[GitHub API] Deprecation notice for authentication via URL query parameters
I got some emails from GitHub to my personal email deprecation of some authentication patterns,
[GitHub API] Deprecation notice for authentication via URL query parameters
On February 4th, 2020 at 00:31 (UTC) your application (Gitter Private Repo Access) used an access token (with the User-Agent NodeJS HTTP Client) as part of a query parameter to access an endpoint through the GitHub API.
https://api.github.com/repositories/xxx/hooks
Please use the Authorization HTTP header instead as using the
access_token
query parameter is deprecated.Depending on your API usage, we'll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf. Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.
Visit https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters for more information.
Thanks, The GitHub Team
Also seeing an email for Gitter Webhooks
Does this affect us?
Yes
See
-
modules/github/lib/public-token-pool.js#L28-30
-> https://gitlab.com/gitlab-org/gitter/webapp/-/merge_requests/2019 -
tentacles
lib/client.js#L66-78
-> https://gitlab.com/gitlab-org/gitter/tentacles/-/merge_requests/9
More information from GitHub: https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters
cc @viktomas