GitHub introduced OAuth2 tokens in its API starting with version 3, offering benefits such as revocable access and limited permissions compared to traditional username and password authentication. These tokens can be revoked at any time from a user's settings and are created with specific scopes as determined by user permissions. Historically, deploy keys have been used for deployment scripts and continuous integration services needing access to private repositories, but these have not been compatible with HTTP transport. Now, GitHub extends OAuth benefits to its HTTP transport stack for Git operations, allowing users to substitute their GitHub username with an OAuth token when cloning repositories over HTTPS. While this streamlines operations and reduces friction, users should treat tokens as sensitive as passwords since including them in clone URLs can result in them being stored in plain text within configuration files. To mitigate this, GitHub suggests using full Git URLs for push and pull operations to avoid writing tokens to disk. This enhancement provides more flexibility and security for accessing repositories, as OAuth tokens apply to any repository the user can access, unlike deploy keys.