8

I have several repositories which I was apparently using a cached version of password authentication to GitHub. I learned this only recently because GitHub stopped supporting passwords and instead required Personal Access Tokens (PAT) or SSH keys.

I would get the following message for all private repositories on pull or push:

remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access 'https://github.com/villano-lab/CEvNS.git/': The requested URL returned error: 403

I sort of solved this problem by looking at this post. From that information I inferred that I should check my parameter credential.helper. By doing:

git config --list

I found that it was set to "store" like this:

credential.helper=store

So what I did was set it like this:

git config credential.helper ""

What this did was allow me to enter my username and password again (and not have it supplied by the git client in a tacit way). Then I was able to create a GitHub Personal Access Token and use that inside the password field and the new GitHub requirements were satisfied and I didn't get the error.

The question is, how do I make that permanent? Like, how do I put the PAT into the git client cache so I don't have to type it again like before? As of now if I go back to:

git config credential.helper store

it will go back to the old password and GitHub will refuse it.

villaa
  • 1,043
  • 3
  • 14
  • 32
  • When you select store, it is stored in your operating system credential manager. So you have to find where it is stored and delete the credentials for Github stored so that git ask you the password again. – Philippe Aug 17 '21 at 22:59
  • @Philippe thanks. Any idea how to find where? https://stackoverflow.com/questions/35942754/how-to-save-username-and-password-in-git suggests ~/.git-credentials; but it isn't there. – villaa Aug 17 '21 at 23:06

2 Answers2

22

You should set your credential helper back to what it was: git config --global credential.helper store. Then, use the technique outlined in the Git FAQ to reset the credentials in your credential helper:

$ echo url=https://account@github.com | git credential reject

You should replace account with your GitHub username.

Then, next time, Git will prompt you for your credentials, and you should enter your GitHub username as the username and your personal access token as the password. The credential helper will then save them.

bk2204
  • 64,793
  • 6
  • 84
  • 100
  • great answer. One note: in one of my local repositories I had for some reason the `credential.helper` variable explicitly set to something else (blank). So I had to do `git config --unset-all credential.helper` to make sure there was no local setting overriding the global one (I think?). – villaa Aug 18 '21 at 01:22
1

On OSX it seems you can also use the osxkeychain for the credential.helper. I tested this by first unsetting any global value:

git config --global --unset credential.helper

Then, I went ahead and deleted the existing github.com keychain that was already in the osxkeychain by going into utilities from finder and selecting the Keychain application:

keychain application

Which clearly showed various keys for git after searching "git":

github.com key

I deleted the github.com key from within this manager.

Then I set up a local setting that allowed using the osxkeychain. I think you can also make this global but I just tested it on one repository.

git config credential.helper osxkeychain

Then I tried git pull and I was asked to supply my github.com credentials at which point I supplied my PAT. This was then saved in the github.com key and was used afterward.

Presumably, I could set this globally to use this chain over all repositories like:

git config --unset credential.helper

git config --global credential.helper osxkeychain

I believe the osxkeychain has the benefit of not storing a plain text password file on your system. As opposed to the store method above which does.

villaa
  • 1,043
  • 3
  • 14
  • 32