Deprecating OAuth Authorization API

As mentioned in this previous blog post, GitHub has deprecated the OAuth authorization endpoints and recommends that integrators switch to the web application flow to generate access tokens.

Since the OAuth Authorization API requires password authentication, this API will not work once password authentication has been deprecated.

Deprecation timeline

Removal date

All calls to the OAuth authorization endpoints will return a status code of 404 starting on:

  • November 13, 2020 at 4:00 PM UTC

Brownouts

During a brownout, calls to the old version of the OAuth Authorization API will temporarily fail to alert users who haven't migrated their authentication calls.

The brownouts are scheduled for:

  • September 30, 2020

    • From 7:00 AM UTC - 10:00 AM UTC
    • From 4:00 PM UTC - 7:00 PM UTC
  • October 28, 2020

    • From 7:00 AM UTC - 10:00 AM UTC
    • From 4:00 PM UTC - 7:00 PM UTC

Changes to make

Calls to OAuth Authorizations API

If you're making OAuth Authorization API calls to manage your OAuth app's authorizations or to create personal access or OAuth tokens like:

curl -u my_username:my_password -X POST "https://api.github.com/authorizations" -d '{"scopes":["public_repo"], "note":"my token", "client_id":"my_client_id", "client_secret":"my_client_secret"}'

Then you must switch to the web application flow to generate access tokens.

Endpoints affected

The following list of OAuth authorization endpoints are deprecated:

If you have any questions or feedback, please let us know!