New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GitHub actively deprecating AUTH_URL_CLIENT_ID and AUTH_URL_TOKEN #847
Comments
I am unsure that simply switching to AUTH_HTTP_PASSWORD is enough As I was already using this method and I have been getting the following message for a couple of weeks :
So I guess there is something else to correct. In my code, I only use the following method: |
@tosasystem that error looks to be related to Composer—I believe Composer was also previously using query parameters to authenticate, but updating to the latest version should fix that. |
Yeh, they fixed it in 1.9.3. ;) |
Thanks a lot. I updated composer but there is something I am missing. What does php-github-api use Composer for while running ? Also, when I deploy my system I have php-github-api in my required package, but I don't see composer generating any dependency on itself. Does it mean (but it's just curiosity) that composer has to be present in the working directory of the application for php-github-api to work ? |
@tosasystem The email you received had nothing to do with this library. It was composer that used a deprecated usage, most likely you triggered it by running a composer update/install. See 460c673 for the fix in composer |
Thanks a lot. The use of composer by the library did not make any sense to me. Now I understand. |
The Doc says Github\Client::AUTH_URL_TOKEN is the default method. So switching to AUTH_HTTP_TOKEN should be fine as default until July 1st, 2020. Maybe use a new major Version Number to respect this breaking change to avoid confusing users. |
Related, where someone else confirmed that Edit: nevermind! It's a bug in another library not related to this package 😄 consolidation/robo#936 |
Related: #849. |
This PR was merged into the 2.14.x-dev branch. Discussion ---------- Deprecate the authentication constants which are deprecated by github. See - https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters - https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/ - https://developer.github.com/changes/2020-02-14-deprecating-password-auth/ Closes #847 Commits ------- f7b14da Prepare deprecation of authentication methods
So, |
Yes, Github pushes this method as it is easy to use and safer than passing the token through the url. But you can also use client_id/secret or jwt depending on what solution you are building. |
GitHub has started sending out deprecation emails to apps using query parameters to authenticate, with instructions to switch over to Basic auth.
Relevant notice here:
In this library, both
Client::AUTH_URL_CLIENT_ID
andClient::AUTH_URL_TOKEN
authenticate via query parameters.Client::AUTH_HTTP_PASSWORD
uses Basic authentication, so I've switched my app over to that, but you may want to actively discourage/deprecate use of the query parameter auth methods (and perhaps renameAUTH_HTTP_PASSWORD
toAUTH_HTTP_BASIC
?)To anyone searching for a solution to this, here's the change I made in my app:
And the contents of the GitHub email (for search engines):
Click to expand
The text was updated successfully, but these errors were encountered: