Is it possible to create an access token using GitHub api for a service account with 2FA enabled without access to UI?

Question

I have a service account that I need to use to access GitHub.
This service account has two-factor authentication enabled.

I do not have access to the UI.
I do have the password for that service account.

I need to create a personal access token and to accept transfer of a GitHub app to this service account.
Is this possible using the GitHub API v4?

Answer 1

There is a feature request pending using the official GitHub CLI gh

Create/Revoke Personal Access Tokens #2531

Proposed solution

Calling gh token create will create a new token and output the token value Calling gh token revoke will revoke the token passed in

But there is no obvious existing API to create/revoke a PAT, only SSH keys, which could be a workaround, if you can use SSH URLS: the PAT is only needed for HTTPS URLs.

However, for checking an OAuth App token, you do need indeed a token.

---

In Apr. 2023, Shahriar Heidrich adds:

For anyone who doesn't want to wait until this gets an official API and implementation, here is a 3rd party CLI tool and Python library to create, list and delete fine-grained tokens (which are a bit different from classic personal access tokens, but if anyone wants, I can probably write a similar thing for the classic ones...):

https://smheidrich.gitlab.io/github-fine-grained-token-client/

This is achieved by simulating the requests that would be triggered by a user clicking through the web interface.
Obviously, this approach can't be very stable because the web interface is subject to change without warning, so I'd strongly recommend against using this for anything critical. Intended usage is to just run this locally to make creating tokens less annoying, a bit faster and scriptable.