Go-github: Change deprecated API authentication through query parameters to Basic Auth

Created on 12 Feb 2020  路  9Comments  路  Source: google/go-github

GitHub Developer API announcement:
https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/

This Issue would involve the following:

  • [x] Contact [email protected] and inform them that the docs here need updating to note the deprecation.
  • [ ] Update the comments to support the new authentication mechanism.
  • [ ] Update the code to support the new authentication mechanism. (The new request should be similar to curl -u my_client_id:my_client_secret https://api.github.com/user/repos which it appears to be uses BasicAuth. This and this might be helpful. Basically, I believe you base64-encode the username:password string (with the colon) and make this an "Authorization": "Basic " header.)
  • [ ] Update the corresponding tests.
  • [ ] Test your changes against the live GitHub v3 API.

This would be a great PR for any new contributor to this repo or a new Go developer.
All contributions are greatly appreciated!

Feel free to volunteer for any issue and the issue can be assigned to you so that others don't attempt to duplicate the work.

Please check out our CONTRIBUTING.md guide to get started.

Thank you!

enhancement good first issue
Source
picture gmlewis

Most helpful comment

May I work on this?

picture alext251 on 12 Feb 2020
🚀11 🎉1 👍1

All 9 comments

May I work on this?

alext251 picture alext251 on 12 Feb 2020
🚀11 🎉1 👍1

Thank you, @atorr! It is yours.

gmlewis picture gmlewis on 12 Feb 2020

An update on my progress so far:

  • GitHub support responded and it looks like they made the changes to the documentation
  • I have made the code and comment changes and the corresponding tests
  • I am currently setting up an OAuth App to test against the live API
alext251 picture alext251 on 5 Mar 2020

@alext251 @gmlewis Any updates on changing from query parameters to basic auth? I'd be happy to work on a PR

clarkbynum picture clarkbynum on 17 Mar 2020

@sh3nan1gans I have a PR ready to go. Just figuring out how to tackle the last of the criteria.

alext251 picture alext251 on 23 Mar 2020

Anything special I need to do to get curl -u my_client_id:my_client_secret https://api.github.com/user/repos to work? I have a registered app and added myself as a user but keeps returning 

{
  "message": "Requires authentication",
  "documentation_url": "https://developer.github.com/v3/repos/#list-your-repositories"
}

I'm able to do the steps here to get the token, but I'm guessing that's not exactly the same thing.

alext251 picture alext251 on 23 Mar 2020

(It's interesting that the provided URL doesn't exist. Maybe [email protected] should be notified about the bad URL in the error response.)

So if you are using this endpoint (which it looks like you are):
https://developer.github.com/v3/repos/#list-repositories-for-the-authenticated-user
then you need to use a GitHub "Personal access token": https://github.com/settings/tokens
and that token needs the "repo" scope, like the one I've shown below.
This is an OAuth2 access token, so you would do something like
curl -H "Authentication: Bearer 01234-this-is-your-access-token-56789abcde" ...
or if you are using this client repo, then follow the OAuth2 instructions:
https://github.com/google/go-github#authentication

Make sure to never share this token with anyone. If it ever gets logged, delete it and create a new one.

Screenshot from 2020-03-23 08-15-31

gmlewis picture gmlewis on 23 Mar 2020

@gmlewis Thanks for the info!

alext251 picture alext251 on 24 Mar 2020

Live API testing with following code using an Oauth App I created:

package main

import (
        "fmt"
        "net/url"
        "net/http"

        "github.com/alext251/go-github/github"
)

func main() {
        unauthTransport()
        basicAuthTransport()
}

func unauthTransport() {
        transport := &github.UnauthenticatedRateLimitedTransport {
                ClientID: "<my_client_id>",
                ClientSecret: "<my_client_secret>",
        }
        u, err := url.Parse("https://api.github.com/users/<user>")
        if err != nil {
                fmt.Println("Error with URL creation.")
        }

        request := &http.Request{
                Method: http.MethodGet,
                URL: u,
        }
        response, err := transport.RoundTrip(request)
        if err != nil {
                fmt.Printf("Error is %s", err)
        } else {
                fmt.Println(response)
        }
}

func basicAuthTransport() {
        transport := &github.BasicAuthTransport {
                Username: "<username>",
                Password: "<password>",
                OTP: "<otp>",
        }
        u, err := url.Parse("https://api.github.com/users/<user>")
        if err != nil {
                fmt.Println("Error with URL creation.")
        }

        request := &http.Request{
                Method: http.MethodGet,
                URL: u,
        }
        response, err := transport.RoundTrip(request)
        if err != nil {
                fmt.Printf("Error is %s", err)
        } else {
                fmt.Println(response)
        }
}

Here is the response:

&{200 OK 200 HTTP/1.1 1 1 map[Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset] Cache-Control:[public, max-age=60, s-maxage=60] Content-Security-Policy:[default-src 'none'] Content-Type:[application/json; charset=utf-8] Date:[Tue, 24 Mar 2020 01:36:42 GMT] Etag:[W/"ae9086ee20dd3dd4771f861c924c95b3"] Last-Modified:[Tue, 24 Mar 2020 01:13:01 GMT] Referrer-Policy:[origin-when-cross-origin, strict-origin-when-cross-origin] Server:[GitHub.com] Status:[200 OK] Strict-Transport-Security:[max-age=31536000; includeSubdomains; preload] Vary:[Accept Accept-Encoding, Accept, X-Requested-With] X-Content-Type-Options:[nosniff] X-Frame-Options:[deny] X-Github-Media-Type:[github.v3; format=json] X-Github-Request-Id:[C509:91AD:D219F:10264A:5E79642A] X-Ratelimit-Limit:[5000] X-Ratelimit-Remaining:[4994] X-Ratelimit-Reset:[1585016278] X-Xss-Protection:[1; mode=block]] 0xc000210080 -1 [chunked] false true map[] 0xc0000dc000 0xc0004469a0}
&{200 OK 200 HTTP/1.1 1 1 map[Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset] Cache-Control:[private, max-age=60, s-maxage=60] Content-Security-Policy:[default-src 'none'] Content-Type:[application/json; charset=utf-8] Date:[Tue, 24 Mar 2020 01:36:43 GMT] Etag:[W/"544459a174e4cf4b980930a1cd3e75de"] Last-Modified:[Tue, 24 Mar 2020 01:13:01 GMT] Referrer-Policy:[origin-when-cross-origin, strict-origin-when-cross-origin] Server:[GitHub.com] Status:[200 OK] Strict-Transport-Security:[max-age=31536000; includeSubdomains; preload] Vary:[Accept, Authorization, Cookie, X-GitHub-OTP Accept-Encoding, Accept, X-Requested-With] X-Content-Type-Options:[nosniff] X-Frame-Options:[deny] X-Github-Media-Type:[github.v3; format=json] X-Github-Request-Id:[C50A:5744:20D616:27258B:5E79642A] X-Ratelimit-Limit:[5000] X-Ratelimit-Remaining:[4996] X-Ratelimit-Reset:[1585016145] X-Xss-Protection:[1; mode=block]] 0xc0002104e0 -1 [chunked] false true map[] 0xc0000dc200 0xc000446000}

Ups the rate limit to 5000 from the normal 60.

alext251 picture alext251 on 24 Mar 2020
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

zulhfreelancer picture zulhfreelancer  路  3Comments
dmitshur picture dmitshur  路  3Comments
adrienzieba picture adrienzieba  路  3Comments
OGKevin picture OGKevin  路  3Comments
gmlewis picture gmlewis  路  3Comments