GitHub logins using deprecated authentication API?

I just received the following email from GitHub:

Hi @ctrueden,

On February 4th, 2020 at 06:50 (UTC) your application ( used an access token (with the User-Agent Faraday v1.0.0) as part of a query parameter to access an endpoint through the GitHub API:

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.

Depending on your API usage, we’ll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit Deprecated APIs and authentication | GitHub Developer Guide for more information.

The GitHub Team

Is this something that needs to be changed in my forum’s configuration? Or is an update to the Discourse code needed? Or is something else going on here?


Thanks for sharing the email Curtis. I’ll take a look into this - it looks like we will need some updates on our end.


Just a “me too” post. I got the same email from GitHub.


FYI, we’re tracking this PR in the authentication library which Discourse uses. As soon as that’s merged, we can update:

(If it takes too long, we’ll implement ourselves)

Edit: And now, waiting for


Thanks! I see it’s merged upstream waiting for the next step. Should we expect an out-of-cadence beta release of Discourse¹ for this, or just watch for an update that addresses this and do an out-of-cadence site update?

¹ Argh, I was just having a conversation on a Discourse forum about Discord with someone, and crossed neurons as a result…

1 Like


We’ll be updating tests-passed as normal. Given it should be a simple change, we can also backport it to beta/stable so that people can avoid the constant deprecation emails. Keep an eye on this topic to know when the update is available.


If the release does not happen soon enough, it may be applicable to pin that specific ref for omniauth-github in the Gemfile, suggested here.

gem 'omniauth-github', git: '', ref: '967d769'

There also was a README update commit which suggests to use git master.

We are working on it and have specific plans for both eventualities.


This should now be resolved on tests-passed, beta and stable. We’ll be rolling out the change on our hosting in the next few days


This topic was automatically closed after 32 hours. New replies are no longer allowed.