Is it possible to configure DecapCMS to let the user provide it with a GitHub API token and have it talk to GitHub API directly? (without a server-side auth proxy intermediary like NetLify and proper authentication flow)

This is certainly possible technically, I've implemented my own proof-of-concept at some point. In my PoC, the user can explicitly cache the token in browser's localStorage or cookies. And then sign-out (clear the cache) when they want.

For many cases, this should be sufficient (especially with new GitHub tokens allowing repo-level access) and should make DecapCMS ideal for small GitHub-powered blogs/sites with only a handful of editors (or maybe even a single editor) which are hosted as GitHub repos and built/served via GitHub Pages. GitHub allows issuing several repo-level tokens, and also allow revoking them. This is okay access control solution for personal blogs or small NGO websites. The benefit is not needing to set-up and manage a separate service (like NetLify) just for handling GitHub auth flow

Previous discussion:

• Is it possible for Netlify CMS to simply authenticate directly with GitHub? #663
• Backend-less operation: letting the user enter username and token and talk to API with them #7466