From 11c2d9f7ab51a5e1d1cf16817e092fe15c48a157 Mon Sep 17 00:00:00 2001
From: Paolo Rossi <rosso.ipalo@gmail.com>
Date: Sat, 30 Oct 2021 17:10:00 +0200
Subject: [PATCH 1/5] refs #955: deprecate Client::AUTH_* constants and replace
 them with AuthMethod::AUTH_* const

---
 UPGRADE-3.0.md                                |  8 ++---
 doc/currentuser/repositories.md               |  6 ++--
 doc/graphql.md                                |  6 ++--
 doc/security.md                               | 10 +++----
 lib/Github/AuthMethod.php                     | 30 +++++++++++++++++++
 lib/Github/Client.php                         | 26 +---------------
 .../HttpClient/Plugin/Authentication.php      |  8 ++---
 test/Github/Tests/ClientTest.php              | 11 +++----
 test/Github/Tests/Functional/CacheTest.php    |  7 +++--
 .../HttpClient/Plugin/AuthenticationTest.php  |  8 ++---
 10 files changed, 64 insertions(+), 56 deletions(-)
 create mode 100644 lib/Github/AuthMethod.php

diff --git a/UPGRADE-3.0.md b/UPGRADE-3.0.md
index 738343d6c37..b9120594a06 100644
--- a/UPGRADE-3.0.md
+++ b/UPGRADE-3.0.md
@@ -15,7 +15,7 @@
 
 ### Authentication methods
 
-* `Github\Client::AUTH_URL_TOKEN` use `Github\Client::AUTH_ACCESS_TOKEN` instead.
-* `Github\Client::AUTH_URL_CLIENT_ID` use `Github\Client::AUTH_CLIENT_ID` instead.
-* `Github\Client::AUTH_HTTP_TOKEN` use `Github\Client::AUTH_ACCESS_TOKEN` instead.
-* `Github\Client::AUTH_HTTP_PASSWORD` use `Github\Client::AUTH_ACCESS_TOKEN` instead.
+* `Github\Client::AUTH_ACCESS_TOKEN`  use `Github\AuthMethod::AUTH_ACCESS_TOKEN` instead.
+* `Github\Client::AUTH_CLIENT_ID`  use `Github\AuthMethod::AUTH_CLIENT_ID` instead.
+* `Github\Client::AUTH_ACCESS_TOKEN`  use `Github\AuthMethod::AUTH_ACCESS_TOKEN` instead.
+* `Github\Client::AUTH_ACCESS_TOKEN`  use `Github\AuthMethod::AUTH_ACCESS_TOKEN` instead.
diff --git a/doc/currentuser/repositories.md b/doc/currentuser/repositories.md
index a3e2922b20f..d54cc5d4225 100644
--- a/doc/currentuser/repositories.md
+++ b/doc/currentuser/repositories.md
@@ -19,12 +19,12 @@ There are three values that can be passed into the `repositories` method: `type`
 | sort          | `full_name` | `created`, `updated`, `pushed`, `full_name`
 | direction     | `asc`       | `asc`, `desc`
 
-> See https://developer.github.com/v3/repos/#list-your-repositories for possible values and additional information 
+> See https://developer.github.com/v3/repos/#list-your-repositories for possible values and additional information
 
 #### Code Example:
 
 ```php
-$client = new \Github\Client(); 
-$client->authenticate($github_token, null, \Github\Client::AUTH_ACCESS_TOKEN);
+$client = new \Github\Client();
+$client->authenticate($github_token, null, \Github\AuthMethod::AUTH_ACCESS_TOKEN);
 $client->currentUser()->repositories();
 ```
diff --git a/doc/graphql.md b/doc/graphql.md
index 99e653bf87a..00adf92ce57 100644
--- a/doc/graphql.md
+++ b/doc/graphql.md
@@ -14,7 +14,7 @@ $rateLimits = $client->api('graphql')->execute($query);
 To use [GitHub v4 API (GraphQL API)](http://developer.github.com/v4/) requests must [authenticated]((../security.md)).
 
 ```php
-$client->authenticate($token, null, Github\Client::AUTH_ACCESS_TOKEN);
+$client->authenticate($token, null, Github\AuthMethod::AUTH_ACCESS_TOKEN);
 
 $result = $client->api('graphql')->execute($query);
 ```
@@ -28,7 +28,7 @@ To use [GitHub v4 API (GraphQL API)](http://developer.github.com/v4/) with diffe
 ```php
 $result = $client->api('graphql')->execute($query, [], 'application/vnd.github.starfox-preview+json')
 ```
-> default accept header is `application/vnd.github.v4+json`  
+> default accept header is `application/vnd.github.v4+json`
 
