GitHub authorization has changed #1755

Closed lorenx closed 1 year ago

Hello, I don't know if you are aware but GitHub has changed its authentication method, on May 5, 2021: see here and here.

In fact, as I try to add my Github repo, StackEdit receives this error:

{
    "status": 400,
    "body": {
        "message": "Must specify access token via Authorization header. https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param",
        "documentation_url": "https://docs.github.com/v3/#oauth2-token-sent-in-a-header"
    }
}

Anyway... GitLab integration is not working, GitHub is not working either now. What should we do?

I hope in a quick fix, thank you very much.

I guess it's the same as #1724. But it doesn't seem fixed...

{
    "status": 400,
    "body": {
        "message": "Must specify access token via Authorization header. https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param",
        "documentation_url": "https://docs.github.com/v3/#oauth2-token-sent-in-a-header"
    }
}

Anyway... GitLab integration is not working, GitHub is not working either now. What should we do?

Same problem here, I granted access to Github so I could sign in from StackEdit and it worked fine, but when I try to add a workspace from Github I get an "HTTP Error 400" sign and this:

Yeah, that's the exact error I get too. It should be simple to change how the token is sent, if only some developers would reply us... @benweet

Getting the same exact error, bumping.

For the time being, I developed a workaround. I know there already is #1724 that fixes the issue, but I wanted to keep using StackEdit whilst the request is not yet merged.

Once you are on the screen asking you to "Grant access to your private repositories," open the developer console and paste the following lines.

window.XMLHttpRequest =  class MyXMLHttpRequest extends window.XMLHttpRequest {
  open(...args){
    if(args[1].startsWith("https://api.github.com/user?access_token=")) {
      // apply fix as described by github
      // https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make

      const segments = args[1].split("?");
      args[1] = segments[0]; // remove query params from url
      const token = segments[1].split("=")[1]; // save the token

      const ret = super.open(...args);

      this.setRequestHeader("Authorization", `token ${token}`); // set required header

      return ret;
    }
    else {
      return super.open(...args);
    }
  }
}

This overrides window.XMLHttpRequest, which StackEdit uses to send API-Requests to GitHub, and modifies requests to https://api.github.com/user. Specifically, it moves the token from query to header.

Once the repository is connected, you can remove the overridden XMLHttpRequest by reloading the page.

Thank you @mogoe1!

Thank you! Ran into this problem this morning...

@benweet Can confirm issue still persists as of today

{
  "message": "Must specify access token via Authorization header. https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param",
  "documentation_url": "https://docs.github.com/v3/#oauth2-token-sent-in-a-header"
}

Yeah, just right now

@mogoe1 thank you!!!

big up @mogoe1

Heads up to other recently-frustrated StackEdit users- From all appearances, the project maintainer is gone. He has had 0 Github activity since March of last year: https://github.com/benweet I've tried searching for any news items about him, checking for career changes/death announcements/ etc, but without success. With 8+ months of silence from the solo maintainer, I recommend people start finding/creating alternatives. I know I would be very happy to support someone forking this and taking it into the future :)

also had the impression of the project being unmaintained now... meanwhile I switched to Obsidian, which i really love.... Migration is quite easy.

This is still an ongoing issue. Any news on this being added upstream

For the time being, I developed a workaround. I know there already is #1724 that fixes the issue, but I wanted to keep using StackEdit whilst the request is not yet merged.

Once you are on the screen asking you to "Grant access to your private repositories," open the developer console and paste the following lines.
window.XMLHttpRequest =  class MyXMLHttpRequest extends window.XMLHttpRequest {
  open(...args){
    if(args[1].startsWith("https://api.github.com/user?access_token=")) {
      // apply fix as described by github
      // https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make

      const segments = args[1].split("?");
      args[1] = segments[0]; // remove query params from url
      const token = segments[1].split("=")[1]; // save the token

      const ret = super.open(...args);

      this.setRequestHeader("Authorization", `token ${token}`); // set required header

      return ret;
    }
    else {
      return super.open(...args);
    }
  }
}
This overrides window.XMLHttpRequest, which StackEdit uses to send API-Requests to GitHub, and modifies requests to https://api.github.com/user. Specifically, it moves the token from query to header.

