-
Bug
-
Resolution: Fixed
-
High (View bug fix roadmap)
-
7.13.9, 8.5.1, 8.5.2, 7.13.11, 8.6.1, 8.7.0
-
7.13
-
27
-
Severity 2 - Major
-
410
-
Issue Summary
Jira's DVCS GitHub connector uses the "access_token" query parameter which is now a deprecated authentication method for the GitHub API
Steps to Reproduce
- Go to Jira Administration > Application > DVCS Accounts
- Click on "Link Bitbucket Cloud and GitHub accounts" button
- Provide details for GitHub (check screen shot) and proceed.
- Make sure that Jira syncs this GitHub data at least once
Expected Results
The integration works without any problems.
Actual Results
GitHub is currently emailing administrators to inform them that they have an integration that is using this deprecated authentication method. The message looks like this:
Hi,
On February 4th, 2020 at 14:01 (UTC) your application (JIRA DVCS) used an access token (with the User-Agent Java/1.8.0_151) as part of a query parameter to access an endpoint through the GitHub API:
https://api.github.com/repositories/229755391/hooks
Please use the Authorization HTTP header instead as using the `access_token` query parameter is deprecated.
Depending on your API usage, we'll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.Visit https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters for more information.
Thanks,
The GitHub Team
Notes
- Related announcement from 2020-02-10 - https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
All authentication using query parameters will return a status code of 401 like all other auth failures starting on: November 13, 2020 at 4:00 PM UTC
This deprecation has not been applied to GitHub Enterprise offerings yet.
- Related announcement from 2020-02-14 - https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/
All calls to the old version of the OAuth application endpoints will return a status code of 404 starting on: May 5, 2021 at 4:00 PM UTC
This deprecation has not been applied to GitHub Enterprise offerings yet.
Workaround
None
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSWSERVER-20414] Jira's DVCS GitHub connector uses the "access_token" query parameter which is a deprecated authentication method for the GitHub API
| Affects Version/s | New: 8.5.1 [ 89601 ] |
| Comment |
[ Will this be fixed in 8.8.0?
Thanks, Tina ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 476040 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 509095 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 508185 ] |
| Fix Version/s | New: 8.11.1 [ 92300 ] | |
| Fix Version/s | Original: 8.8.2 [ 91903 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
| UIS | Original: 422 | New: 410 |
| UIS | Original: 403 | New: 422 |
| UIS | Original: 404 | New: 403 |