 
 
@@ -51,7 +51,7 @@ $variables = [
     'organizationLogin' => 'KnpLabs'
 ];
 
-$client->authenticate('<your-token>', null, Github\Client::AUTH_ACCESS_TOKEN);
+$client->authenticate('<your-token>', null, Github\AuthMethod::AUTH_ACCESS_TOKEN);
 
 $orgInfo = $client->api('graphql')->execute($query, $variables);
 ```
diff --git a/doc/security.md b/doc/security.md
index b62ca4c05fc..8c76fdfe91a 100644
--- a/doc/security.md
+++ b/doc/security.md
@@ -17,11 +17,11 @@ $client->authenticate($usernameOrToken, $password, $method);
 and guess what should contain `$password`. The `$method` can contain one of the three allowed values:
 
 #### Supported methods
-* `Github\Client::AUTH_CLIENT_ID` - https://developer.github.com/v3/#oauth2-keysecret
-* `Github\Client::AUTH_ACCESS_TOKEN` - https://developer.github.com/v3/#oauth2-token-sent-in-a-header
-* `Github\Client::AUTH_JWT` - https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app
+* `Github\AuthMethod::AUTH_CLIENT_ID` - https://developer.github.com/v3/#oauth2-keysecret
+* `Github\AuthMethod::AUTH_ACCESS_TOKEN` - https://developer.github.com/v3/#oauth2-token-sent-in-a-header
+* `Github\AuthMethod::AUTH_JWT` - https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app
 
-The required value of `$password` depends on the chosen `$method`. For `Github\Client::AUTH_ACCESS_TOKEN`, `Github\Client::AUTH_ACCESS_TOKEN` and
+The required value of `$password` depends on the chosen `$method`. For `Github\AuthMethod::AUTH_ACCESS_TOKEN`, `Github\Client::AUTH_ACCESS_TOKEN` and
 `Github\Client::JWT` methods you should provide the API token in `$usernameOrToken` variable (`$password` is omitted in
 this particular case).
 
@@ -33,7 +33,7 @@ further requests are done as the given user.
 ### Authenticating as an Integration
 
 To authenticate as an integration you need to supply a JSON Web Token with `Github\Client::AUTH_JWT` to request
-and installation access token which is then usable with `Github\Client::AUTH_ACCESS_TOKEN`. [Github´s integration
+and installation access token which is then usable with `Github\AuthMethod::AUTH_ACCESS_TOKEN`. [Github´s integration
 authentication docs](https://developer.github.com/apps/building-github-apps/authentication-options-for-github-apps/#authenticating-as-a-github-app) describe the flow in detail.
 It´s important for integration requests to use the custom Accept header `application/vnd.github.machine-man-preview`.
 
diff --git a/lib/Github/AuthMethod.php b/lib/Github/AuthMethod.php
new file mode 100644
index 00000000000..b170f47e1bd
--- /dev/null
+++ b/lib/Github/AuthMethod.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Github;
+
+final class AuthMethod
+{
+    /**
+     * Authenticate using a client_id/client_secret combination.
+     *
+     * @var string
+     */
+    const AUTH_CLIENT_ID = 'client_id_header';
+
+    /**
+     * Authenticate using a GitHub access token.
+     *
+     * @var string
+     */
+    const AUTH_ACCESS_TOKEN = 'access_token_header';
+
+    /**
+     * Constant for authentication method.
+     *
+     * Indicates JSON Web Token authentication required for GitHub apps access
+     * to the API.
+     *
+     * @var string
+     */
+    const AUTH_JWT = 'jwt';
+}
diff --git a/lib/Github/Client.php b/lib/Github/Client.php
index 6ea5072ab7f..c72b1635841 100644
--- a/lib/Github/Client.php
+++ b/lib/Github/Client.php
@@ -69,30 +69,6 @@
  */
 class Client
 {
-    /**
-     * Authenticate using a client_id/client_secret combination.
-     *
-     * @var string
-     */
-    const AUTH_CLIENT_ID = 'client_id_header';
-
-    /**
-     * Authenticate using a GitHub access token.
-     *
-     * @var string
-     */
-    const AUTH_ACCESS_TOKEN = 'access_token_header';
-
-    /**
-     * Constant for authentication method.
-     *
-     * Indicates JSON Web Token authentication required for GitHub apps access
-     * to the API.
-     *
-     * @var string
-     */
-    const AUTH_JWT = 'jwt';
-
     /**
      * @var string
      */
@@ -313,7 +289,7 @@ public function api($name): AbstractApi
      */
     public function authenticate($tokenOrLogin, $password = null, $authMethod = null): void
     {
-        if (null === $authMethod && (self::AUTH_JWT === $password || self::AUTH_ACCESS_TOKEN === $password)) {
+        if (null === $authMethod && (AuthMethod::AUTH_JWT === $password || AuthMethod::AUTH_ACCESS_TOKEN === $password)) {
             $authMethod = $password;
             $password = null;
         }
diff --git a/lib/Github/HttpClient/Plugin/Authentication.php b/lib/Github/HttpClient/Plugin/Authentication.php
index 2b533436617..eda5d983699 100644
--- a/lib/Github/HttpClient/Plugin/Authentication.php
+++ b/lib/Github/HttpClient/Plugin/Authentication.php
@@ -2,7 +2,7 @@
 
 namespace Github\HttpClient\Plugin;
 
-use Github\Client;
+use Github\AuthMethod;
 use Github\Exception\RuntimeException;
 use Http\Client\Common\Plugin;
 use Http\Promise\Promise;
@@ -58,11 +58,11 @@ public function handleRequest(RequestInterface $request, callable $next, callabl
     private function getAuthorizationHeader(): string
     {
         switch ($this->method) {
-            case Client::AUTH_CLIENT_ID:
+            case AuthMethod::AUTH_CLIENT_ID:
                 return sprintf('Basic %s', base64_encode($this->tokenOrLogin.':'.$this->password));
-            case Client::AUTH_ACCESS_TOKEN:
+            case AuthMethod::AUTH_ACCESS_TOKEN:
                 return sprintf('token %s', $this->tokenOrLogin);
-            case Client::AUTH_JWT:
+            case AuthMethod::AUTH_JWT:
                 return sprintf('Bearer %s', $this->tokenOrLogin);
             default:
                 throw new RuntimeException(sprintf('%s not yet implemented', $this->method));
diff --git a/test/Github/Tests/ClientTest.php b/test/Github/Tests/ClientTest.php
index d1eb5737acf..5f55bb52bc1 100644
--- a/test/Github/Tests/ClientTest.php
+++ b/test/Github/Tests/ClientTest.php
@@ -3,6 +3,7 @@
 namespace Github\Tests;
 
 use Github\Api;
+use Github\AuthMethod;
 use Github\Client;
 use Github\Exception\BadMethodCallException;
 use Github\Exception\InvalidArgumentException;
@@ -68,9 +69,9 @@ public function shouldAuthenticateUsingAllGivenParameters($login, $password, $me
     public function getAuthenticationFullData()
     {
         return [
-            ['token', null, Client::AUTH_ACCESS_TOKEN],
-            ['client_id', 'client_secret', Client::AUTH_CLIENT_ID],
-            ['token', null, Client::AUTH_JWT],
+            ['token', null, AuthMethod::AUTH_ACCESS_TOKEN],
+            ['client_id', 'client_secret', AuthMethod::AUTH_CLIENT_ID],
+            ['token', null, AuthMethod::AUTH_JWT],
         ];
     }
 
@@ -84,7 +85,7 @@ public function shouldAuthenticateUsingGivenParameters()
             ->getMock();
         $builder->expects($this->once())
             ->method('addPlugin')
-            ->with($this->equalTo(new Authentication('token', null, Client::AUTH_ACCESS_TOKEN)));
+            ->with($this->equalTo(new Authentication('token', null, AuthMethod::AUTH_ACCESS_TOKEN)));
 
         $builder->expects($this->once())
             ->method('removePlugin')
@@ -98,7 +99,7 @@ public function shouldAuthenticateUsingGivenParameters()
             ->method('getHttpClientBuilder')
             ->willReturn($builder);
 
-        $client->authenticate('token', Client::AUTH_ACCESS_TOKEN);
+        $client->authenticate('token', AuthMethod::AUTH_ACCESS_TOKEN);
     }
 
     /**
diff --git a/test/Github/Tests/Functional/CacheTest.php b/test/Github/Tests/Functional/CacheTest.php
index 58afe5f61f3..7768ed9ddff 100644
--- a/test/Github/Tests/Functional/CacheTest.php
+++ b/test/Github/Tests/Functional/CacheTest.php
@@ -2,6 +2,7 @@
 
 namespace Github\Tests\Functional;
 
+use Github\AuthMethod;
 use Github\Client;
 use GuzzleHttp\Psr7\Response;
 use Symfony\Component\Cache\Adapter\ArrayAdapter;
@@ -25,7 +26,7 @@ public function shouldServeCachedResponse()
         $github = Client::createWithHttpClient($mockClient);
         $github->addCache(new ArrayAdapter(), ['default_ttl'=>600]);
 
-        $github->authenticate('fake_token_aaa', Client::AUTH_ACCESS_TOKEN);
+        $github->authenticate('fake_token_aaa', AuthMethod::AUTH_ACCESS_TOKEN);
         $userA = $github->currentUser()->show();
         $this->assertEquals('nyholm', $userA['login']);
 
@@ -45,11 +46,11 @@ public function shouldVaryOnAuthorization()
         $github = Client::createWithHttpClient($mockClient);
         $github->addCache(new ArrayAdapter(), ['default_ttl'=>600]);
 
-        $github->authenticate('fake_token_aaa', Client::AUTH_ACCESS_TOKEN);
+        $github->authenticate('fake_token_aaa', AuthMethod::AUTH_ACCESS_TOKEN);
         $userA = $github->currentUser()->show();
         $this->assertEquals('nyholm', $userA['login']);
 
-        $github->authenticate('fake_token_bbb', Client::AUTH_ACCESS_TOKEN);
+        $github->authenticate('fake_token_bbb', AuthMethod::AUTH_ACCESS_TOKEN);
         $userB = $github->currentUser()->show();
         $this->assertEquals('octocat', $userB['login'], 'We must vary on the Authorization header.');
