Fixed [GitHub API] Deprecation notice for authentication via URL query parameters


Well-known member
Affected version
Hi there,

just received a mail from GitHub:
On February 5th, 2020 at 14:08 (UTC) your application (APP NAME) used an access token (with the User-Agent PHPoAuthLib) as part of a query parameter to access an endpoint through the GitHub API:

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated.

Depending on your API usage, we'll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit for more information.

The GitHub Team
Came here looking for some more info on this also I received the same mail and don't really want to receive it every 3 days as they say! I have quite a few users using GitHub as a web dev forum.
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.1.8).

Change log:
Update GitHub OAuth implementation to use header authorisation.
There may be a delay before changes are rolled out to the XenForo Community.
Top Bottom