Skip to content

feat: add personal access token authentication #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
blinkagent wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add personal access token authentication #15

blinkagent wants to merge 2 commits into from
+188 −0

Conversation

@blinkagent
Copy link

@blinkagent blinkagent bot commented Dec 11, 2025

This PR adds support for Personal Access Token (PAT) authentication, allowing users to sign in without going through the OAuth device flow.

Based on #12 by @pepegar, with the following improvements:

  • Client-side validation: Token validation happens directly against the GitHub API from the browser (no new server endpoints)
  • Scope enforcement: Validates that the token has the required repo scope before accepting it
  • Improved UI: Cleaner PAT input interface with better error handling

Changes

  • Add loginWithPAT function to auth context that validates tokens directly with GitHub API
  • Add PAT authentication section to the welcome dialog
  • Support both ghp_ (classic) and github_pat_ (fine-grained) token formats

How it works

  1. User clicks "Or use a Personal Access Token"
  2. Pastes their GitHub PAT
  3. Client validates the token directly against https://api.github.com/user (CORS is supported)
  4. Checks x-oauth-scopes header to ensure repo scope is present
  5. If valid, stores the token and authenticates the user

Closes #12

pepegar and others added 2 commits December 11, 2025 10:10
@pepegar
feat: add personal access token authentication
3841b8a
@blink-so
refactor: move PAT validation to client-side
b4cd3d2 
- Remove /api/auth/validate-token server endpoint
- Validate PAT directly against GitHub API from client (CORS supported)
- Enforce repo scope requirement with clear error message
- Improve PAT input UI with cleaner layout and better UX
- Add escape key to cancel, autofocus input field
@vercel
Copy link

vercel bot commented Dec 11, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
pulldash Ready Ready Preview Comment Dec 11, 2025 7:01pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pepegar