<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=254662) </details> <!--IssueSummary end--> <!-- The first section "Release notes" is required if you want to have your release post blog MR auto generated. Currently in BETA, details on the **release post item generator** can be found in the handbook: https://about.gitlab.com/handbook/marketing/blog/release-posts/#release-post-item-generator and this video: https://www.youtube.com/watch?v=rfn9ebgTwKg. The next four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended in your first draft, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. --> ### Problem to solve Currently with repository mirroring, we support the use of a personal access token with basic authentication when communicating with GitHub. While they are not deprecating basic authentication support, they do include examples of using the personal access token with the `Authorization` header in their recent release about the deprecation of password usage: https://developer.github.com/changes/2020-02-14-deprecating-password-auth/ In other examples, GitHub continues to use the personal access token with basic authentication, and there are currently no signs to deprecate this, but this issue serves to offer additional support in the form of `Authorization` headers. ### Proposal We'll need to support a new `authentication method` and potentially accept a new field in the push and pull mirroring configuration for a token, then we'll need to begin using the new authentication method in addition to basic authentication. ### Links / references <!-- Label reminders - you should have one of each of the following labels if you can figure out the correct ones -->