github-proxy: Use identical access token rate limit quota (!8324) · Merge requests · Administrator / sourcegraph

Administrator requested to merge core/github-proxy-oauth-creds-fix into master Feb 07, 2020

Created by: tsenart

This commit deprecates the site config settings githubClientID and githubClientSecret and removes the code that used them in github-proxy.

They were originally meant to be used by sourcegraph.com to increase the available rate limit quota against github.com. However, recent changes to GitHub deprecate OAuth authentication as an app via client_id and client_secret URL query parameters.

In search for a solution, I looked into whether it would make sense to convert this mechanism to the new GitHub App authentication, but stopped short of it because I verified that the existing available rate limit quota for the OAuth app is the same as for the personal access token we already authenticate requests with (i.e. 5000 request / hour).

$ curl -I 'https://api.github.com/user?client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&access_token=$ACCESS_TOKEN' |
   grep 'X-RateLimit-Limit'
X-RateLimit-Limit: 5000

$ curl -I 'https://api.github.com/user?access_token=$ACCESS_TOKEN' |
   grep 'X-RateLimit-Limit'
X-RateLimit-Limit: 5000

In light of this finding, I chose to instead remove the usage of these OAuth credentials altogether and rely only on the already present personal access token.

Fixes #8310

github-proxy: Use identical access token rate limit quota

Merge request reports