Closed jackodsteel closed 4 years ago
Why did you not use the basic auth scheme as suggested by github?
I followed the example flow as described: https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#3-use-the-access-token-to-access-the-api
I think the basic scheme is really only intended to be used if your app only supports basic auth, as per:
This approach is useful if your tools only support Basic Authentication
Since we can control the Authorization header we should use the token version of the header.
Bump @g-w, should be good to go now
Hi @jackodsteel, wonder if this fix was also applied to caddy plugin. I am using caddy v1.0.4 but still get an email from github about deprecation of access_token.
Thanks
login {
github client_id=XXXXXX,client_secret=XXXXXX
redirect_check_referer false
cookie_domain beta.example.com
success_url /login
logout_url /login
jwt_expiry 24h
cookie_expiry 2h
}
jwt {
path /
redirect https://beta.example.com:4000/login?backTo=https%3A%2F%2F{host}{rewrite_uri_escaped}
allow sub foo
}
Hi @jackodsteel, wonder if this fix was also applied to caddy plugin. I am using caddy v1.0.4 but still get an email from github about deprecation of access_token.
Hey @sbamin. This fix does apply to the Caddy plugin, however it requires the maintainer to release a new version with the fix, which hasn't happened yet. See the releases page where 1.3.1 is the latest, which was pre this PR.
It's up to @smancke or other maintainers to do a new release, which I don't know their plans.
Otherwise if you have programming experience you can compile the new version straight from master based off these docs.
Fixes #165 by using the Authorization header instead of the
access_token
query param.To test:
Create a new GitHub OAuth App at https://github.com/settings/developers
Run a server with this new version first, and login with GitHub. Verify that you did not get a deprecation notice email
Run the current master server, and login with GitHub. You'll see you did get a deprecation notice for the current server