Skip to content

feat: add personal access token authentication #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kylecarbs merged 2 commits into from
Jan 5, 2026
Merged

feat: add personal access token authentication #15

kylecarbs merged 2 commits into from
Jan 5, 2026

Conversation

@blinkagent
Copy link
Contributor

@blinkagent blinkagent bot commented Dec 11, 2025

This PR adds support for Personal Access Token (PAT) authentication, allowing users to sign in without going through the OAuth device flow.

Based on #12 by @pepegar, with the following improvements:

  • Client-side validation: Token validation happens directly against the GitHub API from the browser (no new server endpoints)
  • Scope enforcement: Validates that the token has the required repo scope before accepting it
  • Improved UI: Cleaner PAT input interface with better error handling

Changes

  • Add loginWithPAT function to auth context that validates tokens directly with GitHub API
  • Add PAT authentication section to the welcome dialog
  • Support both ghp_ (classic) and github_pat_ (fine-grained) token formats

How it works

  1. User clicks "Or use a Personal Access Token"
  2. Pastes their GitHub PAT
  3. Client validates the token directly against https://api.github.com/user (CORS is supported)
  4. Checks x-oauth-scopes header to ensure repo scope is present
  5. If valid, stores the token and authenticates the user

Closes #12

pepegar and others added 2 commits December 11, 2025 10:10
@pepegar
feat: add personal access token authentication
3841b8a
@blink-so
refactor: move PAT validation to client-side
b4cd3d2 
- Remove /api/auth/validate-token server endpoint
- Validate PAT directly against GitHub API from client (CORS supported)
- Enforce repo scope requirement with clear error message
- Improve PAT input UI with cleaner layout and better UX
- Add escape key to cancel, autofocus input field
@vercel
Copy link

vercel bot commented Dec 11, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
pulldash Ready Ready Preview Comment Dec 11, 2025 7:01pm

@pepegar
Copy link
Contributor

pepegar commented Dec 16, 2025

tested this locally and works great

@pepegar
Copy link
Contributor

pepegar commented Dec 21, 2025

do you think we can get this merged @kylecarbs?

@pepegar
Copy link
Contributor

pepegar commented Jan 5, 2026

Just checking in, are there any plans ot merge this?

@kylecarbs
Copy link
Member

kylecarbs commented Jan 5, 2026

Oops, sorry @pepegar! Looking now.

@kylecarbs kylecarbs merged commit 1fd065e into main Jan 5, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kylecarbs kylecarbs kylecarbs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pepegar @kylecarbs