Fixed Deprecating API authentication through query parameters

For clarity, the fix is applied in this file:
This is what we use for GitHub requests which is an extended version of the original library class. The fix for the other bug report is now applied in the same file.
But this is not entirely correct. You are using AUTHORIZATION_METHOD_HEADER_BEARER.
elseif (static::AUTHORIZATION_METHOD_HEADER_BEARER === $this->getAuthorizationMethod()) {
    $extraHeaders = array_merge(array('Authorization' => 'Bearer ' . $token->getAccessToken()), $extraHeaders);
if you will see this links, it will be clearly visible
OAuth2 token (sent in a header)
$ curl -H "Authorization: token OAUTH-TOKEN"
3. Use the access token to access the API
The access token allows you to make requests to the API on a behalf of a user.
Authorization: token OAUTH-TOKEN
For example, in curl you can set the Authorization header like this:
curl -H "Authorization: token OAUTH-TOKEN"
But in the header you pass bearer
What would be correct to transmit like
$extraHeaders = array_merge(array('Authorization' => 'token ' . $token->getAccessToken()), $extraHeaders);
But bearer is passed
Is this expressly forbidden either in their API or in the OAuth spec? Or is the current approach failing? My tests seem to indicate that things are working fine as-is.

We'll investigate further.
It will work and an explanation of why the same parameters works is given on the following link, due to the fact that in some places this header is required to be passed.
As for GitHub, they support the token header "Bearer" because they allow that header to be used for other kinds of tokens beyond OAuth tokens, specifically personal access tokens and GitHub App tokens.
But at any moment this may stop working and for authorization they recommend using a token
Top Bottom