As we announced previously, the format of GitHub authentication tokens has changed. The following token types are affected:
- Personal Access Tokens
- OAuth Access Tokens
- GitHub App User-to-Server Tokens
- GitHub App Server-to-Server Tokens
- Refresh Tokens
If you use any of these tokens, we encourage you to reset them now. This will give you additional security benefits and allow Secret Scanning to detect the tokens.
Notably, the token formats now include the following updates:
- The character set changed from
[a-f0-9]
to[A-Za-z0-9_]
- The format now includes a prefix for each token type:
ghp_
for Personal Access Tokensgho_
for OAuth Access tokensghu_
for GitHub App user-to-server tokensghs_
for GitHub App server-to-server tokensghr_
for GitHub App refresh tokens
The length of our tokens is remaining the same for now. However, GitHub tokens will likely increase in length in future updates, so integrators should plan to support tokens up to 255 characters after June 1, 2021.