GitHub logins using deprecated authentication API?

I just received the following email from GitHub:

Hi @ctrueden,

On February 4th, 2020 at 06:50 (UTC) your application (forum.image.sc) used an access token (with the User-Agent Faraday v1.0.0) as part of a query parameter to access an endpoint through the GitHub API:

https://api.github.com/user

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.

Depending on your API usage, we’ll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit Deprecated APIs and authentication | GitHub Developer Guide for more information.

Thanks,
The GitHub Team

Is this something that needs to be changed in my forum’s configuration? Or is an update to the Discourse code needed? Or is something else going on here?

13 Likes

Thanks for sharing the email Curtis. I’ll take a look into this - it looks like we will need some updates on our end.

17 Likes

Just a “me too” post. I got the same email from GitHub.

3 Likes

FYI, we’re tracking this PR in the authentication library which Discourse uses. As soon as that’s merged, we can update:

(If it takes too long, we’ll implement ourselves)

Edit: And now, waiting for

17 Likes

Thanks! I see it’s merged upstream waiting for the next step. Should we expect an out-of-cadence beta release of Discourse¹ for this, or just watch for an update that addresses this and do an out-of-cadence site update?

¹ Argh, I was just having a conversation on a Discourse forum about Discord with someone, and crossed neurons as a result…

1 Like

:discourse:

We’ll be updating tests-passed as normal. Given it should be a simple change, we can also backport it to beta/stable so that people can avoid the constant deprecation emails. Keep an eye on this topic to know when the update is available.

13 Likes

If the release does not happen soon enough, it may be applicable to pin that specific ref for omniauth-github in the Gemfile, suggested here.

gem 'omniauth-github', git: 'https://github.com/omniauth/omniauth-github.git', ref: '967d769'

There also was a README update commit which suggests to use git master.

We are working on it and have specific plans for both eventualities.

5 Likes

This should now be resolved on tests-passed, beta and stable. We’ll be rolling out the change on our hosting in the next few days

11 Likes

This topic was automatically closed after 32 hours. New replies are no longer allowed.