Description
GitHub deprecated authentication via access_token query parameters in Feb 2020 and now requires OAuth tokens to be sent using the Authorization: Bearer <token> header.
hello.js still appends the GitHub access token as a query parameter when making API requests (e.g. api('me')), which causes requests to fail with:
Must specify access token via Authorization header
Steps to Reproduce
- Configure GitHub OAuth with hello.js
- Call
hello('github').login()
- Call
hello('github').api('me')
Expected Behavior
GitHub API requests should include the access token via the Authorization header.
Actual Behavior
Access token is appended as a query parameter, resulting in a 401/403 error.
Reference
GitHub API deprecation notice:
https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
Proposed Fix
Update GitHub provider implementation to send the OAuth token using the Authorization header instead of query parameters.
Description
GitHub deprecated authentication via
access_tokenquery parameters in Feb 2020 and now requires OAuth tokens to be sent using theAuthorization: Bearer <token>header.hello.js still appends the GitHub access token as a query parameter when making API requests (e.g.
api('me')), which causes requests to fail with:Steps to Reproduce
hello('github').login()hello('github').api('me')Expected Behavior
GitHub API requests should include the access token via the
Authorizationheader.Actual Behavior
Access token is appended as a query parameter, resulting in a 401/403 error.
Reference
GitHub API deprecation notice:
https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
Proposed Fix
Update GitHub provider implementation to send the OAuth token using the
Authorizationheader instead of query parameters.