This Python script checks all or selected orgs that you have access to for classic PATs with SAML authorization in them and generates a JSON report with such tokens sorted by org. It does not include fine-grained tokens. There is a separate API endpoint and UI for those.
- Python 3
requests
library (install withpip install requests
)
-
Create a classic GitHub personal access token with
read:org
scope and SAML authorize it to orgs that you want to check. -
Run the script with the following command:
export GITHUB_PAT_SAML_AUTHS_REPORT_TOKEN="<your token>"
# Get classic PATs with SAML authorization from all orgs that the token can access
python3 github-pat-saml-auths-report.py
# OR
# Check specific org(s)
python3 github-pat-saml-auths-report.py -o org1 org2 org3
# OPTIONAL, get only classic PATs with SAML authorization in org2 from report
cat github_orgs_saml_auths_YYYY-MM-DD_HH-MM-SS.json | jq '.org2'
-o
or--orgs
: List of GitHub organizations to check. If not specified, all organizations that the token can access will be checked.-j
or--json
: Filename for JSON report. Default:github_orgs_saml_auths_YYYY-MM-DD_HH-MM-SS.json
GITHUB_PAT_SAML_AUTHS_REPORT_TOKEN
: GitHub personal access token withread:org
scope