Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: Documentation for how to use with the new Fine-grained personal access tokens #161

Open
stianlagstad opened this issue May 5, 2023 · 2 comments
Open

feature: Documentation for how to use with the new Fine-grained personal access tokens #161

stianlagstad opened this issue May 5, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@stianlagstad
Copy link

Summary

At https://github.com/settings/tokens?type=beta there's now a new type of Personalized Access Tokens (PATs) called fine-grained personal access tokens. Creating these looks different than creating "classic" PATs. The readme of this repository currently says

The token must have the repo scope (when creating a repo runner) or the admin:org scope (when creating a runner for an organization). Personal Access Token for GitHub account can be created here.

Which is correct for the classic PATs, but since the process looks a bit different for the new fine-grained PATs: Could a description for how to use these be added? It's not clear to me how to configure them.

Issue Type

Feature Idea
@stianlagstad stianlagstad added the enhancement New feature or request label May 5, 2023
@4wk-
Copy link

4wk- commented May 31, 2023

I've managed to make this role work with the new Fine-grained token, for a runner at org-scope.

On the Organisation settings, I've set:

  • Allow access via fine-grained personal access tokens
  • Require administrator approval
  • Restrict access via personal access tokens (classic)

On my Personnal Github account (I am the org owner, for that matter), I've created a fine-grained PAT:

  • In the field "Resource owner", don't forget to select the organization you are member of!
  • Repository access > Public repo (read-only): my org have no public repos, but I think this is irrelevant
  • In the Organization Permissions, you need to put Read and write access to "Administration" and "Self-hosted runners"

See also: https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28#organization-administration

Hope it help someone, and YES please update documentation for this, even if this is a Github beta feature it is now well-known!

@kratenko
Copy link

kratenko commented Mar 8, 2024

Is there any information why this scripts needs read/write access to Administration? I mean, even if you told me, what you want to do, I am not giving a random script from the internet the permission to completely delete our organization on GitHub, access to billings, and to membership - that simply does not work! Is there not any way around that? Right now, this solution will not be used in our company, period.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@4wk- @kratenko @stianlagstad