diff --git a/src/BaseRequest.php b/src/BaseRequest.php
index c6dc55e..a9ac163 100644
--- a/src/BaseRequest.php
+++ b/src/BaseRequest.php
@@ -142,7 +142,7 @@ protected function setupAuthentication(IO\IOInterface $io, $useRedirector, array
 
         // is github
         if (in_array($authKey, $githubDomains) && 'x-oauth-basic' === $auth['password']) {
-            $this->addParam('access_token', $auth['username']);
+            $this->addHeader('authorization', 'token ' . $auth['username']);
             $this->user = $this->pass = null;
             return;
         }
diff --git a/tests/unit/CopyRequestTest.php b/tests/unit/CopyRequestTest.php
index 1cce1b5..4db60b5 100644
--- a/tests/unit/CopyRequestTest.php
+++ b/tests/unit/CopyRequestTest.php
@@ -89,11 +89,13 @@ public function testGitHubRedirector()
 
         // user:pass -> query
         $req = new CopyRequest($example, $tmpfile, false, $this->iop->reveal(), $this->configp->reveal());
-        $this->assertEquals("$example&access_token=at", $req->getURL());
+        $opts = $req->getCurlOptions();
+        $this->assertContains('Authorization: token at', $opts[CURLOPT_HTTPHEADER]);
 
         // api.github.com -> codeload.github.com
         $req = new CopyRequest($example, $tmpfile, true, $this->iop->reveal(), $this->configp->reveal());
-        $this->assertEquals('https://codeload.github.com/vendor/name/legacy.zip/aaaa?a=b&access_token=at', $req->getURL());
+        $opts = $req->getCurlOptions();
+        $this->assertContains('Authorization: token at', $opts[CURLOPT_HTTPHEADER]);
     }
 
     public function testGitLab()