GitHub token validation regular expressions.

README.md

GitHub token validation regular expressions

Regular expressions to check if a given GitHub token could be valid.

• Personal access tokens (classic)
• Fine-grained personal access tokens
• GitHub Actions
• Combined together

Personal access tokens (classic)

Classic personal access tokens are 40 characters in length, with a prefix of ghp_:

^ghp_[a-zA-Z0-9]{36}$

Fine-grained personal access tokens

Fine-grained personal access tokens (currently in beta) are 93 characters in length, with a prefix of github_pat_:

^github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}$

GitHub Actions

Temporal tokens generated by GitHub Actions are 40 characters in length, with a prefix of ghs_:

^ghs_[a-zA-Z0-9]{36}$

Combined together

^(gh[ps]_[a-zA-Z0-9]{36}|github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59})$

Related

• https://github.blog/changelog/2021-03-31-authentication-token-format-updates-are-generally-available/

Thanks, bro! Just used this in my code to validate user input. I linked back to you ofc.

Thanks @BrycensRanch - and appreciate the comment, as I've just noted this is a little out of date with the new "fine grained" personal access token format. Have updated the regular expressions.

Thanks! I noticed the regex didn't work so I disabled it. But now I can reenable it. Thanks, bro! I should learn Regex soon so I can give back to the community like you have.

EDIT: It works perfectly, thanks man!

Thanks for reporting back @BrycensRanch - so much better Gists now email me when people comment 😄. I used to get lots of good feedback and could never reply and/or review the state of these things.

Thanks for rechecking these as well. 👍

Yeah, its really intuitive! I remember someone else commented on one of my Gists and I responded a month later because I wasn't given any notification about their feedback ( this was on a another GitHub account) On Wed, Nov 23, 2022 at 5:35 PM Peter Mescalchin ***@***.***> ***@***.*** commented on this gist.Thanks for reporting back @BrycensRanch - so much better Gists now email me when people comment 😄. I used to get lots of good feedback and could never reply and/or review the state of these things.Thanks for rechecking these as well. 👍—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you were mentioned.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

@magnetikonline Thank you!

I have made a slight improvement to your expression for use on GitHub Actions:

^(gh[pousr]_[A-Za-z0-9_]{36,251}|github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}|v[0-9]\.[0-9a-f]{40})$

This regular expression works well in my GitHub Actions environment.

Please refer to GitHub's changelog for more information.

Thanks @acevif - added that changelog link. So many token formats 😄

Temporal tokens generated by GitHub Actions now adhere to the following format:

^ghs_[A-Za-z0-9_]{36,251}$

@magnetikonline, would you kindly consider updating this gist? Thank you!

Thanks for calling that out @acevif - have confirmed myself and you're correct. 👍

@magnetikonline Thank you very much!