When it’s too much of a token

Github actions sometimes is just odd. If you try to make your API calls works without a personal access token, you’ll find yourself at a crazy landscape of ‘application tokens’.

You need a private key for JWT token you issue by yourself. This is ‘token #1’.

You need to use JWT token to make Bearer token. This is ‘token #2’.

Then you can use Bearer token to issue ‘a token’, which is called ‘access token’. This is ‘token #3’.

Then, if you want to register a self-hosted runner you need to issue a registration token using the ‘access token’ (token #4)

And then you use an issued registration token to register the runner. Which issues some internal token to use for connection. (token #5)

What a long chain of tokens…