     }
diff --git a/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php b/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php
index e8c3d24a6a6..aff396bdb34 100644
--- a/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php
+++ b/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php
@@ -2,7 +2,7 @@
 
 namespace Github\Tests\HttpClient\Plugin;
 
-use Github\Client;
+use Github\AuthMethod;
 use Github\HttpClient\Plugin\Authentication;
 use GuzzleHttp\Psr7\Request;
 use Http\Promise\FulfilledPromise;
@@ -41,9 +41,9 @@ public function testAuthenticationMethods($tokenOrLogin, $password, $method, $ex
     public function getAuthenticationData()
     {
         return [
-            ['access_token', null, Client::AUTH_ACCESS_TOKEN, 'token access_token'],
-            ['client_id', 'client_secret', Client::AUTH_CLIENT_ID, sprintf('Basic %s', base64_encode('client_id'.':'.'client_secret'))],
-            ['jwt_token', null, Client::AUTH_JWT, 'Bearer jwt_token'],
+            ['access_token', null, AuthMethod::AUTH_ACCESS_TOKEN, 'token access_token'],
+            ['client_id', 'client_secret', AuthMethod::AUTH_CLIENT_ID, sprintf('Basic %s', base64_encode('client_id'.':'.'client_secret'))],
+            ['jwt_token', null, AuthMethod::AUTH_JWT, 'Bearer jwt_token'],
         ];
     }
 }

From f4774d0c897768256e28538f1883fa747551988b Mon Sep 17 00:00:00 2001
From: Paolo Rossi <rosso.ipalo@gmail.com>
Date: Sat, 30 Oct 2021 22:41:16 +0200
Subject: [PATCH 2/5] refs #955: revert the Client::AUTH_* deletion (BC)

---
 lib/Github/Client.php | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/lib/Github/Client.php b/lib/Github/Client.php
index c72b1635841..1122728e144 100644
--- a/lib/Github/Client.php
+++ b/lib/Github/Client.php
@@ -69,6 +69,36 @@
  */
 class Client
 {
+    /**
+     * Authenticate using a client_id/client_secret combination.
+     *
+     * @var string
+     *
+     * @deprecated Use the AuthMethod const
+     */
+    const AUTH_CLIENT_ID = 'client_id_header';
+
+    /**
+     * Authenticate using a GitHub access token.
+     *
+     * @var string
+     *
+     * @deprecated Use the AuthMethod const
+     */
+    const AUTH_ACCESS_TOKEN = 'access_token_header';
+
+    /**
+     * Constant for authentication method.
+     *
+     * Indicates JSON Web Token authentication required for GitHub apps access
+     * to the API.
+     *
+     * @var string
+     *
+     * @deprecated Use the AuthMethod const
+     */
+    const AUTH_JWT = 'jwt';
+
     /**
      * @var string
      */

From e7f1ab951ba8df11c013b7dd4bcedbb0924548d7 Mon Sep 17 00:00:00 2001
From: Paolo Rossi <rosso.ipalo@gmail.com>
Date: Sun, 31 Oct 2021 17:14:30 +0100
Subject: [PATCH 3/5] refs #955: fix CR issues

---
 UPGRADE-3.0.md                                 |  8 ++++----
 doc/currentuser/repositories.md                |  2 +-
 doc/graphql.md                                 |  4 ++--
 doc/security.md                                | 18 +++++++++---------
 lib/Github/AuthMethod.php                      |  6 +++---
 lib/Github/Client.php                          |  8 ++++----
 .../HttpClient/Plugin/Authentication.php       |  6 +++---
 test/Github/Tests/ClientTest.php               | 10 +++++-----
 test/Github/Tests/Functional/CacheTest.php     |  6 +++---
 .../HttpClient/Plugin/AuthenticationTest.php   |  6 +++---
 10 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/UPGRADE-3.0.md b/UPGRADE-3.0.md
index b9120594a06..738343d6c37 100644
--- a/UPGRADE-3.0.md
+++ b/UPGRADE-3.0.md
@@ -15,7 +15,7 @@
 
 ### Authentication methods
 
-* `Github\Client::AUTH_ACCESS_TOKEN`  use `Github\AuthMethod::AUTH_ACCESS_TOKEN` instead.
-* `Github\Client::AUTH_CLIENT_ID`  use `Github\AuthMethod::AUTH_CLIENT_ID` instead.
-* `Github\Client::AUTH_ACCESS_TOKEN`  use `Github\AuthMethod::AUTH_ACCESS_TOKEN` instead.
-* `Github\Client::AUTH_ACCESS_TOKEN`  use `Github\AuthMethod::AUTH_ACCESS_TOKEN` instead.
+* `Github\Client::AUTH_URL_TOKEN` use `Github\Client::AUTH_ACCESS_TOKEN` instead.
+* `Github\Client::AUTH_URL_CLIENT_ID` use `Github\Client::AUTH_CLIENT_ID` instead.
+* `Github\Client::AUTH_HTTP_TOKEN` use `Github\Client::AUTH_ACCESS_TOKEN` instead.
+* `Github\Client::AUTH_HTTP_PASSWORD` use `Github\Client::AUTH_ACCESS_TOKEN` instead.
diff --git a/doc/currentuser/repositories.md b/doc/currentuser/repositories.md
index d54cc5d4225..9b5e1d85e94 100644
--- a/doc/currentuser/repositories.md
+++ b/doc/currentuser/repositories.md
@@ -25,6 +25,6 @@ There are three values that can be passed into the `repositories` method: `type`
 
 ```php
 $client = new \Github\Client();
-$client->authenticate($github_token, null, \Github\AuthMethod::AUTH_ACCESS_TOKEN);
+$client->authenticate($github_token, null, \Github\AuthMethod::ACCESS_TOKEN);
 $client->currentUser()->repositories();
 ```
diff --git a/doc/graphql.md b/doc/graphql.md
index 00adf92ce57..83481868544 100644
--- a/doc/graphql.md
+++ b/doc/graphql.md
@@ -14,7 +14,7 @@ $rateLimits = $client->api('graphql')->execute($query);
 To use [GitHub v4 API (GraphQL API)](http://developer.github.com/v4/) requests must [authenticated]((../security.md)).
 
 ```php
-$client->authenticate($token, null, Github\AuthMethod::AUTH_ACCESS_TOKEN);
+$client->authenticate($token, null, Github\AuthMethod::ACCESS_TOKEN);
 
 $result = $client->api('graphql')->execute($query);
 ```
@@ -51,7 +51,7 @@ $variables = [
     'organizationLogin' => 'KnpLabs'
 ];
 
-$client->authenticate('<your-token>', null, Github\AuthMethod::AUTH_ACCESS_TOKEN);
+$client->authenticate('<your-token>', null, Github\AuthMethod::ACCESS_TOKEN);
 
 $orgInfo = $client->api('graphql')->execute($query, $variables);
 ```
diff --git a/doc/security.md b/doc/security.md
index 8c76fdfe91a..7a79ee6674c 100644
--- a/doc/security.md
+++ b/doc/security.md
@@ -17,23 +17,23 @@ $client->authenticate($usernameOrToken, $password, $method);
 and guess what should contain `$password`. The `$method` can contain one of the three allowed values:
 
 #### Supported methods
-* `Github\AuthMethod::AUTH_CLIENT_ID` - https://developer.github.com/v3/#oauth2-keysecret
-* `Github\AuthMethod::AUTH_ACCESS_TOKEN` - https://developer.github.com/v3/#oauth2-token-sent-in-a-header
-* `Github\AuthMethod::AUTH_JWT` - https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app
+* `Github\AuthMethod::CLIENT_ID` - https://developer.github.com/v3/#oauth2-keysecret
+* `Github\AuthMethod::ACCESS_TOKEN` - https://developer.github.com/v3/#oauth2-token-sent-in-a-header
+* `Github\AuthMethod::JWT` - https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app
 
-The required value of `$password` depends on the chosen `$method`. For `Github\AuthMethod::AUTH_ACCESS_TOKEN`, `Github\Client::AUTH_ACCESS_TOKEN` and
-`Github\Client::JWT` methods you should provide the API token in `$usernameOrToken` variable (`$password` is omitted in
+The required value of `$password` depends on the chosen `$method`. For `Github\AuthMethod::CLIENT_ID`, `Github\AuthMethod::ACCESS_TOKEN` and
+`Github\AuthMethod::JWT` methods you should provide the API token in `$usernameOrToken` variable (`$password` is omitted in
 this particular case).
 
-The `Github\Client::AUTH_JWT` authentication method sends the specified JSON Web Token in an Authorization header.
+The `Github\AuthMethod::JWT` authentication method sends the specified JSON Web Token in an Authorization header.
 
 After executing the `$client->authenticate($usernameOrToken, $secret, $method);` method using correct credentials, all
 further requests are done as the given user.
 
 ### Authenticating as an Integration
 
-To authenticate as an integration you need to supply a JSON Web Token with `Github\Client::AUTH_JWT` to request
-and installation access token which is then usable with `Github\AuthMethod::AUTH_ACCESS_TOKEN`. [Github´s integration
+To authenticate as an integration you need to supply a JSON Web Token with `Github\AuthMethod::JWT` to request
+and installation access token which is then usable with `Github\AuthMethod::ACCESS_TOKEN`. [Github´s integration
 authentication docs](https://developer.github.com/apps/building-github-apps/authentication-options-for-github-apps/#authenticating-as-a-github-app) describe the flow in detail.
 It´s important for integration requests to use the custom Accept header `application/vnd.github.machine-man-preview`.
 
@@ -64,7 +64,7 @@ $jwt = $config->builder(ChainedFormatter::withUnixTimestampDates())
     ->getToken($config->signer(), $config->signingKey())
 ;
 
