gptel-gh: Change how tokens are managed

[marcus-lundgren]

Removed the file based persistent storage of the tokens, as they were stored in clear text. They will only be stored in variables.

The initial value of the github-token can now be set by providing a function that provides it. This enables this token to be securely stored outside of Emacs.

[marcus-lundgren]

@karthink - Do you have any input in how you imagine the workflow to be for this API regarding the GitHub token?

With the changes made just recently to present the login function, is it reasonable to have a workflow to perform that in order to get the token that can then be stored elsewhere?

[karthink]

@karthink - Do you have any input in how you imagine the workflow to be for this API regarding the GitHub token? With the changes made just recently to present the login function, is it reasonable to have a workflow to perform that in order to get the token that can then be stored elsewhere?

Sorry, I haven't looked at this PR yet. I also don't use Copilot so let's hear from @kiennq (the author of gptel-gh) on the proposed changes.

[marcus-lundgren]

@kiennq - A friendly reminder about this PR :)

[kiennq]

Sorry for the late reply. Can you add a default/example for github-token-init? At least it should be defaulted to the current workflow where the token is saved/restored from a file, else we're looking at reauth everytime gptel is reloaded

[marcus-lundgren]

Thanks for your reply, @kiennq!

This is what I am currently using:

(use-package gptel
  :defer t
  :config (setq
           gptel-backend (gptel-make-gh-copilot "Copilot"
                           :github-token-init (lambda () (read-passwd "Copilot token: "))))
  )

I store my token in a password manager, so I use read-passwd in order to enter it when calling gptel. I will only be prompted once per Emacs session for this, which is a very reasonable workflow for me as I rarely restart Emacs. As it takes just a function, it is trivial to make it read from a file instead.

With the current implementation in this PR, the login function is not able to persistently store the newly acquired token. The new token is only stored in a variable and I take the it from the message log, which is not an ideal scenario and hence my request for feedback earlier. Another approach could be to introduce load and save functions that can be given as parameters to gptel-make-gh-copilot. It would then allow the user to choose how it should be stored and saved.

Before making the changes in gptel itself, I used the code below as a patch to control how the token was stored. This also has the behavior of only requesting the token once. As you may notice, the logic for the chat message token was kept, but this was before me realising that that is also a thing to keep secret.

(use-package gptel
  :config
  (progn
    (defvar my/gh-token nil "Store the Copilot token for GPTel commands.")
    (defalias 'original-gptel--gh-save (symbol-function 'gptel--gh-save))
    (defalias 'original-gptel--gh-restore (symbol-function 'gptel--gh-restore))
    (defun gptel--gh-restore (file)
      (if (equal file gptel-gh-github-token-file)
          (if my/gh-token
              my/gh-token
            (progn 
              (setq my/gh-token
                    (let ((token (read-passwd "Copilot token: ")))
                      (if (string= "" token) nil token)))
              my/gh-token))
        (original-gptel--gh-restore file)))
    (defun gptel--gh-save (file obj)
      (message "New GH token: %s" obj)
      (if (equal file gptel-gh-github-token-file)
          (setq my/gh-token obj)
        (original-gptel--gh-save file obj)))))

[marcus-lundgren]

@kiennq - Any thoughts? :)

[marcus-lundgren]

@kiennq - I've now changed the implementation so that it defaults to use the file as before for the github-token.

What has been additionally added is the ability to create a custom save function for the github-token. This solves the question that I raised before, as it is now up to the one redefining the save function to decide how to handle an update.

A sample use-package snippet to override it:

(use-package gptel
  :defer t
  :config
  (defvar my/gh-token nil "Store the Copilot token for GPTel commands.")
  (setq
   gptel-gh-github-token-load (lambda ()
                                (if my/gh-token
                                    my/gh-token
                                  (progn 
                                    (setq my/gh-token
                                          (let ((token (read-passwd "Copilot token: ")))
                                            (if (string= "" token) nil token)))
                                    my/gh-token)))
   gptel-gh-github-token-save (lambda (token)
                                (setq my/gh-token token))
   gptel-backend (gptel-make-gh-copilot "Copilot"))
  )

[marcus-lundgren]

@kiennq - a friendly reminder concerning this. I think the current solution in this MR strikes a good balance between ease of use and choice of security. If you agree, then I can start working on changes to the README.

@karthink - do you have any thoughts regarding the latest proposal?

[marcus-lundgren]

@kiennq, @karthink - another reminder.

[karthink]

@marcus-lundgren just dropping a note to say this PR remains on my radar -- I just need a longer chunk of time to review it than other PRs since I'm not the author of the token management code. I'll do a general code review but I trust @kiennq's judgment on the design.

[marcus-lundgren]

@karthink - thank you for the status update! As you may have noticed, I am rebasing the branch continuously to fix any conflicts (as happened a few days ago).