After beating my head on various combination of wget flags involving either:
--post-data
; or--user=
with and without--pasword=
as well as vice versa; or--header="Authorization: token <token>"
I looked back at the documentation and found that there are alternative endpoints in releases API. Looks like firstly I just cannot use the Authorization
header with the server that hosts tarballs and secondly curl (or github front-end, based on the agent string) seem to be doing a different thing with <token>@github.com
vs wget's --user=<token>
, and it's not the most pleasant thing to figure out.
So what works is this:
wget \
--header='Authorization: token <token>' \
https://api.github.com/repos/<org|user>/<repo>/tarball/<ref>