最新消息:20210917 已从crifan.com换到crifan.org

【已解决】github不再支持密码需要访问api从密码改为token

Git crifan 552浏览 0评论
收到邮件:
[GitHub] Deprecation Notice

Hi @crifan,


You recently used a password to access an endpoint through the GitHub API using org.carthage.CarthageKit/0.34.0. On July 1st, 2020, basic authentication using password to this endpoint will no longer work:


https://api.github.com/repositories/170865397/releases/tags/v1.2.2


We recommend using a personal access token (PAT) with the appropriate scope to access this endpoint instead. Visit https://github.com/settings/tokens for more information.


Thanks,
The GitHub Team
抽空再去试试
【20210203】
收到邮件:
Hi @crifan,

You recently used a password to access the repository at crifan/crifanLibPython with git using git/2.21.1 (Apple Git-122.3).

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team

【GitHub:不支持 git的通过密码访问了】
2021-03-08
Hi @crifan,

You recently used a password to access the repository at crifan/crifanLibPython with git using git/2.21.1 (Apple Git-122.3) (Darwin Kernel Version 18.7.0: Sat Oct 12 00:02:19 PDT 2019; root:xnu-4903.278.12~1/RELEASE_X86_64 18.7.0; darwin x64) vscode/1.53.2 (Visual Studio Code).

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team
抽空遇到问题,再去解决。
【20210312】
后来发现公司内的Gitlab也是从 git密码,改为了 PAT(Personal Access Token)了:
【已解决】git push提交Gitlab的仓库报错:Push failed remote HTTP Basic Access denied Authentication failed
【20210618】
又遇到提示:
Hi @crifan,

You recently used a password to access the repository at crifan/crifan_ebook_readme with git using git/2.26.0 (Darwin Kernel Version 20.4.0: Thu Apr 22 21:46:47 PDT 2021; root:xnu-7195.101.2~1/RELEASE_X86_64 20.4.0; darwin x64) vscode/1.56.2 (Visual Studio Code).

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team
去看看
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
要改为:
  • token-based authentication
    • PAT=Personal Access Token
      • for developers
    • OAuth
    • GitHub App installation token
      • for integrators
August 13, 2021 之后,就不再支持密码访问了。
原因:
  • 之前已经有很多安全方面的改进了
    • 包括
      • two-factor authentication
      • sign-in alerts
      • verified devices
      • preventing the use of compromised passwords
      • WebAuthn
  • 但是,由于各种原因,有些还能用账号+密码去登录
  • 会导致:容易被黑客破解,而泄露密码
所以建议换 token
token的好处:
  • Unique独一无二:可针对不同不同用户或设备
  • Revocable可撤回:可根据需要,随时撤销
  • Limited个数有限:可限制用途在受信任的有限的需求场景中使用
  • Random随机:随机生成的token,不(会像密码那样)容易受到黑客的暴力破解
需要怎么做?
去参考:
Creating a personal access token – GitHub Docs
操作。
登录GitHub
crifan (Crifan Li) (github.com)
进入 Settings
点击 Developer settings
切换到:Personal access tokens
Personal access tokens

Generate new token
Need an API token for scripts or testing? Generate a personal access token for quick access to the GitHub API.
Personal access tokens function like ordinary OAuth access tokens. They can be used instead of a password for Git over HTTPS, or can be used to authenticate to the API over Basic Authentication.
点击 Generate new token
然后除了:
delete_repo
Delete repositories
不选,其他都选上
其中:不给删除仓库的权限,因为要删除,进去GitHub网页后台手动删除
加上Note:
no delete repo, other all granted
点击 Generate token
即可。
然后之后其他地方,换用token,取代GitHub的密码。
且提示你了:
Make sure to copy your personal access token now. You won’t be able to see it again!
现在拷贝好,之后就再看不到了。
【后记】
看到了对应的创建token的邮件提示:
Hey crifan!


A personal access token (no delete repo, other all granted) with admin:enterprise, admin:gpg_key, admin:org, admin:org_hook, admin:public_key, admin:repo_hook, delete:packages, gist, notifications, repo, user, workflow, write:discussion, and write:packages scopes was recently added to your account. Visit https://github.com/settings/tokens for more information.


To see this and other security events for your account, visit https://github.com/settings/security-log


If you run into problems, please contact support by visiting https://github.com/contact


Thanks,
The GitHub Team
说明系统做得很全面。

转载请注明:在路上 » 【已解决】github不再支持密码需要访问api从密码改为token

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
94 queries in 0.196 seconds, using 23.41MB memory