The Github Social Connection is passing access token as part of a query param

byronapptentive · February 4, 2020, 9:06pm

We received a deprecation notice for authentication through our Github social connection.

On February 4th, 2020 at 11:32 (UTC) your application (XXXXX) used an access token (with the User-Agent Auth0 (http://auth0.com)) as part of a query parameter to access an endpoint through the GitHub API.

https://api.github.com/user/emails

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.

Depending on your API usage, we’ll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit Deprecated APIs and authentication | GitHub Developer Guide for more information.

If there is anything we should be doing on our end let me know.

tjholowaychuk · February 5, 2020, 11:59am

Just received the same email, wondering the same thing!

jumarko · February 5, 2020, 8:29pm

We received the exact same thing.
It seems that Auth0 github integration is passing an access token internally as a query param.

scott-ecobee · February 6, 2020, 1:39pm

I created an issue on their git repo for exactly this!
https://github.com/auth0-extensions/auth0-deploy-extensions/issues/52

konrad.sopala · February 6, 2020, 3:07pm

Thanks! I will ping repo maintainers regarding that!

david6 · February 7, 2020, 12:30am

We got this one today too. I have subscribed to the linked GitHub issue above.

anatoly.danilov · February 7, 2020, 7:32am

+1 here. Please raise priority for the answer

konrad.sopala · February 7, 2020, 7:56am

I already pinged the maintainers. Should reach out there soon!

romain1 · February 7, 2020, 1:48pm

+1 here. Do we have a solution in progress and an ETA?

john.sblatter · February 7, 2020, 3:55pm

Same here, prioritisation would be appreciated

konrad.sopala · February 10, 2020, 2:07pm

Repinged them once again

sebastien1 · March 6, 2020, 11:27am

It has been almost a month, Is there any update this issue ?

Thank you.

tjholowaychuk · April 8, 2020, 10:02am

I hope Auth0 is still alive haha… no update?

konrad.sopala · April 8, 2020, 10:51am

Hey there! As I can see Shawn replied 8 days ago that soon they will start working on the issue. Thanks for patience!

brettski · May 19, 2020, 7:50pm

30+ day ping. Any update on this?

Thank you!

konrad.sopala · May 20, 2020, 10:09am

Hey there @brettski!

Can I ask you to ping Shawn in the issue by tagging him? Thank you!

brettski · May 21, 2020, 1:11am

Thanks. Though which Shawn? I don’t see a Shawn in this thread and there are more than 5 to choose from i the community.

konrad.sopala · May 21, 2020, 8:10am

Shawn Mclean (shawnmclean (Shawn Mclean) · GitHub) in the GitHub issue:

https://github.com/auth0-extensions/auth0-deploy-extensions/issues/52

brettski · May 21, 2020, 7:52pm

Thanks @konrad.sopala. FYI, that is not in my view of this thread.

So what I am gathering here is that this thread in community.auth0.com is not really the place to track or look for any of this and actually the GitHub issue, Github integration is using deprecated Github APIs · Issue #52 · auth0-extensions/auth0-deploy-extensions · GitHub, is where we should be watching. Am I understanding this paradox correctly?