![]() Personal access tokens are like passwords, and they share the same inherent security risks. If you choose to use a personal access token (classic), keep in mind that it will grant access to all repositories within the organizations that you have access to, as well as all personal repositories in your personal account. Personal access tokens (classic) 不太安全。 但是,某些功能目前仅适用于 personal access tokens (classic): Organization owners can require approval for any fine-grained personal access tokens that can access resources in the organization.Each token must have an expiration date.Each token is granted specific permissions, which offer more control than the scopes granted to personal access tokens (classic).Each token can only access specific repositories.Each token can only access resources owned by a single user or organization.For more information, see " 为组织设置个人访问令牌策略." Fine-grained personal access tokensįine-grained personal access tokens have several security advantages over personal access tokens (classic): Organization owners can set a policy to restrict the access of personal access tokens (classic) to their organization. GitHub recommends that you use fine-grained personal access tokens instead of personal access tokens (classic) whenever possible. GitHub currently supports two types of personal access tokens: fine-grained personal access tokens and personal access tokens (classic). For more information, see " About creating GitHub Apps." Types of personal access tokens To access resources on behalf of an organization, or for long-lived integrations, you should use a GitHub App. Personal access tokens are intended to access GitHub resources on behalf of yourself. Personal access tokens are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line. For more information, see " Keeping your personal access tokens secure." About personal access tokens ![]() Warning: Treat your access tokens like passwords. ![]()
0 Comments
Leave a Reply. |