gitcreds

gitcreds copied to clipboard

Apologies if this is already supported here or elsewhere! Please let me know! I think it would be great if gitcreds could provide the device authentication workflow for GitHub, such as we see in the Python package https://github.com/jupyterhub/gh-scoped-creds (and also built into MS's Code Server I believe), in which a user requests a short-lived (8hr) scoped credential authenticated with a OTP.

This provides a much simpler workflow for users creating tokens than learning to do so manually in the GitHub web interface. It also promotes the use of short-lived tokens, consistent with the best-practices we see in other systems, especially with the rise of hosted or cloud-based compute platforms.

you know I'm no security expert, but it seems that current practices in our R community are still built around more long-lived and widely scoped tokens, while elsewhere everything is migrating towards more short-lived and narrowly scoped ones. (I recognize that this request is more GitHub specific than being generally about git, just wasn't sure where best to raise it).