-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #165 by using Authorization header instead #166
Fix #165 by using Authorization header instead #166
Conversation
b61d025
to
c7119c4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @jackodsteel,
thank you for your contribution!
Could you please have a look into my comment? Why did you not use the basic auth scheme as suggested by github?
I followed the example flow as described: https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#3-use-the-access-token-to-access-the-api I think the basic scheme is really only intended to be used if your app only supports basic auth, as per:
Since we can control the Authorization header we should use the token version of the header. |
Bump @g-w, should be good to go now |
Hi @jackodsteel, wonder if this fix was also applied to caddy plugin. I am using caddy v1.0.4 but still get an email from github about deprecation of access_token. Thanks
|
Hey @sbamin. This fix does apply to the Caddy plugin, however it requires the maintainer to release a new version with the fix, which hasn't happened yet. See the releases page where 1.3.1 is the latest, which was pre this PR. It's up to @smancke or other maintainers to do a new release, which I don't know their plans. Otherwise if you have programming experience you can compile the new version straight from master based off these docs. |
Fixes #165 by using the Authorization header instead of the
access_token
query param.To test:
Create a new GitHub OAuth App at https://github.com/settings/developers
Run a server with this new version first, and login with GitHub. Verify that you did not get a deprecation notice email
Run the current master server, and login with GitHub. You'll see you did get a deprecation notice for the current server