CODEWITHSUNDEEP
gitauthenticationgithub
Rhineb
Rhineb

Reputation: 381

Permalink to raw file in Github private repo

Okay so I've seen this as a similar question several other places on here but many of those are multiple years old and have not seen a satisfactory answer on any of them. Github Raw File - Can I get a permanent link? and Read Raw Contents of File in Private Repo on Github via access_token

First let me provide my use case as I am open to alternative solutions.

I need to be able to link/display markdown files (.md) that are part of a private github repo in confluence. This does technically work using the confluence plugin Markdown from url when giving it a raw url like raw/repo/readme.md?token=XXXXXXX. The issue is the token generated via looking at the raw link is only valid for 7 days so this will not really work for documentation as obviously after a week part of the doc will no longer be visible. As referenced in one of the links above and several other places online through a google search I see the claim that it should be possible to generate a personal access token and substitute the token ie raw/repo/readme.md?token=PERSONAL_ACCESS_TOKEN but I have not found this to be the case. Even when granting your PAT every permission you can in github this still results in a 404 when attempting to access the url in a browser or through the confluence plugin.

Additionally I've also seen an example with a username like raw/repo/readme.md?login=USERNAME&token=PERSONAL_ACCESS_TOKEN but alas this has the same result of receiving a 404.

So the question is does anyone know how to make this work successfully using a PAT or similar security alternative? Am I missing a url option that would make it happy?

Please note I am NOT looking for alternative confluence plugins to make this happen, I know there are several but due to organizational security concerns these are not really options in my case.

Thanks for any ideas

Upvotes: 12

Views: 9819

Answers (3)

SpyNet
SpyNet

Reputation: 679

Others such as bk2204 have suggested this too,

here is an example of how I access contents of my private GitHub repository in PowerShell

Invoke-RestMethod https://raw.githubusercontent.com/HotCakeX/RepositoryName/main/MyFile.txt -Headers @{"Authorization"="token github_pat_abcdefgh123456789"}

Just need to create a fine-grained Personal Access Token: https://github.com/settings/tokens?type=beta

Upvotes: 1

CookiesKush420
CookiesKush420

Reputation: 85

To download a file from a private repository

1. You need to generate a Personal Access Tokens.

According to this GitHub help page:

  1. In the upper-right corner of any page, click your profile photo, then click Settings.
  2. In the left sidebar, click Developer settings.
  3. In the left sidebar, click Personal access tokens.
  4. Select the scopes. To use your token to access repositories from the command line, select repo.
  5. Click Generate new token.
  6. Give your token a descriptive name.

Let's suppose your actual token is 1234567abcdefg

2. Embed Token into the link.

  1. Open the file in GitHub web page and click "Raw"
  2. Copy the link of this raw file, maybe something like this: https:// raw.githubusercontent.com/GITHUB_ACCOUNT/REPOSITORY_NAME/BRANCH_NAME/FILE_NAME.EXTENTION_NAME?token=SOME_NUMBERS_LETTERS
  3. Reform the link as https:// [email protected]/GITHUB_ACCOUNT/REPOSITORY_NAME/BRANCH_NAME/FILE_NAME.EXTENTION_NAME

As you see, "?token=SOME_NUMBERS_LETTERS" are removed. Insert the token you generated from GitHub + @ right after "https://"

curl -s -O https://[email protected]/GITHUB_ACCOUNT/REPOSITORY_NAME/BRANCH_NAME/FILE_NAME.EXTENTION_NAME

Hope this helps!

Upvotes: 8

bk2204
bk2204

Reputation: 76804

As you've seen, all raw links to private GitHub repositories require a token, which expires after a while. This is because if a URL is exposed, the impact of the exposure is limited. The token in the URL you're using is specific to your user, and if it were permanent, then someone could take that token and access that file in the future even if they'd left the organization. I believe, IIRC, that the token is also specific to the URL in question.

So there isn't a way to do this using a token in a URL. However, you could use a personal access token in the Authorization header using Basic authentication if your plugin supports that. I've tested and that does work, and of course it doesn't expose your token to every user. However, it does require that the site you're working with proxy the request and support that.

You may want to use the PAT of a machine or bot account associated with your organization so that if you leave, the links continue to work.

Upvotes: 2

Related Questions