search

download-directory / download-directory.github.io

Web App: Download just a sub directory from a GitHub repo.
https://download-directory.github.io
MIT License
1.25k stars 117 forks source link

Token through query param is deprecated #31

Closed mathieutu closed 4 years ago

mathieutu commented 4 years ago

Hi, Github just sent me this, I thought you should be aware of that.

Thanks for your amazing work.

Hi @mathieutu,

On March 29th, 2020 at 17:24 (UTC) your personal access token (Download GitHub directory) using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0 was used as part of a query parameter to access an endpoint through the GitHub API:

https://api.github.com/repositories/****/git/trees/master

Please use the Authorization HTTP header instead, as using the access_token query parameter is deprecated. If this token is being used by an app you don't have control over, be aware that it may stop working as a result of this deprecation.

Depending on your API usage, we'll be sending you this email reminder on a monthly basis for each token and User-Agent used in API calls made on your behalf. Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param for more information about suggested workarounds and removal dates.

Thanks, The GitHub Team

fregante commented 4 years ago

download-directory.github.io already uses the header:

https://github.com/download-directory/download-directory.github.io/blob/333da6f8c17dc28468a4c8e17c0db937a7c7241b/index.js#L45-L50

fregante commented 4 years ago

But list-github-dir-content doesn't:

https://github.com/fregante/list-github-dir-content/blob/e70408bbcfb6e0526b5e4353ead8a881169db37d/index.js#L3-L7

Moving the issue there (Edit: Transfer doesn't work)

MrBartusek commented 4 years ago

Well, https://github.com/fregante/list-github-dir-content/pull/17 has been merged so this issue should be resolved but, I created token and received an email today so the problem clearly still occur

karfau commented 4 years ago

Seems like @fregante want's to merge fregante/list-github-dir-content#16 as well before releasing a major version. Although these mails are annoying there is still nearly a year of time until it will stop working:

Deprecation timeline

Brownouts

During a brownout, authentication using query parameters will temporarily fail. The goal is to trigger alerts (assuming there are any) on our customers' services to help them find unmigrated authentication calls.

The brownouts are scheduled for:

March 17, 2021 From 7:00 AM UTC - 10:00 AM UTC From 4:00 PM UTC - 7:00 PM UTC

April 14, 2021 From 7:00 AM UTC - 10:00 AM UTC From 4:00 PM UTC - 7:00 PM UTC

Removal date

All authentication using query parameters will return a status code of 401 like all other auth failures starting on:

May 5, 2021 at 4:00 PM UTC

So I guess there is no need to rush.

fregante commented 4 years ago

Apologies for taking so long to fix this. I just updated the dependency and now it should work. I'll release https://github.com/fregante/list-github-dir-content/pull/16 later, it needs further testing.