Other authentication methods

Authenticating Graphite as a GitHub App is the recommended method. However, if you don't have Organization owner permissions, you can try Graphite by authenticating using a Personal Access Token or through GitHub OAuth.

Authenticating with a Personal Access Token (PAT)

GitHub Personal Access Tokens are designed to give command line tools limited access to work with your account. While they provide the minimum clearance to use the Graphite CLI and app, they give the user the added responsibility of granting the token the correct permissions (see Using a Personal Access Token) and have a limited lifespan before they expire. If you authenticate with a PAT, you may have a degraded Graphite experience.

To use a Personal Access Token with Graphite:

• Generate a new token on GitHub and add the following access scopes:

• [If your org has SSO] Check the token settings page on GitHub and make sure you enable SSO for the Personal Access Token you're using with Graphite.

• Next, add your new token to Graphite through the Graphite web app settings page.

Once you add your token, you can:

• Select your repo from the drop-downs in each section of the Graphite app

• Run gt stack submit in the Graphite CLI to create pull requests in GitHub for every branch in your stack

Authenticating with Github OAuth App

There are a few differences between the GitHub OAuth App and the GitHub App:

• No fine-grained control over which repos the OAuth app has access to.

• No access to webhooks (which provide a faster app experience).

• No separate app token to make requests.

Permissions OAuth requires (but Graphite doesn't use)

OAuth App (like GitHub App) still requires Organization owner permissions to be approved. By default, GitHub repositories have OAuth restrictions enabled and an owner needs to turn off OAuth restrictions in order to use the Graphite OAuth App.

Until your Organization owner has approved the app, we can only see the limited subset of public information that any GitHub user (those outside the organization) would be able to see about this organization. In general, GitHub Apps are preferred to OAuth apps for the reasons listed above. If you’re currently using OAuth App authentication, you may have a degraded Graphite experience.

GitHub's scopes for OAuth apps only let us request the blanket repo permission, which includes read and write access that we don't need (and don't use) as part of Graphite's operations. The extraneous scopes are:

• Issues

• Wikis

• Settings

• Webhooks and services

• Deploy keys

• Collaboration invites

Graphite does not use these scopes, and we wouldn't ask for them if we weren't forced to by GitHub's limited permissions model for OAuth apps.