Feature request to support GitHub app-based authentication for copilot requests

[praveenkuttappan]

Problem Statement

GitHub Agentic Workflows currently require a fine‑grained Personal Access Token (PAT) with the copilot requests permission in order to run the Copilot CLI.
We maintain multiple repositories across our projects and would like to adopt GitHub Agentic Workflows broadly for various use cases. However, relying on PAT‑based authentication introduces operational challenges:

PATs must be created, rotated, and managed manually
Tokens need to be updated across multiple repositories
This does not scale well and increases maintenance overhead

Current Workaround

As part of a proof of concept, we implemented a workaround where:

The PAT is stored securely in Azure Key Vault
A GitHub Agent Workflow runner step retrieves the token from Key Vault
The token is then injected into the repository as a secret using the gh aw CLI

While functional, this approach adds complexity and is not ideal for long‑term or large‑scale usage.

Feature Request

Support for GitHub App–based authentication in GitHub Agentic Workflows would significantly simplify adoption. GitHub Apps provide:

Centralized and scalable authentication
Easier permission management
Reduced operational burden compared to PATs

Enabling GitHub App–based auth would make GitHub Agentic Workflows easier to consume and manage across multiple repositories and organizations.

[pelikhan]

This should do it https://github.github.com/gh-aw/reference/auth/#using-a-github-app-for-authentication

[praveenkuttappan]

@pelikhan I am referring Authenticating Your Coding Agent (AI Engine)
for which the document still says PAT is required. Document that you linked above says:

This does not apply to COPILOT_GITHUB_TOKEN, which must currently be a PAT. A single GitHub App can be used for all other GitHub authentication needs in GitHub Agentic Workflows, including tool authentication and safe outputs.