-$github->authenticate($jwt->toString(), null, Github\Client::AUTH_JWT)
+$github->authenticate($jwt->toString(), null, Github\AuthMethod::JWT)
 ```
 
 The `$integrationId` you can find in the about section of your github app.
diff --git a/lib/Github/AuthMethod.php b/lib/Github/AuthMethod.php
index b170f47e1bd..3e04ba50f76 100644
--- a/lib/Github/AuthMethod.php
+++ b/lib/Github/AuthMethod.php
@@ -9,14 +9,14 @@ final class AuthMethod
      *
      * @var string
      */
-    const AUTH_CLIENT_ID = 'client_id_header';
+    const CLIENT_ID = 'client_id_header';
 
     /**
      * Authenticate using a GitHub access token.
      *
      * @var string
      */
-    const AUTH_ACCESS_TOKEN = 'access_token_header';
+    const ACCESS_TOKEN = 'access_token_header';
 
     /**
      * Constant for authentication method.
@@ -26,5 +26,5 @@ final class AuthMethod
      *
      * @var string
      */
-    const AUTH_JWT = 'jwt';
+    const JWT = 'jwt';
 }
diff --git a/lib/Github/Client.php b/lib/Github/Client.php
index 1122728e144..4a61af84bae 100644
--- a/lib/Github/Client.php
+++ b/lib/Github/Client.php
@@ -76,7 +76,7 @@ class Client
      *
      * @deprecated Use the AuthMethod const
      */
-    const AUTH_CLIENT_ID = 'client_id_header';
+    const AUTH_CLIENT_ID = AuthMethod::CLIENT_ID;
 
     /**
      * Authenticate using a GitHub access token.
@@ -85,7 +85,7 @@ class Client
      *
      * @deprecated Use the AuthMethod const
      */
-    const AUTH_ACCESS_TOKEN = 'access_token_header';
+    const AUTH_ACCESS_TOKEN = AuthMethod::ACCESS_TOKEN;
 
     /**
      * Constant for authentication method.
@@ -97,7 +97,7 @@ class Client
      *
      * @deprecated Use the AuthMethod const
      */
-    const AUTH_JWT = 'jwt';
+    const AUTH_JWT = AuthMethod::JWT;
 
     /**
      * @var string
@@ -319,7 +319,7 @@ public function api($name): AbstractApi
      */
     public function authenticate($tokenOrLogin, $password = null, $authMethod = null): void
     {
-        if (null === $authMethod && (AuthMethod::AUTH_JWT === $password || AuthMethod::AUTH_ACCESS_TOKEN === $password)) {
+        if (null === $authMethod && (AuthMethod::JWT === $password || AuthMethod::ACCESS_TOKEN === $password)) {
             $authMethod = $password;
             $password = null;
         }
diff --git a/lib/Github/HttpClient/Plugin/Authentication.php b/lib/Github/HttpClient/Plugin/Authentication.php
index eda5d983699..91ed9caa2cf 100644
--- a/lib/Github/HttpClient/Plugin/Authentication.php
+++ b/lib/Github/HttpClient/Plugin/Authentication.php
@@ -58,11 +58,11 @@ public function handleRequest(RequestInterface $request, callable $next, callabl
     private function getAuthorizationHeader(): string
     {
         switch ($this->method) {
-            case AuthMethod::AUTH_CLIENT_ID:
+            case AuthMethod::CLIENT_ID:
                 return sprintf('Basic %s', base64_encode($this->tokenOrLogin.':'.$this->password));
-            case AuthMethod::AUTH_ACCESS_TOKEN:
+            case AuthMethod::ACCESS_TOKEN:
                 return sprintf('token %s', $this->tokenOrLogin);
-            case AuthMethod::AUTH_JWT:
+            case AuthMethod::JWT:
                 return sprintf('Bearer %s', $this->tokenOrLogin);
             default:
                 throw new RuntimeException(sprintf('%s not yet implemented', $this->method));
diff --git a/test/Github/Tests/ClientTest.php b/test/Github/Tests/ClientTest.php
index 5f55bb52bc1..c4980b8edc5 100644
--- a/test/Github/Tests/ClientTest.php
+++ b/test/Github/Tests/ClientTest.php
@@ -69,9 +69,9 @@ public function shouldAuthenticateUsingAllGivenParameters($login, $password, $me
     public function getAuthenticationFullData()
     {
         return [
-            ['token', null, AuthMethod::AUTH_ACCESS_TOKEN],
-            ['client_id', 'client_secret', AuthMethod::AUTH_CLIENT_ID],
-            ['token', null, AuthMethod::AUTH_JWT],
+            ['token', null, AuthMethod::ACCESS_TOKEN],
+            ['client_id', 'client_secret', AuthMethod::CLIENT_ID],
+            ['token', null, AuthMethod::JWT],
         ];
     }
 
@@ -85,7 +85,7 @@ public function shouldAuthenticateUsingGivenParameters()
             ->getMock();
         $builder->expects($this->once())
             ->method('addPlugin')
-            ->with($this->equalTo(new Authentication('token', null, AuthMethod::AUTH_ACCESS_TOKEN)));
+            ->with($this->equalTo(new Authentication('token', null, AuthMethod::ACCESS_TOKEN)));
 
         $builder->expects($this->once())
             ->method('removePlugin')
@@ -99,7 +99,7 @@ public function shouldAuthenticateUsingGivenParameters()
