`@octokit/auth-token` is the simplest of [GitHub’s authentication strategies](https://github.com/octokit/auth.js).
It is useful if you want to support multiple authentication strategies, as it’s API is compatible with its sibling packages for [basic](https://github.com/octokit/auth-basic.js), [GitHub App](https://github.com/octokit/auth-app.js) and [OAuth app](https://github.com/octokit/auth.js) authentication.
- [`auth.hook(request, route, options)` or `auth.hook(request, options)`](#authhookrequest-route-options-or-authhookrequest-options)
- [Find more information](#find-more-information)
- [Find out what scopes are enabled for oauth tokens](#find-out-what-scopes-are-enabled-for-oauth-tokens)
- [Find out if token is a personal access token or if it belongs to an OAuth app](#find-out-if-token-is-a-personal-access-token-or-if-it-belongs-to-an-oauth-app)
- [Find out what permissions are enabled for a repository](#find-out-what-permissions-are-enabled-for-a-repository)
- [Use token for git operations](#use-token-for-git-operations)
The `auth()` method has no options. It returns a promise which resolves with the the authentication object.
## Authentication object
<tablewidth="100%">
<theadalign=left>
<tr>
<thwidth=150>
name
</th>
<thwidth=70>
type
</th>
<th>
description
</th>
</tr>
</thead>
<tbodyalign=leftvalign=top>
<tr>
<th>
<code>type</code>
</th>
<th>
<code>string</code>
</th>
<td>
<code>"token"</code>
</td>
</tr>
<tr>
<th>
<code>token</code>
</th>
<th>
<code>string</code>
</th>
<td>
The provided token.
</td>
</tr>
<tr>
<th>
<code>tokenType</code>
</th>
<th>
<code>string</code>
</th>
<td>
Can be either <code>"oauth"</code> for personal access tokens and OAuth tokens, or <code>"installation"</code> for installation access tokens (includes <code>GITHUB_TOKEN</code> provided to GitHub Actions)
`auth.hook()` hooks directly into the request life cycle. It authenticates the request using the provided token.
The `request` option is an instance of [`@octokit/request`](https://github.com/octokit/request.js#readme). The `route`/`options` parameters are the same as for the [`request()` method](https://github.com/octokit/request.js#request).
`auth.hook()` can be called directly to send an authenticated request
```js
const { data: authorizations } = await auth.hook(
request,
"GET /authorizations"
);
```
Or it can be passed as option to [`request()`](https://github.com/octokit/request.js#request).
Both OAuth and installation access tokens can be used for git operations. However, when using with an installation, [the token must be prefixed with `x-access-token`](https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#http-based-git-access-by-an-installation).
This example is using the [`execa`](https://github.com/sindresorhus/execa) package to run a `git push` command.