【已解决】github不再支持密码需要访问api从密码改为token

[GitHub] Deprecation Notice

Hi @crifan,


You recently used a password to access an endpoint through the GitHub API using org.carthage.CarthageKit/0.34.0. On July 1st, 2020, basic authentication using password to this endpoint will no longer work:


https://api.github.com/repositories/170865397/releases/tags/v1.2.2


We recommend using a personal access token (PAT) with the appropriate scope to access this endpoint instead. Visit https://github.com/settings/tokens for more information.


Thanks,
The GitHub Team

Hi @crifan,

You recently used a password to access the repository at crifan/crifanLibPython with git using git/2.21.1 (Apple Git-122.3).

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team

Hi @crifan,

You recently used a password to access the repository at crifan/crifanLibPython with git using git/2.21.1 (Apple Git-122.3) (Darwin Kernel Version 18.7.0: Sat Oct 12 00:02:19 PDT 2019; root:xnu-4903.278.12~1/RELEASE_X86_64 18.7.0; darwin x64) vscode/1.53.2 (Visual Studio Code).

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team

Hi @crifan,

You recently used a password to access the repository at crifan/crifan_ebook_readme with git using git/2.26.0 (Darwin Kernel Version 20.4.0: Thu Apr 22 21:46:47 PDT 2021; root:xnu-7195.101.2~1/RELEASE_X86_64 20.4.0; darwin x64) vscode/1.56.2 (Visual Studio Code).

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team

• token-based authentication
• PAT=Personal Access Token
• for developers
• OAuth
• GitHub App installation token
• for integrators

• 之前已经有很多安全方面的改进了
• 包括
• two-factor authentication
• sign-in alerts
• verified devices
• preventing the use of compromised passwords
• WebAuthn
• 但是，由于各种原因，有些还能用账号+密码去登录
• 会导致：容易被黑客破解，而泄露密码

• Unique独一无二：可针对不同不同用户或设备
• Revocable可撤回：可根据需要，随时撤销
• Limited个数有限：可限制用途在受信任的有限的需求场景中使用
• Random随机：随机生成的token，不（会像密码那样）容易受到黑客的暴力破解

• 对于开发者developers
• 换用：
• a personal access token
• https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token
• 或：SSH key
• 对于集成者integrators：集成流程
• 换用
• web
• 或  device authorization
• https://github.blog/changelog/2020-07-27-oauth-2-0-device-authorization-flow/
• 详见
• Authorizing OAuth Apps
• https://docs.github.com/en/developers/apps/authorizing-oauth-apps
• the announcement on the developer blog
• https://developer.github.com/changes/2020-02-14-deprecating-password-auth/

Personal access tokens

Generate new token
Need an API token for scripts or testing? Generate a personal access token for quick access to the GitHub API.
Personal access tokens function like ordinary OAuth access tokens. They can be used instead of a password for Git over HTTPS, or can be used to authenticate to the API over Basic Authentication.

Hey crifan!


A personal access token (no delete repo, other all granted) with admin:enterprise, admin:gpg_key, admin:org, admin:org_hook, admin:public_key, admin:repo_hook, delete:packages, gist, notifications, repo, user, workflow, write:discussion, and write:packages scopes was recently added to your account. Visit https://github.com/settings/tokens for more information.


To see this and other security events for your account, visit https://github.com/settings/security-log


If you run into problems, please contact support by visiting https://github.com/contact


Thanks,
The GitHub Team

转载请注明：在路上 » 【已解决】github不再支持密码需要访问api从密码改为token