"M Hickford via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > `password`:: > > - The credential's password, if we are asking it to be stored. > + The credential's password, if we are asking it to be stored. If the > + host is a software forge, this could also be a personal access > + token or OAuth access token. Is this limited to software forge hosts? Also, I wonder if the specific "it can be access token and not password" is something worth adding. If there were a service styled after the good-old "anonymous ftp", it would expect the constant string 'anonymous' as the "username", and would expect to see your identity (e.g. 'mirth.hickford@xxxxxxxxx') as the "password". The point is that it does not matter what it is called on the end-user's side, be it a password or access token or whatever. It is what the other end that provides the service wants to see after you claimed who you are by providing "username", usually (but not necessarily) in order to prove your claim. So, I dunno.