New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
github provider should use Authorization header instead #2457
Comments
I suspect that
What I can't see (and I've never actually worked on this code) is that we're not even using any form of authentication when we do those requests.get(...) calls.
|
- GitHub is deprecating authentication to the API using query params like an `access_token` query param. An `Authorization: token TOKEN` header should be added to the request instead. - see also https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow - fixes pennersr#2457
I did a little more spelunking and it looks like authentication happens in the OAuth2LoginView but we shouldn't have to deal with that since the rest of the oauth2 flow remains unchanged, GitHub is just changing how it handles api requests via the oauth2 access token. Looking at other providers that also set the Authorization header I think it is as simple as setting
|
- GitHub is deprecating authentication to the API using query params like an `access_token` query param. An `Authorization: token TOKEN` header should be added to the request instead. - see also https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow - fixes #2457
Upgrade django-allauth to git commit 83a0f776. It includes fix for GitHub described in pennersr/django-allauth#2457. Issue: ansible#2224
- GitHub is deprecating authentication to the API using query params like an `access_token` query param. An `Authorization: token TOKEN` header should be added to the request instead. - see also https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow - fixes pennersr#2457
GitHub is deprecating their query parameter access token based authentication in favor of setting an
Authorization:
header in the request. I think this should be a fairly simple change to the GitHub provider and adding the header to therequests.get()
call. Happy to submit a PR for this but I'm not sure if there's anything else needed..https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters
The text was updated successfully, but these errors were encountered: