The organization forbids access via a personal access tokens (classic) if the token's lifetime is greater than 30 days.

[sonnykt]

Recently, composer install gets stuck at downloading the govcms/* packages even with a valid Github token:

Package operations: 265 installs, 0 updates, 0 removals
  - Downloading govcms/govcms (dev-3.x-master d9d1fa5)
  - Downloading spaze/phpstan-disallowed-calls (v4.6.0)
  - Downloading govcms/scaffold-tooling (dev-10.x-master 2223dc4)
 0/3 [>---------------------------]   0%
Could not fetch https://api.github.com/repos/govcms/govcms/zipball/d9d1fa55c2423250eab62bf482955d4100987a9d, please review your configured GitHub OAuth token or enter a new one to access private repos

  - Downloading govcms/scaffold-tooling (dev-10.x-master 2223dc4)
  0/10 [>---------------------------]   0%
Could not fetch https://api.github.com/repos/govCMS/scaffold-tooling/zipball/2223dc417760ae1745f35fe82983cc3a8e14a0ef, please review your configured GitHub OAuth token or enter a new one to access private repos

After some debugging, composer install -vvv reveals an odd 403 error:

 - Downloading govcms/scaffold-tooling (dev-10.x-master 2223dc4)
Downloading https://api.github.com/repos/govCMS/scaffold-tooling/zipball/2223dc417760ae1745f35fe82983cc3a8e14a0ef
[403] https://api.github.com/repos/govCMS/scaffold-tooling/zipball/2223dc417760ae1745f35fe82983cc3a8e14a0ef
Executing command (CWD): 'git' 'config' 'github.accesstoken

then

$ curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.c/
om/repos/govCMS/scaffold-tooling/zipball/2223dc417760ae1745f35fe82983cc3a8e14a0ef
{
  "message": "The 'govCMS' organization forbids access via a personal access tokens (classic) if the token's lifetime is greater than 30 days. Please adjust your token's lifetime at the following URL: https://github.com/settings/tokens/2251605777",
  "documentation_url": "https://docs.github.com/rest/repos/contents#download-a-repository-archive-zip",
  "status": "403"
}

It seems that the 30-day limit was recently set as I could use my 60 day classic token a couple of months ago. Also, I got the error because I am a member of the organisation hence the limit applies to my token.

Github users outside of govcms org doesn't get the same restriction. I could confirm when using a 60-day token from a newly created Github account, the issue doesn't occur.