Feature request to support GitHub app-based authentication for copilot requests #18379
Description
Problem Statement
GitHub Agentic Workflows currently require a fine‑grained Personal Access Token (PAT) with the copilot requests permission in order to run the Copilot CLI.
We maintain multiple repositories across our projects and would like to adopt GitHub Agentic Workflows broadly for various use cases. However, relying on PAT‑based authentication introduces operational challenges:
PATs must be created, rotated, and managed manually
Tokens need to be updated across multiple repositories
This does not scale well and increases maintenance overhead
Current Workaround
As part of a proof of concept, we implemented a workaround where:
The PAT is stored securely in Azure Key Vault
A GitHub Agent Workflow runner step retrieves the token from Key Vault
The token is then injected into the repository as a secret using the gh aw CLI
While functional, this approach adds complexity and is not ideal for long‑term or large‑scale usage.
Feature Request
Support for GitHub App–based authentication in GitHub Agentic Workflows would significantly simplify adoption. GitHub Apps provide:
Centralized and scalable authentication
Easier permission management
Reduced operational burden compared to PATs
Enabling GitHub App–based auth would make GitHub Agentic Workflows easier to consume and manage across multiple repositories and organizations.