Using Personal Access Token with Git in SAP Web IDE

Personal Access Token (PAT) is an authentication method that is becoming more and more common among different content management systems and web service providers.

Most common Git servers now offer PAT as an additional means of authentication that is more secure, more convenient, and more flexible than the standard Basic Authentication.

More secure because tokens are harder to guess, steal, or copy. A token is usually a long string of randomly generated alphanumeric characters that are virtually impossible to guess. You can also centrally revoke the tokens if you suspect that they have been compromised.

More convenient because tokens are automatically generated by the server and are automatically stored by the client application and therefore don’t require re-typing.

More flexible because unlike standard user name/password combinations, tokens are assigned an expiration date and scope by the user who generates them, thus providing additional capabilities and improved security.

The good news is that SAP Web IDE (Full-Stack) supports PAT when connecting to popular Git servers such as GitHub, BitBucket, TFS, and VSTS (the SAP Cloud Platform Git service does not support it).

Let’s have a look at how to use Personal Access Tokens with SAP Web IDE and GitHub.

• Start by creating a new token in GitHub.
• Go to your GitHub account ⇒ Settings⇒ Developer settings⇒ Personal access tokens (https://github.com/settings/tokens)
• Click Generate new token.
• Give your token a name that will help you remember what it is used for. You can create many tokens for the same GitHub account, each for a different purpose.
• Select the scope of your token. One of the benefits of tokens is that they can be assigned scopes (just like with OAuth, only simpler). Using scopes, you can control which actions the user can perform when using a specific token.

Note: Some Git servers (e.g. Microsoft TFS) let you assign an expiration date to your token for added security.

• When you’re done, click Generate token.

The new token is created and displayed. Remember to copy the token to your clipboard.

Note: This is the only time the token will be displayed. You will not be able to see the actual token the next time you access GitHub. You will be able to see metatdata about the token, such as its name and creation date, but not the token itself. This is one of the reasons why this method is secure.

• Switch to SAP Web IDE and start working with your GitHub repository.
• When the authentication dialog appears select Use Token Authentication.
• Enter your GitHub user name or email in the User Name field.
• Paste the token from the clipboard into the Token field.

When you click OK, SAP Web IDE securely stores the token and will automatically use it in future GitHub operations until it expires or is revoked. Essentially, from this point on you will not need to authenticate when working with GitHub until the token is revoked or regenerated.

I hope this post made it clear why Personal Access Tokens are better than Basic Authentication when working with Git in SAP Web IDE.

I invite you to start using them in your development workflow.