             ->method('getHttpClientBuilder')
             ->willReturn($builder);
 
-        $client->authenticate('token', AuthMethod::AUTH_ACCESS_TOKEN);
+        $client->authenticate('token', AuthMethod::ACCESS_TOKEN);
     }
 
     /**
diff --git a/test/Github/Tests/Functional/CacheTest.php b/test/Github/Tests/Functional/CacheTest.php
index 7768ed9ddff..ec9be6b12e0 100644
--- a/test/Github/Tests/Functional/CacheTest.php
+++ b/test/Github/Tests/Functional/CacheTest.php
@@ -26,7 +26,7 @@ public function shouldServeCachedResponse()
         $github = Client::createWithHttpClient($mockClient);
         $github->addCache(new ArrayAdapter(), ['default_ttl'=>600]);
 
-        $github->authenticate('fake_token_aaa', AuthMethod::AUTH_ACCESS_TOKEN);
+        $github->authenticate('fake_token_aaa', AuthMethod::ACCESS_TOKEN);
         $userA = $github->currentUser()->show();
         $this->assertEquals('nyholm', $userA['login']);
 
@@ -46,11 +46,11 @@ public function shouldVaryOnAuthorization()
         $github = Client::createWithHttpClient($mockClient);
         $github->addCache(new ArrayAdapter(), ['default_ttl'=>600]);
 
-        $github->authenticate('fake_token_aaa', AuthMethod::AUTH_ACCESS_TOKEN);
+        $github->authenticate('fake_token_aaa', AuthMethod::ACCESS_TOKEN);
         $userA = $github->currentUser()->show();
         $this->assertEquals('nyholm', $userA['login']);
 
-        $github->authenticate('fake_token_bbb', AuthMethod::AUTH_ACCESS_TOKEN);
+        $github->authenticate('fake_token_bbb', AuthMethod::ACCESS_TOKEN);
         $userB = $github->currentUser()->show();
         $this->assertEquals('octocat', $userB['login'], 'We must vary on the Authorization header.');
     }
diff --git a/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php b/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php
index aff396bdb34..be937684d01 100644
--- a/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php
+++ b/test/Github/Tests/HttpClient/Plugin/AuthenticationTest.php
@@ -41,9 +41,9 @@ public function testAuthenticationMethods($tokenOrLogin, $password, $method, $ex
     public function getAuthenticationData()
     {
         return [
-            ['access_token', null, AuthMethod::AUTH_ACCESS_TOKEN, 'token access_token'],
-            ['client_id', 'client_secret', AuthMethod::AUTH_CLIENT_ID, sprintf('Basic %s', base64_encode('client_id'.':'.'client_secret'))],
-            ['jwt_token', null, AuthMethod::AUTH_JWT, 'Bearer jwt_token'],
+            ['access_token', null, AuthMethod::ACCESS_TOKEN, 'token access_token'],
+            ['client_id', 'client_secret', AuthMethod::CLIENT_ID, sprintf('Basic %s', base64_encode('client_id'.':'.'client_secret'))],
+            ['jwt_token', null, AuthMethod::JWT, 'Bearer jwt_token'],
         ];
     }
 }

From c9cf54e65f7010821d224dfc96ada2a226ce9e81 Mon Sep 17 00:00:00 2001
From: Paolo Rossi <rosso.ipalo@gmail.com>
Date: Sun, 31 Oct 2021 17:22:24 +0100
Subject: [PATCH 4/5] refs #955: add upgrade to v4.0 notes

---
 UPGRADE-4.0.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
index 9192a02a726..6ede78deb51 100644
--- a/UPGRADE-4.0.md
+++ b/UPGRADE-4.0.md
@@ -3,3 +3,9 @@
 ### ResultPager
 
 * `\Github\ResultPagerInterface::postFetch` is deprecated, and the method will be removed from the ResultPager interface/class.
+
+### Authentication methods
+
+* `Github\Client::AUTH_CLIENT_ID` is deprecated, use `Github\AuthMethod::CLIENT_ID` instead.
+* `Github\Client::AUTH_ACCESS_TOKEN` is deprecated, use `Github\AuthMethod::ACCESS_TOKEN` instead.
+* `Github\Client::AUTH_JWT` is deprecated, use `Github\AuthMethod::JWT` instead.

From ec6656c7209df6674852463c4250402e3d6e395a Mon Sep 17 00:00:00 2001
From: Paolo Rossi <rosso.ipalo@gmail.com>
Date: Mon, 1 Nov 2021 17:48:08 +0100
Subject: [PATCH 5/5] refs #955: set public all constants

---
 lib/Github/AuthMethod.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/Github/AuthMethod.php b/lib/Github/AuthMethod.php
index 3e04ba50f76..4a390699a3c 100644
--- a/lib/Github/AuthMethod.php
+++ b/lib/Github/AuthMethod.php
@@ -9,14 +9,14 @@ final class AuthMethod
      *
      * @var string
      */
-    const CLIENT_ID = 'client_id_header';
+    public const CLIENT_ID = 'client_id_header';
 
     /**
      * Authenticate using a GitHub access token.
      *
      * @var string
      */
-    const ACCESS_TOKEN = 'access_token_header';
+    public const ACCESS_TOKEN = 'access_token_header';
 
     /**
      * Constant for authentication method.
@@ -26,5 +26,5 @@ final class AuthMethod
      *
      * @var string
      */
-    const JWT = 'jwt';
+    public const JWT = 'jwt';
 }