Open gr2m opened 10 months ago
Thanks for creating our first issue, @gr2m! 🎉
➜ ~ gh auth login --web -h github.com The value of the GITHUB_TOKEN environment variable is being used for authentication. To have GitHub CLI store credentials instead, first clear the value from the environment.
Since you're overriding the GITHUB_TOKEN
, could you confirm that is a OAuth token (`gho...`)_ or try clearing the environment variable out?
GitHub Copilot in the CLI currently works with OAuth tokens, but we have plans to support PATs in the near term. For now, using a PAT will trigger this error message.
Lastly, there is no new scope for OAuth tokens to work with GitHub Copilot or atleast with GitHub Copilot in the CLI.
Thanks for creating our first issue, @gr2m! 🎉
🫡
Since you're overriding the
GITHUB_TOKEN
, could you confirm that is a OAuth token (`gho...`)_ or try clearing the environment variable out?
I think it's a classic personal access token ghp_...
, which is an OAuth token under the hood right?
curl -H"Authorization: token $GITHUB_TOKEN" https://api.github.com/user -I
HTTP/2 200
# ...
x-oauth-scopes: notifications, project, repo, workflow, write:org
I think it's a classic personal access token
ghp_...
, which is an OAuth token under the hood right?
😬 so we might need to improve the messaging here because you need to authenticate via the OAuth app in the web browser, not using a PAT. 🤔
$ gh auth login
? What account do you want to log into? GitHub.com
? What is your preferred protocol for Git operations? HTTPS
? How would you like to authenticate GitHub CLI? Login with a web browser
! First copy your one-time code: X#X#-X#X#
Press Enter to open github.com in your browser...
Getting this error when trying to use copilot cli in a codespace. The GITHUB_TOKEN is already set so I have to remove it to perform the login again and then it works.
@user ➜ /workspaces/project (main) $ ?? this is a test
✗ Error: No valid OAuth token detected
To get started with GitHub Copilot in the CLI, please run: gh auth login --web -h github.com to authenticate via web browser.
@user ➜ /workspaces/project(main) $ gh auth login --web -h github.com
The value of the GITHUB_TOKEN environment variable is being used for authentication.
To have GitHub CLI store credentials instead, first clear the value from the environment.
Getting this error when trying to use copilot cli in a codespace. The GITHUB_TOKEN is already set so I have to remove it to perform the login again and then it works.
@user ➜ /workspaces/project (main) $ ?? this is a test ✗ Error: No valid OAuth token detected To get started with GitHub Copilot in the CLI, please run: gh auth login --web -h github.com to authenticate via web browser. @user ➜ /workspaces/project(main) $ gh auth login --web -h github.com The value of the GITHUB_TOKEN environment variable is being used for authentication. To have GitHub CLI store credentials instead, first clear the value from the environment.
Thank you for adding to this issue, @gabynevada! This is absolutely a limitation with the current way GitHub Codespaces provides an automatic token when a codespace is created.
As mentioned in "Troubleshooting authentication to a repository", this token is not a standard personal access token (PAT) or a token from authenticating GitHub or OAuth app but a user-to-server token (`ghu...`)_.
Internally, discussions on how to extend Copilot integration support to PATs has been under discussion. I will make sure to bring up this aspect of leveraging with Codespaces ❤
Is there any way currently to obtain a valid OAuth token without opening a web browser? In a headless environment this is quite cumbersome.
Also interested..
Is there any way currently to obtain a valid OAuth token without opening a web browser? In a headless environment this is quite cumbersome.
Yes, kind of, using the device flow: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow
I think it's off topic for this question though, best to ask in https://github.com/orgs/community/discussions/categories/api-and-webhooks, feel free to ping me in there
I use 1Password to store my PAT, which has its own plugin for gh.
Just wanted to throw out another use case where OAuth is cumbersome
Hello @andyfeller
My specific question is not about the CLI but it seems very related to the topic and I'm hoping you can assist.
You wrote:
Lastly, there is no new scope for OAuth tokens to work with GitHub Copilot or atleast with GitHub Copilot in the CLI.
Does this mean that the copilot access does not go through any scope?
That it is instead the approval for a specific client_id
of the oAuth app which provides the authorization for copilot?
Is there a way to get a custom oAuth app to be able to approve github copilot in the device flow?
Is there a way to get a custom oAuth app to be able to approve github copilot in the device flow?
@bd82 : No, not currently. 😞
I have hopes given work around improving rate limit handling with the GitHub Copilot platform that this might change in the future. For now, GitHub Copilot in the CLI is only accessible via the GitHub CLI OAuth app.
Thanks for the information @andyfeller
My team is currently using PATs for installing npm packages from GitHub packages. Having to clear out that token from my environment every time I want to use this plugin isn't practical.
My team is currently using PATs for installing npm packages from GitHub packages. Having to clear out that token from my environment every time I want to use this plugin isn't practical.
@diminutivesloop : Could you share more about how your team is using gh
for installing npm
packages?
I know some GitHub APIs don't support GitHub or OAuth tokens, which might be why your team needs a PAT working with npm
. However the GitHub CLI doesn't have any npm
or GitHub packages support, so I assume your team is reusing gh
as a generic token storage and integration tool.
@andyfeller We're not using gh
directly, but in our projects we have our .npmrc
configured as follows to authenticate against https://npm.pkg.github.com/
for private-scoped packages:
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
I use 1Password to store my PAT, which has its own plugin for gh.
Just wanted to throw out another use case where OAuth is cumbersome
Running into the same issue here and want to continue to use my 1password saved PAT as it's too handy to auth with biometrics and not looking to remove this workflow. Hopefully PAT are on the roadmap to become an acceptable solution soon.... Looks like it was mentioned almost a year ago on the roadmap but still not available.
Describe the need
I use a local GITHUB_TOKEN environment variable instead of
gh
's own credential. What OAuth scope is necessary? Ideally I'd add that information to both the README and the error messageVersion
I installed the extension just now
Relevant terminal output