Github deprecation of API used for OSM feeds

[miike]

FYI Github is deprecating one of the ways that we use Github APIs as part of the osm_github code which is responsible for fetching and generating feeds (issues, users) from Github to the OSM website.

The impact of this is that on the removal date (November 2020) feeds will stop rendering on the OSM website - with some interruption during the brown out periods (September and October 2020). It will continue to work until September 2020 without any issues.

I think the fix for this is reasonably minor change in the Ruby code (not sure as I'm not a Ruby dev) but it may be worth putting together a wishlist of changes / features that we want in the website before going down that route.

cc @mattodd

Message below

---

Hello there!

On April 6th, 2020 at 01:58 (UTC) your application (osm_github) used its client_id and client_secret (with the User-Agent Octokit Ruby Gem 1.24.0) as part of a set of query parameters to access an endpoint through the GitHub API:

https://api.github.com/repositories/10483418/issues

Please use Basic Authentication instead as using OAuth credentials in query parameters has been deprecated.

Depending on your API usage, we'll be sending you this email reminder on a monthly basis.

Visit https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param for more information about suggested workarounds and removal dates.

Thanks, The GitHub Team

[miike]

On June 6th, 2020 at 08:21 (UTC) your application (osm_github) used its client_id and client_secret (with the User-Agent Octokit Ruby Gem 1.24.0) as part of a set of query parameters to access an endpoint through the GitHub API:

[miike]

I'm still getting these emails but it looks like the brownout period has moved from September 2020 to early 2021, so I'm not sure if this will be deprecated this year or not.

The blog post mentions both May 2021

All authentication using query parameters will return a status code of 401 like all other auth failures starting on: May 5, 2021 at 4:00 PM UTC

and November 13th (this year) as to when failures might occur.

Starting on November 13th, using access_token as a query parameter to access the API (as a user or as a GitHub App) or using client_id/client_secret to make OAuth app unauthenticated calls will be disabled.

So I'm not sure if I'm misreading this or we have until May 2021.

@jovel @jpemberthy Could you possibly clarify? Thanks.

[jpemberthy]

@miike 👋 hello there. The deprecation is happening next year, but we are still sending emails to inform integrators who are regularly triggering the deprecated flows.

[miike]

Thanks for the clarification @jpemberthy , much appreciated!

[mattodd]

Thank you @miike for this, and thanks @jpemberthy for clarification. I guess an option here (if we're planning ahead) would be to stop using our existing system and switch to using a webpage for OSM that is built on top of Github, i.e. Pages. We've just been playing with this for my research group https://todd-lers.github.io/about/ and it looks nice. In theory could we do this with OSM and have a link of some kind between that page and opensourcemalaria.org?

[miike]

@mattodd Github Pages should work without any issues and then we could repoint opensourcemalaria.org at the pages site.

One issue with Github Pages is that it works great with static content but it doesn't play as nicely with dynamic content.

The current site pulls in a reasonably up to date list of Twitter + Github activity every 15 minutes or so. There's no reason we couldn't recreate this logic but it would have to sit outside of pages to generate the data dynamically, and then Github pages could pull this data in using Javascript - similar to the way the current site works.