The Github Social Connection is passing access token as part of a query param

We received a deprecation notice for authentication through our Github social connection.


On February 4th, 2020 at 11:32 (UTC) your application (XXXXX) used an access token (with the User-Agent Auth0 (http://auth0.com)) as part of a query parameter to access an endpoint through the GitHub API.

https://api.github.com/user/emails

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.

Depending on your API usage, we’ll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters for more information.


If there is anything we should be doing on our end let me know.

10 Likes

Just received the same email, wondering the same thing!

We received the exact same thing.
It seems that Auth0 github integration is passing an access token internally as a query param.

1 Like

I created an issue on their git repo for exactly this! :frowning:

2 Likes

Thanks! I will ping repo maintainers regarding that!

2 Likes

We got this one today too. I have subscribed to the linked GitHub issue above.

+1 here. Please raise priority for the answer

1 Like

I already pinged the maintainers. Should reach out there soon!

+1 here. Do we have a solution in progress and an ETA?

Same here, prioritisation would be appreciated

1 Like

Repinged them once again

2 Likes

It has been almost a month, Is there any update this issue ?

Thank you.

2 Likes