First I did this:
Regenerated token on GitHub
Replaced API Token in core.config_entries
Restarted HA
That didn’t work! HACS failed to start and threw errors in the log.
I reverted to my snapshot - still no HACS (obviously because I’d regen’d the token!)
I then,
Deleted HACS integration
Immediately re-added it - it provided a key to enter into linked page (I assume this is OATH)
Entered the HACS provided key into the linked page and it completed OK
HACs now showed with all my integrations and cards intact. everything appeared to be OK
However, I noted that to be able to take a snapshot after re-installing HACS I had to restart HA as it said the system was in “freeze state”
Now everything appears to good.
On GitHub “New personal access token” page there is a field at the top of the page named “Note”. This field cannot be left blank, but I haven’t found any guidelines on what to type into this field ??
Next, there is a ling list of Scope settings. Which of those should I tick off, and why?
For the record: I just had to remove and readd it without restarting. When I readded it, it went through the OAuth setup - no more token. So, I just deleted the old token.
“Note” is the name for your token. All checkboxes can be left blank for HACS. Visit HACS guide to installation and configuration.
But, if you remove and reinstall HACS from integrations page, your won’ t need any token
Then why do we get an email from GitHub telling us to renew the token, if we don’t need a token?? And what kind of inside information do you have, that nobody else has ?
And who, in their right mind - would dare remove (delete) HACS integration and reinstall it, hoping for the best - that 4 years of custom integrations won’t just vanish - along with equally many Lovelace cards with dependencies to these HACS custom integrations?? My experience with HA is that if you “loose” a device, and simply re-attach it, it often shows up with an underscore_2 added to the name, which brakes all automation YAML and screws up all entity references etc.
Cause Github ar deprecating the old tokens and shocker I know but lots of API calls to Gihub requir a token - it’s not a HACS thing and HACS can use oAuth instead now for API requests.
Probably anyone with th slightest understanding of what they are doing and how it lol fits together.
Can happen for some things but not this and these days it’s simple to rename entities anyway.
Because Github doesn’t know, that HACS in the meantime changed from PAT (PersonalAccessToken) to OAuth as verification method. Github tells you, what they know, to renew the token, because Github changed their token structure.
Everybody who knows how HA works. Because deleting an integration doesn’t change the files. So no need to worry, just ask, if you don’t know/get how things work together. As long as you don’t restart, you are good to go in this case.
I’m curious what are the advantages of switching from a Github PAT to a Github OAuth for HACS? What do I need to specify for “Authorization callback URL” on Github’s Register OAuth application webpage?
Do I just delete the HACS Integration with PAT authentication, then add it back… then, everything will be self-explanatory to setup OAuth for HACS in the Integration?
Uhm… Maybe a stupid question, but how do I remove the HACS integration? At least on my integrations page, the HACS integration doesn’t offer to be removed:
Has the github taken been deprecated by HACs?
I just removed both HACs integration and also deleted the token inside the github account.
Now I readded HACs, and simply had to allow hacs access to my github account.
But I was never asked for the token again. Why? How can I tell everything works correct, and hacs does not try to use the old, now non-existing token?
/edit: ok I see hacs is now a registered OAuth application. So probably the token is not required anymore?
HACS uses OAuth now instead of tokens for new users. There is no need to renew your old token.
I can confirm the following works
Remove HACS as integration. This will not remove any of the custom integrations you have added
I did restart HA - not sure it was needed
Re-install HACS like it is described on the HACS website. Part of the installation is to confirm the linking to Github.
On Github you can remove the old token. It is not needed any longer and can later potentially become a vulnerability.
Because deleting an integration doesn’t change the files. So no need to worry, just ask, if you don’t know/get how things work together. 
As long as you don’t restart, you are good to go in this case.
