Query parameter authentication is deprecated on GitHub

[GiorgioGhisotti]

Hello,

GitHub has deprecated access token authentication through query parameters. As far as I can tell this utility can't work with https authentication anymore short of asking the user for their credentials every time. Using ssh authentication could be a solution.

[ConradIrwin]

Are they continuing to support the Authorization: Bearer tokens?

P.S. Superhuman is hiring — referral bonus for Full Stack Engineers ( https://superhuman.com/roles?gh_jid=260350 ) : $1,947.

On Tue, Feb 04, 2020 at 5:49 AM, Giorgio Ghisotti < notifications@github.com > wrote:

Hello,

GitHub has deprecated access token authentication through query parameters ( https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters ). As far as I can tell this utility can't work with https authentication anymore short of asking the user for their credentials every time. Using ssh authentication could be a solution.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub ( https://github.com/defunkt/gist/issues/309?email_source=notifications&email_token=AAAXAQCR5WX3I74QZGCHJZDRBFW6JA5CNFSM4KPXHQY2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IK42RMQ ) , or unsubscribe ( https://github.com/notifications/unsubscribe-auth/AAAXAQGR444LFNFPZQNWSM3RBFW6JANCNFSM4KPXHQYQ ).

[Darkle]

They mention in the email to use the Authorization HTTP header instead FWIW

[cmoulliard]

The github email mentions the following message

Please use the Authorization HTTP header instead,
as using the `access_token` query parameter is deprecated.

Depending on your API usage, we'll be sending you this email ...

Visit 
https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters
for more information.

The web pages explains

GitHub is deprecating authentication to the GitHub API using query parameters,
such as using a access_token query parameter for OAuth user authentication
or a client_id/client_secret query  parameter for OAuth application authentication.

All authentication to the GitHub API should be done 
using HTTP basic authentication
see: 
https://developer.github.com/v3/auth/#via-oauth-and-personal-access-tokens.

[GiorgioGhisotti]

As far as I can tell from the documentation, "basic authentication", even with OAuth, means that the user is queried for username and OAuth token after making the http request - there may be a way to automate that process but it feels a bit clunky and not the intended way of authenticating.

[jcolson]

aren't they just saying use the header instead of the query parameter??

curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/user

like that?

[cmoulliard]

This command is working for me curl -H "Authorization: token $GIT_TOKEN" https://api.github.com/gists/945a461e2abc33d222177a553bb1a0ae

[GiorgioGhisotti]

Well in that case it should be pretty easy to fix, I didn't quite understand that prepending the token wold work.

[jcolson]

looks like it's already committed -> https://github.com/defunkt/gist/commit/635b1437a513e9a13367827ee3f74fbbdaa54aa8

[torarnv]

brew unlink gist && brew install -s gist --HEAD until brew has been updated

[typebrook]

looks like it's already committed -> 635b143

@GiorgioGhisotti You can close this issue now