-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecation notice for authentication via URL query parameters #311
Comments
Getting these as well. Does GitHub have an official EOL for the I would love to switch away from DVCS but we run a Jira Server which doesn't seem to work with this plugin replacement. |
@DMonCode We get this error with the "new" GitHub Jira integration, not with the DVCS connector. |
Yes, I'm not sure how this will affect our Jira integration. We don't want to use basic auth, and there doesn't seem to be an option for that in the DVCS Connector setup if we did. How do we maintain the functionality with Jira Data Center if we're not on Enterprise GH? |
@tebriel (just going off commit history - apologies if you're the wrong person here) This is the first time I've personally looked into this integration for our (Invoca) org and was relieved to see it's maintained by GitHub! Any updates here you might be able to provide? |
This is an issue with Jira https://jira.atlassian.com/browse/JSWSERVER-20414 and is being worked on by their team. Sorry for the short response, on my phone. Tag me if that doesn’t answer your question! |
@tebriel The issue mentioned above seems to be fixed now, but we're still getting the notifications. |
@Skleni I've forwarded the issue on for prioritization, unfortunately I cannot promise any timelines for investigations at the moment. |
We're using Jira Cloud with this integration and are still seeing this notification pop up. Is there anything we can do?
|
@alittle-csdisco are you sure that you are using this app: https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud&tab=overview? We do not use java nor Apache in this application, so I'm wondering if maybe that's another jira+github connector. |
I am using the same app and get a similar notification email recently, which does mention Apache.
|
@bxk-sonavex Looking at the repository you listed in that email (299439409) you have two webhooks installed on that repository. The webhooks are owned by the Jira Application, but as far as I know we don't use them. I've reached out to a coworker with some history on the application, I'm wondering if maybe we used to install repo webhooks but no longer do so. |
@bxk-sonavex on second inspection, the Jira app that installed the webhooks is owned by |
@tebriel Right, the email was sent to the And there is a |
@tebriel @bxk-sonavex that's exactly the setup we have. On the JIRA Cloud side:
On the GitHub side in our GitHub org:
So it seems like the culprit is the |
@tebriel Then what should be done on our side? |
Same setup here as well. |
I'll try to give a little backstory (given my limited knowledge on this) to help you arrive at the desired state: When Atlassian first wrote a GitHub to Jira connector, it was something that users manually created and installed. You made your own OAuth App and pointed the webhooks and setup at your custom Jira URL. This app allowed Jira to configure GitHub Repo webhooks to send data from GitHub to Jira. The GitHub owned integration is wholly separate from the process above. It is an Application that must be installed into your Jira Organization and your GitHub organization, and uses Application Webhooks (instead of Repo webhooks). These webhooks are delivered to the GitHub+Jira Service (which we manage, code is in this repo) to update your Jira instance based on the Jira devinfo API. Unless you are using the "Developer Settings -> OAuth Apps" version (the old way to do jira integration), delete that app that your organization owns and manages from the Advanced Tab. This is not part of the Jira+GitHub sync tool that GitHub manages and we don't control it. Our App should be listed under your "Installed Apps" section only. Let me know if that clears some things up, thanks. |
Hi @IvoBCD. I'm from a team at Atlassian that is currently in the process of migrating the ownership over to us from GitHub. As a part of this, we're currently going through the backlog of issues and prs to see what can still be addressed and what should be closed. Please let me know if @tebriel's comment addressed this issue for you so I can close/follow-up. |
@rachellerathbone We no longer got the depreciation notice, but we've since given up and uninstalled the GitHub JIRA integration since it was just too unreliable |
Hey @IvoBCD. I'm sorry that integration was so unreliable that you had to uninstall it. Me and my team are actively working on the app and have identified a number of pain points for our users and areas of the app that could be improved. If you change your mind and choose to reinstall the app, we'd love to hear your feedback on the product so we can truly try to create the experience our community is after. |
Hey @rachellerathbone, we are currently experiencing a very annoying issue. The "Development" field shows wrong status of PR for tickets - the PR was merged successfully but shown as DECLINED. This is really annoying. Don't know who is responsible for fixing the issue now, but would like to see it resolved asap. I don't want to wast time double checking PRs in every single ticket. |
Hey @bxk-sonavex. Please follow 372. It's currently flagged for triaging so that our team can begin to determine what work needs to be done for this and follow up accordingly. |
Closing this out as the related issue linked above is also closed when the issue was resolved. Please reopen if you need further assistance. |
GitHub is sending me a deprecation notice for authentication via URL query parameters, by GitHub's Jira integration for Atlassian.
Please use the Authorization HTTP header instead as using the
access_token
query parameter is deprecated.Depending on your API usage, we'll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.
Visit https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters for more information.
The text was updated successfully, but these errors were encountered: