The Github Social Connection is passing access token as part of a query param

We received a deprecation notice for authentication through our Github social connection.

On February 4th, 2020 at 11:32 (UTC) your application (XXXXX) used an access token (with the User-Agent Auth0 ( as part of a query parameter to access an endpoint through the GitHub API.

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.

Depending on your API usage, we’ll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit for more information.

If there is anything we should be doing on our end let me know.


Just received the same email, wondering the same thing!

We received the exact same thing.
It seems that Auth0 github integration is passing an access token internally as a query param.

1 Like

I created an issue on their git repo for exactly this! :frowning:


Thanks! I will ping repo maintainers regarding that!


We got this one today too. I have subscribed to the linked GitHub issue above.

+1 here. Please raise priority for the answer

1 Like

I already pinged the maintainers. Should reach out there soon!

+1 here. Do we have a solution in progress and an ETA?

Same here, prioritisation would be appreciated

1 Like

Repinged them once again


It has been almost a month, Is there any update this issue ?

Thank you.


I hope Auth0 is still alive :smiley: haha… no update?

Hey there! As I can see Shawn replied 8 days ago that soon they will start working on the issue. Thanks for patience!

30+ day ping. Any update on this?

Thank you!

Hey there @brettski!

Can I ask you to ping Shawn in the issue by tagging him? Thank you!

Thanks. Though which Shawn? I don’t see a Shawn in this thread and there are more than 5 to choose from i the community.

Shawn Mclean ( in the GitHub issue:

Thanks @konrad.sopala. FYI, that is not in my view of this thread.

So what I am gathering here is that this thread in is not really the place to track or look for any of this and actually the GitHub issue,, is where we should be watching. Am I understanding this paradox correctly?