github identifying PAT token id using API?

Question

I've a personal access token (say token2) which I would like to remove from my list of personal access tokens (token1, token2, token3), how can I identify which one of the tokens in my

Settings->Developer settings -> Personal access tokens

The token are listed in http://github.com/settings/tokens/token-id##

how can one find the token-id of a PAT. Unfortunately I don't remember the note corresponding to the token generated. Is there any API using the PAT I can identify the note corresponding to the token?

Thanks for your help.

Answer 1

If the access token is not compromised, one way is to add/remove scopes from this access token like the workflow scope for example:

and check the X-OAuth-Scopes HTTP header. Using curl:

curl -v "https://api.github.com" -H "Authorization: Token YOUR_TOKEN"

You would checkout the scopes for this access token in the output:

< X-OAuth-Scopes: repo, workflow <=========== HERE
< X-Accepted-OAuth-Scopes: 
< X-GitHub-Media-Type: github.v3; format=json
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4997
< X-RateLimit-Reset: 1626704714
< X-RateLimit-Used: 3

If the token is compromised, you could remove some scopes (if multiple are already set) and checkout the http header value. Adding scopes to a compromised access token would expose you to security risks.

Answer 2

You don't say why you want to remove it. If it is because it has been compromised then I would suggest you delete all of them and recreate. If not then perhaps not to bother but just remember that if you want to create multiple tokens you need to remember somewhere which is. Reality is that the later is relatively hard to do unless you have clear distinguishing uses between them (one for a build system, one for local use etc). If the latter then ensure the names of the tokens reflect that in the future.