Authentication Token Changes and Resetting Tokens


We integrate the REST API for interacting with GitHub within our IDE, Nova. We’ve just gotten the notification about the format of OAuth tokens changing with the GitHub API.

We’ve read through the blog post and the linked API documentation, but had a couple of questions:

  1. How should we best “know” that a token needs reset? Should we just assume that any token generated before today is invalid, or do you recommend specifically checking for the new prefixes in the token (like ghp) and performing a reset if one is not present?

  2. How does this affect the GitHub Enterprise API? Is this being rolled out to Enterprise at the same time, or is there specific considerations for companies that might be running hosted versions of Enterprise that will not yet get this change?

Thank you for your time and assistance!