From 2c796a099051e71e5b3a0284ef4c78b31289a2b4 Mon Sep 17 00:00:00 2001
From: Garot Conklin <gmconklin@gmail.com>
Date: Fri, 10 Oct 2025 15:53:21 -0400
Subject: [PATCH 1/2] fix: Add support for GitHub organization tokens (gho_)

- Add gho_ token validation in _validate_token function
- Update documentation to mention organization token support
- Add test case for organization token validation
- Bump version to 2.0.1
---
 README.md                    | 4 ++--
 githubauthlib/__init__.py    | 2 +-
 githubauthlib/github_auth.py | 3 +++
 setup.py                     | 2 +-
 tests/test_github_auth.py    | 8 ++++++++
 5 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index b999e2c..bb1b83f 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ A Python library for securely retrieving GitHub tokens from system keychains acr
 - Secure token retrieval with validation
 - Comprehensive exception hierarchy for precise error handling
 - Structured logging support
-- Token format validation (supports both personal and fine-grained tokens)
+- Token format validation (supports personal, organization, and fine-grained tokens)
 - Robust credential parsing and sanitization
 
 ## Prerequisites
@@ -166,7 +166,7 @@ except GitHubAuthError as e:
    - Handle `PlatformNotSupportedError` exception
 
 4. **Invalid Token Format**
-   - Verify token starts with `ghp_` or `github_pat_`
+   - Verify token starts with `ghp_` (personal), `gho_` (organization), or `github_pat_` (fine-grained)
    - Handle `InvalidTokenError` exception
 
 ## Contributing
diff --git a/githubauthlib/__init__.py b/githubauthlib/__init__.py
index 04b1b36..a930d3f 100644
--- a/githubauthlib/__init__.py
+++ b/githubauthlib/__init__.py
@@ -14,7 +14,7 @@
     get_github_token,
 )
 
-__version__ = "2.0.0"
+__version__ = "2.0.1"
 __author__ = "garotm"
 __license__ = "MIT"
 
diff --git a/githubauthlib/github_auth.py b/githubauthlib/github_auth.py
index 6c99d65..7fec8bb 100644
--- a/githubauthlib/github_auth.py
+++ b/githubauthlib/github_auth.py
@@ -58,10 +58,13 @@ def _validate_token(token: str) -> bool:
         return False
 
     # GitHub personal access tokens start with 'ghp_' and are 40 characters long
+    # GitHub organization tokens start with 'gho_' and are 40 characters long
     # GitHub fine-grained tokens start with 'github_pat_' and are longer
     # Allow for some flexibility in token length for testing
     if token.startswith("ghp_") and len(token) >= 40:
         return True
+    elif token.startswith("gho_") and len(token) >= 40:
+        return True
     elif token.startswith("github_pat_") and len(token) > 40:
         return True
 
diff --git a/setup.py b/setup.py
index 2bd067e..04178b9 100644
--- a/setup.py
+++ b/setup.py
@@ -8,7 +8,7 @@
 
 setup(
     name="githubauthlib",
-    version="2.0.0",
+    version="2.0.1",
     description='A library for authenticating with GitHub across different operating systems',
     long_description=long_description,
     long_description_content_type='text/markdown',
diff --git a/tests/test_github_auth.py b/tests/test_github_auth.py
index c533bf9..c24417d 100644
--- a/tests/test_github_auth.py
+++ b/tests/test_github_auth.py
@@ -221,6 +221,14 @@ def test_validate_token_fine_grained(self):
         )
         self.assertTrue(_validate_token(fine_grained_token))
 
+    def test_validate_token_organization(self):
+        """Test token validation with organization token."""
+        from githubauthlib.github_auth import _validate_token
+
+        # Test organization token
+        org_token = "gho_1234567890abcdef1234567890abcdef123456"
+        self.assertTrue(_validate_token(org_token))
+
     @patch("platform.system")
     @patch("subprocess.check_output")
     def test_linux_libsecret_empty_output(self, mock_subprocess, mock_platform):

From 72d1396738f6bc5dbfb138ac2ca508270311dcc4 Mon Sep 17 00:00:00 2001
From: Garot Conklin <gmconklin@gmail.com>
Date: Fri, 10 Oct 2025 16:03:46 -0400
Subject: [PATCH 2/2] fix: Combine ghp_ and gho_ token validation to resolve
 SonarCloud duplicate code warning

- Merge identical return True statements for ghp_ and gho_ tokens
- Both token types use same length validation (>= 40)
- Resolves SonarCloud code duplication warning
---
 githubauthlib/github_auth.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/githubauthlib/github_auth.py b/githubauthlib/github_auth.py
index 7fec8bb..23eee7d 100644
--- a/githubauthlib/github_auth.py
+++ b/githubauthlib/github_auth.py
@@ -61,9 +61,7 @@ def _validate_token(token: str) -> bool:
     # GitHub organization tokens start with 'gho_' and are 40 characters long
     # GitHub fine-grained tokens start with 'github_pat_' and are longer
     # Allow for some flexibility in token length for testing
-    if token.startswith("ghp_") and len(token) >= 40:
-        return True
-    elif token.startswith("gho_") and len(token) >= 40:
+    if (token.startswith("ghp_") or token.startswith("gho_")) and len(token) >= 40:
         return True
     elif token.startswith("github_pat_") and len(token) > 40:
         return True