We received this from GitHub regarding our production instance:
We noticed that an application, Shopify Shipit, owned by an organization you are an admin of, Shopify, used a token with an outdated format to access the GitHub API ...
... we encourage you to reset any authentication tokens used by this app, as well as tokens used by any other apps you may have, with our reset token API.
Alternatively, you can prompt your users to step through the authorization flow again, as outlined in the docs for either GitHub Apps and OAuth Apps.
This PR will detect tokens in the legacy format and take users back through the GitHub login flow to fetch an updated one. Because we aren't asking for updated permissions, this will be totally transparent to the end user - just a slightly longer page load as the browser follow some redirects to GitHub and back again. I 🎩'd this locally by updating my user with a garbage token (user.update!(github_access_token: 'blah') and reloading the page - it worked as intended.
White731964
commented
1 year ago
We received this from GitHub regarding our production instance:
This PR will detect tokens in the legacy format and take users back through the GitHub login flow to fetch an updated one. Because we aren't asking for updated permissions, this will be totally transparent to the end user - just a slightly longer page load as the browser follow some redirects to GitHub and back again. I 🎩'd this locally by updating my user with a garbage token (
user.update!(github_access_token: 'blah')and reloading the page - it worked as intended.