![]() ![]() This workaround is only feasible for a monolithic helper with its own storage. Workarounds: GCM abuses the helper get/store/erase contract to store the refresh token during credential get as the password for a fictitious host (I wrote this hack). Helpers would also need extra information to distinguish between confidential and non-confidential attributes. This seems excessively complex for no obvious gain. See for an implementation tested with this patch.Īdd support for the new attribute to credential-cache.Įventually, I hope to see support in other popular storage helpers.Īlternatives considered: ask helpers to store all unrecognised attributes. The OAuth helper can use the stored refresh token forwarded by credential fill to generate a fresh access token without opening the browser. Recall that credential fill calls each helper until it has a non-expired password. This is especially useful when a storage helper and a read-only OAuth helper are configured together. Introduce a new attribute oauth_refresh_token. On a browserless system, this is particularly intrusive, requiring a second device. This means that the user has to regularly reauthorize the helper in browser. However the Git credential protocol has no attribute to store the OAuth refresh token (unrecognised attributes are silently discarded). (GitHub doesn't populate expiry or refresh token.) GitLab and BitBucket set the expiry at two hours. Git authentication with OAuth access token is supported by every popular Git host including GitHub, GitLab and BitBucket.Ĭredential helpers Git Credential Manager (GCM) and git-credential-oauth generate OAuth credentials.įollowing RFC 6749, the application prints a link for the user to authorize access in browser.Ī loopback redirect communicates the response including access token to the application.įor security, RFC 6749 recommends that OAuth response also includes expiry date and refresh token.Īfter expiry, applications can use the refresh token to generate a new access token without user reauthorization in browser. (Merged by Junio C Hamano - gitster - in commit 2ca91d1, ) credential: new attribute oauth_refresh_token See commit a5c7656 () by M Hickford ( hickford). ![]() That should be better supported with Git 2.41 (Q2 2023), the credential subsystem learns to help OAuth framework. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |