|
| 1 | + |
| 2 | +.. _Managing Access Tokens: |
| 3 | + |
| 4 | +Introduction |
| 5 | +############ |
| 6 | + |
| 7 | +This document provides an overview of the process for generating and |
| 8 | +maintaining access tokens for Azure and GitHub. The purpose of the |
| 9 | +document is to provide developers and users with the information they |
| 10 | +need to efficiently and effectively manage their access tokens. The |
| 11 | +document is intended for individuals who may not have a background in |
| 12 | +software engineering, and provides clear and concise instructions for |
| 13 | +generating and updating tokens, along with relevant links and references. |
| 14 | + |
| 15 | +.. note:: |
| 16 | + Before proceeding, it is recommended that the reader be familiar with |
| 17 | + interacting with environment variables on their operating system |
| 18 | + (Linux, MacOS, or Windows) and have a general understanding of the |
| 19 | + importance of defining the permission scope of tokens for safety and |
| 20 | + the requirements of the relevant interface. |
| 21 | + |
| 22 | +In the following sections, we will cover the following topics: |
| 23 | + |
| 24 | +- Concepts: An overview of important concepts that the reader should be |
| 25 | + familiar with before proceeding with the rest of the document. |
| 26 | + |
| 27 | +- Generating Access Tokens: A guide to generating access tokens on Azure |
| 28 | + and GitHub. |
| 29 | + |
| 30 | +- Maintaining Access Tokens: Information on the importance of maintaining |
| 31 | + access tokens and how to update tokens on Azure and GitHub. |
| 32 | + |
| 33 | +- Conclusion: A summary of the information covered in the document and |
| 34 | + final thoughts and recommendations. |
| 35 | + |
| 36 | +- References: A list of references used in the document. |
| 37 | + |
| 38 | + |
| 39 | +Concepts |
| 40 | +######### |
| 41 | + |
| 42 | +This section provides an overview of important concepts that the reader |
| 43 | +should be familiar with before proceeding with the rest of the document. |
| 44 | + |
| 45 | +- API: An application programming interface (API) is a set of protocols, routines, and tools for building software and applications. |
| 46 | +- Access token: An access token is a string that provides temporary, secure access to an API. |
| 47 | +- Authentication: Authentication is the process of verifying a user's identity. |
| 48 | +- Authorization: Authorization is the process of granting or denying access to resources based on the user's identity and permissions. |
| 49 | +- Azure: Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. |
| 50 | +- GitHub: GitHub is a web-based hosting service for version control repositories that use the Git version control system. |
| 51 | + |
| 52 | +Problem Statement and Scope |
| 53 | +########################## |
| 54 | + |
| 55 | +Maintaining code can be difficult, especially for individuals who are |
| 56 | +not familiar with software engineering concepts and tools. This document |
| 57 | +addresses the difficulties in maintaining code and focuses on the scope |
| 58 | +of access tokens (personal and organization-based) and their importance. |
| 59 | +The document informs the audience of relevant concepts and the importance |
| 60 | +of keeping these tokens private, and details the process of setting these |
| 61 | +tokens for individuals and organizations on Azure and GitHub. |
| 62 | + |
| 63 | +Generating Access Tokens |
| 64 | +######################## |
| 65 | + |
| 66 | +In this section, we will provide step-by-step instructions for generating access tokens on Azure and GitHub. |
| 67 | + |
| 68 | +Generating Tokens on Azure |
| 69 | +^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 70 | + |
| 71 | +`<TODO>` |
| 72 | + |
| 73 | +Generating User Tokens on GitHub |
| 74 | +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 75 | + |
| 76 | +1. Navigate to `GitHub <https://github.com>`__. After this, go to step 3 if you are already signed in, otherwise, click "Sign in" at the top-right of the landing page. |
| 77 | + |
| 78 | +.. image:: graphics/github_user_token_1.jpeg |
| 79 | + |
| 80 | +2. Enter your details and click "Sign in". |
| 81 | + |
| 82 | +.. image:: graphics/github_user_token_2.jpeg |
| 83 | + |
| 84 | +.. note:: |
| 85 | + Dark mode makes you a better developer. |
| 86 | + |
| 87 | +3. Click on your profile picture at the top-right of the page to reveal a drop-down menu, select "Settings". |
| 88 | + |
| 89 | +.. image:: graphics/github_user_token_3.jpeg |
| 90 | + |
| 91 | +4. Click on "Developer settings". |
| 92 | + |
| 93 | +.. image:: graphics/github_user_token_4.jpeg |
| 94 | + |
| 95 | +5. Click on "Personal access tokens". |
| 96 | + |
| 97 | +.. image:: graphics/github_user_token_5.jpeg |
| 98 | + |
| 99 | +.. note:: |
| 100 | + Currently, we use the classic tokens. Any developer is free to use the new fine-grained tokens, which are in Beta at the time of writing the current documentation, so long as it works. That developer must just modify the documentation accordingly. |
| 101 | + |
| 102 | +6. Click on "Generate new token (classic)". |
| 103 | + |
| 104 | +.. image:: graphics/github_user_token_6.jpeg |
| 105 | + |
| 106 | +.. important:: |
| 107 | + The correct selection of the scopes is pertinent to the continued operation of the dependent systems. This may influence one to over-scope the permissions, in order to avoid having to scrutinize the required ones to save time, however over-scoping is a bad practice and should be avoided, so as to avoid any malicious attempts. See the documentation stating the required scopes from this service. |
| 108 | + |
| 109 | +7. Name your token, set an expiration time-delta, select the appropriate scopes, and finally click "Generate token". |
| 110 | + |
| 111 | +.. image:: graphics/github_user_token_7.jpeg |
| 112 | + |
| 113 | +8. Click on the copy icon provided, next to the token (or copy it yourself). |
| 114 | + |
| 115 | +.. image:: graphics/github_user_token_8.jpeg |
| 116 | + |
| 117 | +.. important:: |
| 118 | + It is important to never commit code with the token. If this is done, the token will be deactivated immediately, automatically in most cases by the relevant service. For example, if you commit a Github token to Github, it will be automatically deleted. This is a good safety feature to have, but if done with a token which multiple components in our system are dependent on, the amount of work to rectify this will be tedious and better avoided through taking mental note of this now. |
| 119 | + |
| 120 | +Generating Organization Tokens on GitHub |
| 121 | +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 122 | + |
| 123 | +`<TODO>` |
0 commit comments