The point of this plugin is to solve a single problem: that doBuild and the like in classes like AbstractProject will not even be called if the request does not provide authentication with at least read access to the project. As far as I am aware these methods in Jenkins core do not provide any access to POST payloads, so this plugin does not either.
If you are looking to have builds triggered by GitHub webhooks then you simply use the GitHub plugin, which provides a special trigger for this purpose, and which parses the POST body to determine how to trigger the build (specifying a Git commit to check out, for example). In that case there is no need for Build Token Root, because the webhook is purely advisory: the Jenkins receiver GitHubWebHook is already an UnprotectedRootAction accepting anonymous POSTs, and if it receives a notification it cross-checks against the actual repository by merely scheduling polling of the project, not directly adding a build to the queue.
New Feature
Major
The point of this plugin is to solve a single problem: that doBuild and the like in classes like AbstractProject will not even be called if the request does not provide authentication with at least read access to the project. As far as I am aware these methods in Jenkins core do not provide any access to POST payloads, so this plugin does not either.
If you are looking to have builds triggered by GitHub webhooks then you simply use the GitHub plugin, which provides a special trigger for this purpose, and which parses the POST body to determine how to trigger the build (specifying a Git commit to check out, for example). In that case there is no need for Build Token Root, because the webhook is purely advisory: the Jenkins receiver GitHubWebHook is already an UnprotectedRootAction accepting anonymous POSTs, and if it receives a notification it cross-checks against the actual repository by merely scheduling polling of the project, not directly adding a build to the queue.