Skip to main content

Сведения о проверке подлинности в GitHub

Вы можете безопасно получить доступ к ресурсам вашей учетной записи, выполнив проверку подлинности в GitHub, используя разные учетные данные в зависимости от того, где выполняется проверка подлинности.

About authentication to GitHub

To keep your account secure, you must authenticate before you can access certain resources on GitHub. When you authenticate to GitHub, you supply or confirm credentials that are unique to you to prove that you are exactly who you declare to be.

You can access your resources in GitHub in a variety of ways: in the browser, via GitHub Desktop or another desktop application, with the API, or via the command line. Each way of accessing GitHub supports different modes of authentication.

  • Your identity provider (IdP)
  • Username and password with two-factor authentication, or a passkey
  • Personal access token
  • SSH key

Authenticating in your browser

You can authenticate to GitHub in your browser in a number of ways.

If you need to use multiple accounts on your GitHub Enterprise Server instance, such as a personal account and a service account, you can quickly switch between your accounts without always needing to reauthenticate each time. For more information, see Switching between accounts.

  • Username and password only

    • You'll create a password when you create your account on GitHub. We recommend that you use a password manager to generate a random and unique password. For more information, see Creating a strong password.
  • Two-factor authentication (2FA) (recommended)

  • Passkey

    • You can add a passkey to your account to enable a secure, passwordless login. Passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. See About passkeys.
  • External authentication

    • Your site administrator may configure your GitHub Enterprise Server instance to use external authentication instead of a username and password. For more information, see About identity and access management.

Session cookies

GitHub uses cookies to provide services and increase security.

  • The gist.HOSTNAME domain and base domain for your instance use separate cookies.
  • GitHub typically marks a user session for deletion after two weeks of inactivity.
  • GitHub does not immediately delete a session when you sign out. Periodically, GitHub automatically deletes expired sessions.

Authenticating with GitHub Desktop

You can authenticate with GitHub Desktop using your browser. For more information, see Authenticating to GitHub in GitHub Desktop.

Authenticating with the API

You can authenticate with the API in different ways. For more information, see Authenticating to the REST API.

Authenticating to the API with a personal access token

If you want to use the GitHub REST API for personal use, you can create a personal access token. If possible, GitHub recommends that you use a fine-grained personal access token instead of a personal access token (classic). For more information about creating a personal access token, see Managing your personal access tokens.

Authenticating to the API with an app

If you want to use the API on behalf of an organization or another user, GitHub recommends that you use a GitHub App. For more information, see About authentication with a GitHub App.

You can also create an OAuth token with an OAuth app to access the REST API. However, GitHub recommends that you use a GitHub App instead. GitHub Apps allow more control over the access and permission that the app has.

Authenticating to the API in a GitHub Actions workflow

If you want to use the API in a GitHub Actions workflow, GitHub recommends that you authenticate with the built-in GITHUB_TOKEN instead of creating a token. You can grant permissions to the GITHUB_TOKEN with the permissions key.

Note that GITHUB_TOKEN can only access resources within the repository that contains the workflow. If you need to make changes to resources outside of the workflow repository, you will need to use a personal access token or GitHub App.

For more information, see Automatic token authentication.

Authenticating with the command line

You can access repositories on GitHub from the command line in two ways, HTTPS and SSH, and both have a different way of authenticating. The method of authenticating is determined based on whether you choose an HTTPS or SSH remote URL when you clone the repository. For more information about which way to access, see About remote repositories.

HTTPS

You can work with all repositories on GitHub over HTTPS, even if you are behind a firewall or proxy.

If you authenticate with GitHub CLI, you can either authenticate with a personal access token or via the web browser. For more information about authenticating with GitHub CLI, see gh auth login.

If you authenticate without GitHub CLI, you must authenticate with a personal access token. When Git prompts you for your password, enter your personal access token. Alternatively, you can use a credential helper like Git Credential Manager. Password-based authentication for Git has been removed in favor of more secure authentication methods. For more information, see Managing your personal access tokens. Every time you use Git to authenticate with GitHub, you'll be prompted to enter your credentials, unless you cache them with a credential helper.

SSH

You can work with all repositories on GitHub over SSH, although firewalls and proxies might refuse to allow SSH connections.

If you authenticate with GitHub CLI, the CLI will find SSH public keys on your machine and will prompt you to select one for upload. If GitHub CLI does not find a SSH public key for upload, it can generate a new SSH public/private keypair and upload the public key to your account on your GitHub Enterprise Server instance. Then, you can either authenticate with a personal access token or via the web browser. For more information about authenticating with GitHub CLI, see gh auth login.

If you authenticate without GitHub CLI, you will need to generate an SSH public/private keypair on your local machine and add the public key to your account on your GitHub Enterprise Server instance. For more information, see Generating a new SSH key and adding it to the ssh-agent. Every time you use Git to authenticate with GitHub, you'll be prompted to enter your SSH key passphrase, unless you've stored the key.

GitHub's token formats

GitHub issues tokens that begin with a prefix to indicate the token's type.

Token typePrefixMore information
Personal access token (classic)ghp_Managing your personal access tokens
Fine-grained personal access tokengithub_pat_Managing your personal access tokens
OAuth access tokengho_Authorizing OAuth apps
User access token for a GitHub Appghu_Authenticating with a GitHub App on behalf of a user
Installation access token for a GitHub Appghs_Authenticating as a GitHub App installation
Refresh token for a GitHub Appghr_Refreshing user access tokens