HTTPS authentication with GitHub will require a Personal Accesss Token

[jdblischak]

https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/

It's unclear to me what the best course of action is. Some thoughts:

• We already use the OAuth flow to authenticate with the GitHub API with wflow_use_github() when creating a new GitHub repository. But this is a one-time operation, and the token is purposefully immediately discarded (so that there is no security leak). If we update wflow_git_push()/wflow_git_pull() to use the OAuth flow, this would get tedious. And for security reasons, I don't really want workflowr to venture into managing tokens.

• git2r has a work-in-progress PR WIP: Use the credentials package ropensci/git2r#422 to use the credentials package. This would enable git2r to access the same PAT used by command-line Git. This would be convenient, but we'd still need a way for users to create the PAT in the first place. Many workflowr users are first-time Git users, so we can't assume they already have a PAT available. The usethis package has an entire vignette on GitHub authentication. Their current instructions are 1) create a PAT with usethis::create_github_token() (unfortunately this is a manual step, it only opens the browser to the page), 2) save the PAT to the Git credentials store with gitcreds::gitcreds_set(). I wish this could be more automated, but I'm not sure if that is possible (or advisable).