{"id":3139,"date":"2025-07-09T07:02:48","date_gmt":"2025-07-09T07:02:48","guid":{"rendered":"https:\/\/www.devopssupport.in\/blog\/?p=3139"},"modified":"2025-07-09T07:02:49","modified_gmt":"2025-07-09T07:02:49","slug":"how-to-generate-a-github-oauth-token-with-read-write-permissions-for-private-repositories","status":"publish","type":"post","link":"https:\/\/www.devopssupport.in\/blog\/how-to-generate-a-github-oauth-token-with-read-write-permissions-for-private-repositories\/","title":{"rendered":"How to Generate a GitHub OAuth Token with Read\/Write Permissions for Private Repositories"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"268\" src=\"https:\/\/www.devopssupport.in\/blog\/wp-content\/uploads\/2025\/07\/image-1024x268.png\" alt=\"\" class=\"wp-image-3140\" srcset=\"https:\/\/www.devopssupport.in\/blog\/wp-content\/uploads\/2025\/07\/image-1024x268.png 1024w, https:\/\/www.devopssupport.in\/blog\/wp-content\/uploads\/2025\/07\/image-300x78.png 300w, https:\/\/www.devopssupport.in\/blog\/wp-content\/uploads\/2025\/07\/image-768x201.png 768w, https:\/\/www.devopssupport.in\/blog\/wp-content\/uploads\/2025\/07\/image.png 1102w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>When working with GitHub, you may need to interact with private repositories. For that, GitHub uses OAuth tokens to authenticate and authorize your access to these repositories. By default, these tokens have read-only permissions for public repositories. However, if you need to access private repositories, you must generate a token with <strong>read\/write permissions<\/strong>. In this blog, we will guide you through the process of generating a GitHub OAuth token with the required permissions for private repositories and how to use it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is an OAuth Token?<\/h3>\n\n\n\n<p>An <strong>OAuth token<\/strong> is a unique authentication credential used to access GitHub\u2019s API. This token is generated by GitHub and is associated with your account. The OAuth token replaces the need for using your username and password when interacting with GitHub repositories programmatically. Tokens allow you to perform various actions, including accessing public repositories, cloning them, pushing changes to them, and even interacting with private repositories, depending on the scope of permissions granted.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why Do You Need a Token with Read\/Write Permissions for Private Repositories?<\/h3>\n\n\n\n<p>When you&#8217;re working with <strong>private repositories<\/strong>, you need to authenticate your identity to gain access. The default OAuth token provides <strong>read-only<\/strong> access to public repositories, meaning you can only clone or fetch data. However, to interact with private repositories (such as pushing code, making pull requests, etc.), GitHub requires that your token has the <strong>read\/write permissions<\/strong> associated with your account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step-by-Step Guide to Creating a GitHub OAuth Token with Read\/Write Permissions<\/h3>\n\n\n\n<p>Follow these steps to generate a GitHub token with read\/write permissions for private repositories:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Step 1: Visit the GitHub Token Creation Page<\/h4>\n\n\n\n<p>To create a new OAuth token with the required permissions, visit GitHub&#8217;s token creation page:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>GitHub Token (Read\/Write for Private Repos)<\/strong>:<br><a class=\"\" href=\"https:\/\/github.com\/settings\/tokens\/new?scopes=repo&amp;description=Composer+on+Zebronics+2025-07-09+0851\">GitHub OAuth Token Generator<\/a><\/li>\n<\/ul>\n\n\n\n<p>Here, you&#8217;ll be prompted to log in to your GitHub account if you aren\u2019t already logged in.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Step 2: Configure the Token Permissions<\/h4>\n\n\n\n<p>Once you\u2019re logged in, you\u2019ll be taken to a page where you can set the <strong>permissions<\/strong> for your token:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Token Name<\/strong>: Give your token a name or description. This can be something like \u201cComposer on Zebronics\u201d to help you remember where and why you created the token.<\/li>\n\n\n\n<li><strong>Scopes<\/strong>: Under <strong>Scopes<\/strong>, choose <code>repo<\/code>, which grants full control over private repositories. This includes:\n<ul class=\"wp-block-list\">\n<li><strong>repo<\/strong>: Full access to private repositories (including pushing and pulling).<\/li>\n\n\n\n<li><strong>read:org<\/strong>: Read access to organization membership.<\/li>\n\n\n\n<li><strong>admin:org<\/strong> (optional): Access to manage organizations (if necessary).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p>Make sure to select the appropriate <strong>scopes<\/strong> for your needs. For full access to private repositories, the <code>repo<\/code> scope is sufficient.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Step 3: Generate the Token<\/h4>\n\n\n\n<p>Once you have selected the desired permissions, click <strong>Generate token<\/strong>.<\/p>\n\n\n\n<p><strong>Important<\/strong>: GitHub will show you the generated token only once. Copy it and store it securely. If you lose the token, you&#8217;ll need to generate a new one.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Step 4: Use the Token with Composer<\/h4>\n\n\n\n<p>Once you have your token, you&#8217;ll need to configure Composer to use it. Follow these steps to configure Composer to authenticate using the token:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Manually Add the Token to <code>auth.json<\/code><\/strong>:<br>You can manually add the token to your Composer configuration file <code>auth.json<\/code>, located at:<br><code>C:\/Users\/YourUsername\/AppData\/Roaming\/Composer\/auth.json<\/code>.<br>Add the following entry in the file:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n    \"github-oauth\": {\n        \"github.com\": \"YOUR_TOKEN\"\n    }\n}\n<\/code><\/pre>\n\n\n\n<p>Replace <code>YOUR_TOKEN<\/code> with the token you generated.<\/p>\n\n\n\n<p><strong>Use Composer Command<\/strong>:<br>Alternatively, you can use Composer\u2019s command line to configure the token. Run the following command in your terminal:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>composer config --global github-oauth.github.com YOUR_TOKEN\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Replace <code>YOUR_TOKEN<\/code> with the token you generated.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">Step 5: Test the Configuration<\/h4>\n\n\n\n<p>After configuring Composer with your new OAuth token, test your setup by running any Composer command that interacts with a private GitHub repository. If everything is set up correctly, Composer should be able to authenticate successfully and perform the necessary actions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Best Practices for Handling OAuth Tokens<\/h3>\n\n\n\n<p>Here are a few best practices when working with OAuth tokens:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Secure Your Token<\/strong>: Treat your OAuth token like a password. Do not expose it in public repositories or shared environments.<\/li>\n\n\n\n<li><strong>Revoke Unused Tokens<\/strong>: If you no longer need the token, be sure to revoke it from GitHub\u2019s token settings page to ensure security.<\/li>\n\n\n\n<li><strong>Use Environment Variables for Better Security<\/strong>: Instead of storing your token in <code>auth.json<\/code>, you can set it as an environment variable for better security.<\/li>\n\n\n\n<li><strong>Limit Token Permissions<\/strong>: Only give your token the permissions it absolutely needs. This minimizes the risk of exposing your private data.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>When working with GitHub, you may need to interact with private repositories. For that, GitHub uses OAuth tokens to authenticate and authorize your access to these repositories&#8230;. <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3139","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/posts\/3139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/comments?post=3139"}],"version-history":[{"count":2,"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/posts\/3139\/revisions"}],"predecessor-version":[{"id":3142,"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/posts\/3139\/revisions\/3142"}],"wp:attachment":[{"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/media?parent=3139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/categories?post=3139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopssupport.in\/blog\/wp-json\/wp\/v2\/tags?post=3139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}