search

arachnys / cabot

Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty
MIT License
5.59k stars 593 forks source link

Cabot using deprecated access_token GitHub query parameter #698

Open jakubgs opened 3 years ago

jakubgs commented 3 years ago

When I used GitHub OAuth with Cabot I received the following warning in the mail:

Hello there!

On October 16th, 2020 at 11:54 (UTC) your application (Cabot Canaries) used an access token (with the User-Agent python-requests/2.13.0) as part of a query parameter to access an endpoint through the GitHub API.

https://api.github.com/user

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.

Depending on your API usage, we'll be sending you this email reminder on a monthly basis.

Visit https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param for more information about suggested workarounds and removal dates.

Thanks, The GitHub Team

It appears that the access_token query parameter will be removed in roughly 8 months:

All authentication using query parameters will return a status code of 401 like all other auth failures starting on: May 5, 2021 at 16:00 UTC

For more details: https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param

jakubgs commented 3 years ago

The date of the first brownout has passed yesterday. Full schedule:

Brownouts

During a brownout, authentication using query parameters will temporarily fail. The goal is to trigger alerts (assuming there are any) on our customers' services to help them find unmigrated authentication calls.

The brownouts are scheduled for:

  • March 17, 2021
    • From 07:00 UTC to 10:00 UTC
    • From 16:00 UTC to 19:00 UTC
  • April 14, 2021
    • From 07:00 UTC to 10:00 UTC
    • From 16:00 UTC to 19:00 UTC

Removal date

All authentication using query parameters will return a status code of 401 like all other auth failures starting on:

  • May 5, 2021 at 16:00 UTC
jakubgs commented 3 years ago

Looks like they have moved the removal date to 8th of September: https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/

jakubgs commented 3 years ago

Looks like we have passed the September 8th deadline and now OAuth for GitHub is broken:

image

jakubgs commented 3 years ago

I've fixed this in our fork by upgrading the social-auth-core and social-auth-app-django packages: https://github.com/status-im/cabot/commit/cd14ac6b

I also had to pin Pip at 20.3.4 because 21.0 drops support for Python 2: https://github.com/status-im/cabot/commit/8bc5a00a And had to upgrade the Docker image to fix build of cryptography package: https://github.com/status-im/cabot/commit/4461771e