To my understanding currently the github-branch-source plugins always requires GitHub user credentials / tokens to authenticate.
I'd suggest to add authenticating Jenkins to GitHub as a GitHub App too.
Why is this better than the current way:
- GitHub Apps can be granted very fine grained permissions
- GitHub Apps can be added either to a whole org, or just to selected repos
- The app uses a key pair to then get temporary credentials, so leaked creds to user are only valid for a short period of time
- Higher API limits! (probably the most important one for bigger orgs)
This is specifically NOT about authenticating users against GitHub, but for Authenticating Jenkins itself against GitHub