Can't login to luarocks.org with github: must specify access token via Authorization header

[Neph-Oo]

Hi luarocks developers,

It seems that users who try to connect using Github can't anymore (?). When I try to login to my account, the authentication fails with error 400. The error message states that authentication through query parameters has been discontinued since September 8 2021: https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/

[aajjbb]

Hi @Neph-Oo. I've worked on the initial GitHub login integration years ago. I've tried coming up with a fix today, but with no success. I no longer have enough context/knowledge on Lapis to do so.

I've found three places which need to be patched to fix this here. However, I don't know how to 'force' a request for a certain URL, set through a href: to contain the needed access_token in the Authorization header, and not as a URL parameter. Would @leafo know how to do it?

[membphis]

same issue

[Neph-Oo]

Thank you for having tried @aajjbb

@membphis : it's normally possible to login with the "Forgot password" link. It seems that the email address used on github is also used by luarocks website to send a link so you can reset your password. I got my account access back (without github).

[redcatbear]

I can confirm that login recovery with GitHub primary mail works. Still would love to see OAuth working again. :-)

[redcatbear]

While OAuth is broken, I suggest removing the login button and adding a note to the site that people can recover with their mail.

[membphis]

@Neph-Oo many thx for your kind remind.

I reset my login password by Forgot password link(with the Github email address).

[leafo]

Fixed now, sorry for taking so long to take a look.