Microsoft MakeCode

MakeCode vs GitHub tokens

I see there’s a way to access GitHub repositories for both read and write from the MakeCode editor and this involves GitHub’s personal access token feature. The text in the editor suggests repo or public_repo, both being “full access” scopes.

Where are these tokens stored and where are they trasmitted when they are used on https://arcade.makecode.com/ for example?

It’s stored in local storage (implementation in pxt) in the browser, then used in the request url to GitHub. It’s queried from local storage here. The token is also used to identify which elements to show in a few react components (for example, whether to show the github extension option when importing a file).

If you want to look into it a bit more, here’s the place where the core GitHub interactions are defined: https://github.com/microsoft/pxt/blob/master/pxtlib/github.ts you can pull down the repo and start looking there to see how things are implemented / used exactly.

Also, here’s the documentation for github extensions for anyone curious https://makecode.com/extensions/github-authoring

1 Like

In particular the token is only stored in the browser and sent only to github.com not makecode.com.

2 Likes