[GitHub] Deprecation Notice

Apologies if this is a really stupid question - I don’t really use GitHub and have only ever used it to do a beginner’s HTML/CSS course so far. The last time I logged in was a couple of months ago. However today I received an email saying:

On September 29th, 2020 at 13:37 (UTC) you used a password to access an endpoint through the GitHub API using python-requests/2.18.4:

[Link removed - not sure what this is]

Basic authentication using a password to the API is deprecated and will soon no longer work. Visit https://developer.github.com/changes/2020-02-14-deprecating-password-auth/ for more information around suggested workarounds and removal dates.

The GitHub Team

Normally I wouldn’t think anything of this email, except that I didn’t login or access anything today? I clicked the link before thinking and it came up as a blank page with a single “}” on it. Is this an actual email from github or could this be some kind of phishing?


Hi @janekristinlou welcome to the GitHub community, we are happy you are here.

The API for OAuth Authorizations is indeed deprecated, GitHub no longer supports basic authentication using a username and password. Instead, we recommend using personal access tokens or the web application flow. As shown on this blog post. Kudos for being vigilant!

1 Like

Hi @AndreaGriffiths11

I got this deprecation notification after using ordinary git commands, e.g. push - no curl etc, in WebStorm. I read the blog post you mentioned but it didn’t make it clear what I should do. Are there step-by-step instructions?

I have ssh keys set up and working with another project. That project doesn’t get the deprecation notification.

Thanks for any specific guidance

HI @steinitz
Authentication using SSH for Git access in unaffected by the Deprecation notice, you can use this on some or all your repositories, its your choice.

The alternatives methods for Git access are
'personal access token, or
‘web application flow’.

If you are using a recent Git Client or GitHub Desktop version you can simply select the ‘Sign In with Browser option’ and follow the instructions.
The personal access token routes requires you to create it in advance, described at this link Creating a personal access token - GitHub Docs. Examples of how you enter the token in the Git command line are provided in the link also.

If you are using the REST or GRAPHQL API access for a request requiring authentication you will need to become familiar with providing a personal access token in an authentication header as well, also documented in the API docs examples and the depracation notice example.