Provide device-authentication workflow for GitHub?

[cboettig]

Apologies if this is already supported here or elsewhere! Please let me know! I think it would be great if gitcreds could provide the device authentication workflow for GitHub, such as we see in the Python package https://github.com/jupyterhub/gh-scoped-creds (and also built into MS's Code Server I believe), in which a user requests a short-lived (8hr) scoped credential authenticated with a OTP.

This provides a much simpler workflow for users creating tokens than learning to do so manually in the GitHub web interface. It also promotes the use of short-lived tokens, consistent with the best-practices we see in other systems, especially with the rise of hosted or cloud-based compute platforms.

you know I'm no security expert, but it seems that current practices in our R community are still built around more long-lived and widely scoped tokens, while elsewhere everything is migrating towards more short-lived and narrowly scoped ones. (I recognize that this request is more GitHub specific than being generally about git, just wasn't sure where best to raise it).

[gaborcsardi]

Seems like gh-scoped-creds sets up a global git credential helper for github.com, so if you already use that, there is nothing more to do in R, gitcreds will automatically pick up and use those credentials.

[cboettig]

yes, that true in settings where students are working in python already anyway.

but when I'm just teaching in R it would be nice to have a solution that doesn't require messing around with setting up a python environment first, right? It's just an API call and writing to a file