I'm getting occasional email notices from GitHub saying that our TeamCity server is using an
outdated token format. The old access tokens are indistinguishable from SHA hashes. The new tokens
start with a readily greppable 3 character header, and have a slightly higher entropy, while retaining the same key length
I've found and re-generated all of the Personal Access Tokens and OAuth access tokens that I can, but about once a month, I'm still getting an email that looks something like this:
We noticed that an application, TeamCity(ci.support.example.com), owned by an organization you are an admin of, ExampleSolutions, used a token with an outdated format to access the GitHub API on September 20th, 2021 at 17:07 (UTC), with a user-agent header of TeamCity Server 2021.1.2 (build 92869).
The trouble is that at this point, I don't know which personal access token or OAuth token is causing the problem. We have dozens of build notifications and a hand full of other GitHub API calls.
I've looked through the TeamCity logs for the date and time in question (As downloaded from Administration > Diagnostics > Server Logs > Recent). The logs are pretty spammy, and I'm not finding any one-to-one correlations between the timestamps of the emails from GitHub and what I'm seeing in the logs, and what is there is hard to trace back to a given build config.
The notices that I've gotten all seem to fall on the 20th of the month, so I'm going to try to increase log levels on that day. I could probably run wireshark to find outbound connections to GitHub, but I'd really prefer to log OAuth events on TeamCity.
I guess I'm looking for one of the following:
- Is there a way to specifically log OAuth events in Github, and if so
- Can I tie it back to a given build config
- Is there a way of approaching this problem that I haven't thought of?