How to use github oAuth token with Git plug-in Jenkins

Check first if you have the github-oauth Jenkins plugin installed, as described in "Use the Jenkins OAuth plug-in to securely pull from GitHub", from Walker Rowe.

That would allow to register your Jenkins server as an application which can then access GitHub resources:

Stick with the "Username with Password" credential type, created with a token (usually a Personal Access Token) in place of the password.

The GitHub docs you linked to mention this type of use case specifically:

curl -u username:token https://api.github.com/user

This approach is useful if your tools only support Basic Authentication but you want to take advantage of OAuth access token security features.

The Git Plugin doesn't accept a SecretText credential because it wouldn't know what to do with it. While it isn't limited to Basic Auth only (it supports SSH, after all), it doesn't know what to do with just an OAuth token.

Fortunately, GitHub has provided a work around for this exact type of use case, by allowing you to pass a token (virtually) anywhere you would otherwise use a password.

Using this method allows you to take advantage of the security features of tokens, such as per-token scopes, without having to retro-fit your existing tooling.

Another approach is to take advantage of the GitHub App authentication support

It is released in April 2020 with GitHub Branch Source 2.7.0-beta1 which is available in the Jenkins experimental update center.

Why authenticate as a GitHub app?

• Larger rate limits - The rate limit for a GitHub app scales with your organization size, whereas a user based token has a limit of 5000 regardless of how many repositories you have.
• User-independent authentication - Each GitHub app has its own user-independent authentication.
  No more need for 'bot' users or figuring out who should be the owner of 2FA or OAuth tokens.
• Improved security and tighter permissions - GitHub Apps offer much finer-grained permissions compared to a service user and its personal access tokens.
  This lets the Jenkins GitHub app require a much smaller set of privileges to run properly.
• Access to GitHub Checks API - GitHub Apps can access the the GitHub Checks API to create check runs and check suites from Jenkins jobs and provide detailed feedback on commits as well as code annotation

And:

In addition to usage of GitHub App authentication for Multi-Branch Pipeline, you can also use app authentication directly in your Pipelines.

You can access the Bearer token for the GitHub API by just loading a 'Username/Password' credential as usual, the plugin will handle authenticating with GitHub in the background.