How to use OAuth Token to authorize GitHub provider

[posquit0]

Terraform Version

> tf version
Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/github v4.1.0

Your version of Terraform is out of date! The latest version
is 0.14.0. You can update by downloading from https://www.terraform.io/downloads.html

Terraform Configuration Files

provider "github" {
  organization = "my-org"
  base_url     = "https://api.github.com/"
}

Questions

• https://www.terraform.io/docs/providers/github/index.html

token - (Optional) A GitHub OAuth / Personal Access Token. When not provided or made available via the GITHUB_TOKEN environment variable, the provider can only access resources available anonymously.

• The docs said that token could be OAuth Token. However, GitHub OAuth App provides Client ID and Client Secret. How can I configure token with GitHub OAuth App? I thinks the docs should guide for OAuth configurations.

[posquit0]

hello~

[jcudit]

You may have a better experience with a personal access token instead of an OAuth App.

[posquit0]

My use case is for company organization. I have to create a system account for a personal access token in readiness for employee resignation. There is no need to create a system account if I can use OAuth App.

[jspiro]

Any ideas how to do this? The docs say:

token - (Optional) A GitHub OAuth / Personal Access Token. When not provided or made available via the GITHUB_TOKEN environment variable, the provider can only access resources available anonymously.

We're hitting rate limits hard due to PAT. We have an OAuth connection through Terraform.io, but we don't know how to format/provide it.

[sandangel]

hi, may i ask if there is any update on this issue?

[jcudit]

We have recently shipped support for GitHub App authentication within the provider. Is an OAuth App still required by anyone? If so we could look into adding documentation / support for this feature.

[jspiro]

We still need to document the GitHub App configuration and base permissions, but that is our preferred method and has been working well. It's not easy to configure but the higher API limits are worth it.

[posquit0]

I need for my organization! :)

[posquit0]

Is there any progress?

[gchamon]

@posquit0 I am also waiting for this, to be able to authorize an OAuth App via client id and secret, instead of the token, which is generated by the github access endpoint.

As a workaround, I had to create an automation user (which may incur costs depending on the organization subscription). With this user, I create a personal token. It is not ideal, because it is a user attached to the organization, but the user is accessible by all the organization admins and restricted to everyone else, so it kind of serve the purpose. Hope it helps.

[adarobin]

@jcudit It looks like the generate endpoint used to create a repository from a template is not available for GitHub Apps.

Discovered this in the documentation after I tried using a GitHub App to do this and I get a 404. I was hoping to be able to use an OAuth App to get around having this tied to a specific user/needing to create a system account.

[github-actions[bot]]

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

[felipem1210]

Incredible that there is no work on this. Always I'm getting API rate limit with the user PAT

[mattias-fjellstrom]

I'm also interested in how to do this!

[Woody1193]

We've got a system account but we'd much prefer to use a GitHub App for this use-case.