Auth0 Home Blog Docs

GitHub deployment extension: GitHub token as query param

When using the GitHub Deployment Extension it seems that the configured access token is being sent as a query param towards the GitHub API. GitHub gives a deprecation warning stating that it should be changed to sending it as an HTTP Header instead.

Is this something we can control via the extension? Or does it require a change in the extension itself?

1 Like

From a quick check this does not seem to be something that you can control through configuration and as such will require code changes in the extension. I’ll check if this is something already being tracked internally and if not will report it; if I recall correctly there’s still some considerable time until the feature gets removed, but GH is using very frequent email notifications so you will likely still receive a few more of those until the extension is update. Apologies for that.

I could only find a report of this situation as a GitHub issue and although those are also reviewed from time to time I also reported this internally to try to get a speedier resolution and reduce email noise. Thanks for everyone’s patience while this is sorted.

I am getting these emails for an app that uses the hosted login page. Is this due to the hosted login page or something in my code (I’m using ember)

If that application is enabled for the use of GitHub social connection the use of the connection would explain that as the connection also makes use of the deprecated approach. The update of the social connection is something that is also already being tracked for resolution.