Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

github will replace and discontinue authenticating using query parameters #8454

Open
yb199478 opened this issue Nov 29, 2019 · 4 comments
Open

github will replace and discontinue authenticating using query parameters #8454

yb199478 opened this issue Nov 29, 2019 · 4 comments
Assignees
Labels
Bug
Milestone

Comments

@yb199478
Copy link

@yb199478 yb199478 commented Nov 29, 2019

I recently read the oauth documentation on github and found that the mention of deprecating authentication to the GitHub API using query parameters:

Will this affect composer in the future?

$fileUrl .= (false === strpos($fileUrl, '?') ? '?' : '&') . 'access_token='.$options['github-token'];

@yb199478 yb199478 closed this Nov 29, 2019
@yb199478 yb199478 reopened this Nov 29, 2019
@yb199478 yb199478 changed the title github will replace and discontinue OAuth endpoints containing access_token in the path parameter github will replace and discontinue authenticating using query parameters Nov 29, 2019
@alcohol

This comment has been minimized.

Copy link
Member

@alcohol alcohol commented Dec 2, 2019

A quick glance over the blogpost and our code suggests that this might impact some of our code perhaps. But I was also under the impression we already used headers to authenticate in some scenarios or flows. This does warrant further inspection I think. Thank you for letting us know!

@stof

This comment has been minimized.

Copy link
Contributor

@stof stof commented Dec 2, 2019

The blog post also mention deprecating the API for creating personal access tokens. I know for sure that composer used it in the past, but I don't remember whether that's still the case today.

@yb199478

This comment has been minimized.

Copy link
Author

@yb199478 yb199478 commented Dec 2, 2019

The API for creating the personal token, I remember that it provided a uri to display, not directly generated through the api:

$url = 'https://'.$originUrl.'/settings/tokens/new?scopes=repo&description=' . str_replace('%20', '+', rawurlencode($note));

@stof

This comment has been minimized.

Copy link
Contributor

@stof stof commented Dec 2, 2019

OK, so it means we already removed our code generating a token.

@Seldaek Seldaek added Bug and removed Question labels Dec 7, 2019
@Seldaek Seldaek added this to the 1.10 milestone Dec 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.