reproduce this issue