github: tweak auth deprecation comment

GitHub did eventually get back to me this week. They linked a nearly month-old blog post (referenced in the new text of our comment) that says to do exactly what we did: pass OAuth client ID/secret as username and password, like HTTP auth. The deprecation/removal timeline also changed, but rather than put in the updated info (which might become wrong again later), I just removed it because the shutoff date isn't relevant. We're already updated.
sopel-irc · Mar 8, 2020 · 36f25c6 · 36f25c6
1 parent 6fd8cdf
commit 36f25c6
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/sopel_modules/github/github.py b/sopel_modules/github/github.py
@@ -107,13 +107,10 @@ def shutdown(sopel):
 
 
 def fetch_api_endpoint(bot, url):
-    # GitHub deprecated passing OAuth client ID/secret via query parameters in
-    # November 2019, to be fully removed July 1, 2020 (per email notices).
-    # Passing them as user/password in HTTP Basic Authentication works, though.
-    # Since GitHub sent no response after over a week when we asked if this way
-    # would be OK, we're just going to use it anyway.
-    # At least, sending test requests this way didn't generate deprecation
-    # notice emails like using query parameters would.
+    # GitHub deprecated passing authentication via query parameters in November
+    # 2019. Passing OAuth client credentials as user/password instead is the
+    # supported replacement:
+    # https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
     auth = None
     if bot.config.github.client_id and bot.config.github.client_secret:
         auth = (bot.config.github.client_id, bot.config.github.client_secret)