This should be taken care of when Pagure (and thus fedpkg) moves to OpenID Connect for the Pagure API.

@puiterwijk With that Pagure token to create issues under releng/fedora-scm-requests, how does Pagure know an issue's reporter? For now, by using packager's own Pagure token, each created issue has the Reporter show the requester's name.

I'd like to suggest an interim solution #3 :-). (I chose fedpkg fork, but it equally applies to fedpkg request-repo.) Currently, fedpkg fork just tells the user that the token has expired and that the user should refer to fedpkg fork -h to set a new token (bad, requires another user interaction). Then fedpkg fork -h tells the user again, as some URL was already included in the API response, which URL a new token can be obtained from (good, as it can be clicked in a GUI terminal) and which file and how to put it in (bad, requires copying & pasting the filename to the editor, copying & pasting the token to the file and then hoping that the syntax was not garbled).

I'd prefer to:

• remove the "Before the operation […]" sections from the help texts as it only applies to the first usage where traditonally the user will not have read a manual anyway,
• if authentification fails due to a missing, invalid and/or expired token, then do not output any API error, but only "(You need an API token|Your API token is invalid|Your API token is expired). You can get an API token at $URL and set it with fedpkg set-api-token $TOKEN.", and
• have a command fedpkg set-api-token $TOKEN that puts $TOKEN at exactly the place where fedpkg expects it to read it from.

Thus, if a token is missing/invalid/expired, the users needs to click one link and execute one command, similar to the one he was already executing.

Hi, thanks for the suggestion. I think it needs additional analysis of what is possible. I will start from the end :).
Token generated in Pagure is placed into the config file. This is usually placed in /etc/rpkg/... and root permission is needed. I would rather avoid modifying this file from fedpkg itself.
Pagure might be able to provide some API to generate tokens and presenting them to the user for example on the command-line, but this operation would require authentication or token - currently missing or expired. But I haven't verified it now and hopefully, I am not telling here some false assumptions (correct me if I am wrong).
The functionality you suggest sounds tempting, but I am afraid it is not possible to fully implement it :-/. Some smaller changes are possible I think.

I don't run fedpkg as root and neither store tokens underneath /etc/rpkg/… :-). I follow the instructions at fedpkg fork -h:

Before the operation, you need to generate an API token at
https://src.fedoraproject.org/settings/token/new, select the relevant ACL(s)
and save it in your local user configuration located
at ~/.config/rpkg/fedpkg.conf. For example:

    [fedpkg.distgit]
    token = <api_key_here>

https://pagure.io/fedpkg/pull-request/444
subsequent functionality is covered in: https://pagure.io/fedpkg/issue/445

Commit 92400b5 fixes this issue

Commit 930ebd2 relates to this ticket