Once the repository is connected, you can remove the overridden XMLHttpRequest by reloading the page.

Thanx a lot. I'm admirative for persons like you who understand something about front end and security ^^

For the time being, I developed a workaround. I know there already is #1724 that fixes the issue, but I wanted to keep using StackEdit whilst the request is not yet merged.

Once you are on the screen asking you to "Grant access to your private repositories," open the developer console and paste the following lines.
window.XMLHttpRequest =  class MyXMLHttpRequest extends window.XMLHttpRequest {
  open(...args){
    if(args[1].startsWith("https://api.github.com/user?access_token=")) {
      // apply fix as described by github
      // https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make

      const segments = args[1].split("?");
      args[1] = segments[0]; // remove query params from url
      const token = segments[1].split("=")[1]; // save the token

      const ret = super.open(...args);

      this.setRequestHeader("Authorization", `token ${token}`); // set required header

      return ret;
    }
    else {
      return super.open(...args);
    }
  }
}
This overrides window.XMLHttpRequest, which StackEdit uses to send API-Requests to GitHub, and modifies requests to https://api.github.com/user. Specifically, it moves the token from query to header.

Once the repository is connected, you can remove the overridden XMLHttpRequest by reloading the page.

also had the impression of the project being unmaintained now... meanwhile I switched to Obsidian, which i really love.... Migration is quite easy.

Thank you - great recommendation! :)

For the time being, I developed a workaround. I know there already is #1724 that fixes the issue, but I wanted to keep using StackEdit whilst the request is not yet merged.

Once you are on the screen asking you to "Grant access to your private repositories," open the developer console and paste the following lines.
window.XMLHttpRequest =  class MyXMLHttpRequest extends window.XMLHttpRequest {
  open(...args){
    if(args[1].startsWith("https://api.github.com/user?access_token=")) {
      // apply fix as described by github
      // https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make

      const segments = args[1].split("?");
      args[1] = segments[0]; // remove query params from url
      const token = segments[1].split("=")[1]; // save the token

      const ret = super.open(...args);

      this.setRequestHeader("Authorization", `token ${token}`); // set required header

      return ret;
    }
    else {
      return super.open(...args);
    }
  }
}
This overrides window.XMLHttpRequest, which StackEdit uses to send API-Requests to GitHub, and modifies requests to https://api.github.com/user. Specifically, it moves the token from query to header.

Once the repository is connected, you can remove the overridden XMLHttpRequest by reloading the page.

Thank you @snowsum. This has helped me today (01.02.2023)

Same here ... Above code snippet worked for me (16.02.2023). I do afraid something happened to this developer. Hope he is alive.

Same here, JS snippet worked for me (16.03.2023) Also, the fact that I even have to do this is fvking annoying.

I still get the error despite the workaround. Any chances of fixing the issue for good by merging #1724?

Thank you @mogoe1!

It is clear that it won't be fixed, the maintainer basically left this project.

I switched to using Github itself for note taking, it has great editor features, even on mobile. But to create new file on mobile, I use this app: GitJournal. The version controll sounds like a nice feature in this flow :)

I tried free tier of some paid software as Obsidian/Notion, but for me they did not fit. In PM I am open for similar free software recommendations.

Should be fixed with v5.15.0.

Heads up to other recently-frustrated StackEdit users- From all appearances, the project maintainer is gone. He has had 0 Github activity since March of last year: https://github.com/benweet I've tried searching for any news items about him, checking for career changes/death announcements/ etc, but without success. With 8+ months of silence from the solo maintainer, I recommend people start finding/creating alternatives. I know I would be very happy to support someone forking this and taking it into the future :)

did you end up forking it.? let me know I can contribute, I love this project.

benweet / stackedit

GitHub authorization has changed #1755