* [PATCH] doc: gitcredentials: introduce OAuth helpers
@ 2023-05-28 19:45 M Hickford via GitGitGadget
2023-05-28 22:51 ` brian m. carlson
2023-06-21 7:30 ` [PATCH v2] doc: gitcredentials: link to helper list M Hickford via GitGitGadget
0 siblings, 2 replies; 7+ messages in thread
From: M Hickford via GitGitGadget @ 2023-05-28 19:45 UTC (permalink / raw)
To: git
Cc: peff, msuchanek, sandals, lessleydennington, me, mjcheetham,
M Hickford, M Hickford
From: M Hickford <mirth.hickford@gmail.com>
OAuth credential helpers are widely useful but work differently to other
credential helpers, so worth introducing in the docs.
Link to relevant projects.
Signed-off-by: M Hickford <mirth.hickford@gmail.com>
---
gitcredentials: describe OAuth credential helpers
See also discussion
https://lore.kernel.org/git/CAGJzqskaM80+8+79yUf435tP93Sk8sFu7marCvyimE=2gOKnog@mail.gmail.com/
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1538%2Fhickford%2Fhelpers-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1538/hickford/helpers-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/1538
Documentation/gitcredentials.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
index 100f045bb1a..d2a7249d52b 100644
--- a/Documentation/gitcredentials.txt
+++ b/Documentation/gitcredentials.txt
@@ -105,6 +105,19 @@ $ git config --global credential.helper foo
-------------------------------------------
+=== OAuth credential helpers
+
+An alternative to entering passwords or personal access tokens is to use an
+OAuth credential helper. Many popular Git hosts support OAuth. The first time
+you authenticate, the helper opens a browser window to the host.
+Subsequent authentication is non interactive.
+
+Two cross-platform open-source OAuth credential helpers are:
+
+* https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager]
+* https://github.com/hickford/git-credential-oauth[git-credential-oauth]
+
+
CREDENTIAL CONTEXTS
-------------------
base-commit: 79bdd48716a4c455bdc8ffd91d57a18d5cd55baa
--
gitgitgadget
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] doc: gitcredentials: introduce OAuth helpers
2023-05-28 19:45 [PATCH] doc: gitcredentials: introduce OAuth helpers M Hickford via GitGitGadget
@ 2023-05-28 22:51 ` brian m. carlson
2023-05-29 9:50 ` M Hickford
2023-06-21 6:28 ` M Hickford
2023-06-21 7:30 ` [PATCH v2] doc: gitcredentials: link to helper list M Hickford via GitGitGadget
1 sibling, 2 replies; 7+ messages in thread
From: brian m. carlson @ 2023-05-28 22:51 UTC (permalink / raw)
To: M Hickford via GitGitGadget
Cc: git, peff, msuchanek, lessleydennington, me, mjcheetham,
M Hickford
[-- Attachment #1: Type: text/plain, Size: 1143 bytes --]
On 2023-05-28 at 19:45:27, M Hickford via GitGitGadget wrote:
> From: M Hickford <mirth.hickford@gmail.com>
>
> OAuth credential helpers are widely useful but work differently to other
> credential helpers, so worth introducing in the docs.
>
> Link to relevant projects.
There are many possible implementations of credential helpers, and I'd
prefer we didn't specifically propose any of them here. We ship with
some in contrib, and I think it would be better to fix them to be
functional for this use case rather than link to external projects.
I expect, however, that functionally, that will be difficult to do,
given the fact that OAuth typically requires registration with the
remote system, and thus we'd intrinsically be prioritizing some
well-known forges over less-known or personally-hosted forges, which
we've traditionally tried not to do. For example, your
git-credential-oauth contains a hard-coded list of 11 forges (and also
proposes adding credentials for new ones into the config, which isn't
really a secure way to store secrets).
--
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 263 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] doc: gitcredentials: introduce OAuth helpers
2023-05-28 22:51 ` brian m. carlson
@ 2023-05-29 9:50 ` M Hickford
2023-06-21 6:28 ` M Hickford
1 sibling, 0 replies; 7+ messages in thread
From: M Hickford @ 2023-05-29 9:50 UTC (permalink / raw)
To: brian m. carlson, M Hickford via GitGitGadget, git, peff,
msuchanek, lessleydennington, me, mjcheetham, M Hickford
On Sun, 28 May 2023 at 23:51, brian m. carlson
<sandals@crustytoothpaste.net> wrote:
>
> On 2023-05-28 at 19:45:27, M Hickford via GitGitGadget wrote:
> > From: M Hickford <mirth.hickford@gmail.com>
> >
> > OAuth credential helpers are widely useful but work differently to other
> > credential helpers, so worth introducing in the docs.
> >
> > Link to relevant projects.
>
> There are many possible implementations of credential helpers, and I'd
> prefer we didn't specifically propose any of them here. We ship with
> some in contrib, and I think it would be better to fix them to be
> functional for this use case rather than link to external projects.
Thanks Brian for your reply. I'd love to upstream OAuth functionality
in Git, but I think it'd be prohibitively difficult technically without
introducing extra dependencies. git-credential-oauth is little more
than 100 lines of Go, but it takes advantage of Go's broad standard
library and a library for OAuth. I expect that would require tens of
thousands of lines of challenging C.
https://github.com/hickford/git-credential-oauth/issues/8
I think OAuth is such a boon for usable security that it's worth
describing and linking to external projects. The text aims to inform
the user rather than tell them to use a particular project. An
alternative would be to link to a new 'credential helpers' page on
git-scm.com
>
> I expect, however, that functionally, that will be difficult to do,
> given the fact that OAuth typically requires registration with the
> remote system, and thus we'd intrinsically be prioritizing some
> well-known forges over less-known or personally-hosted forges, which
> we've traditionally tried not to do. For example, your
In that spirit, the patch avoids naming "popular Git hosts".
> git-credential-oauth contains a hard-coded list of 11 forges (and also
> proposes adding credentials for new ones into the config, which isn't
> really a secure way to store secrets).
To clarify, it's expected that client credentials in OAuth native apps
(unlike web apps) are non-confidential. "It is assumed that any client
authentication credentials included in the application can be
extracted" https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
> --
> brian m. carlson (he/him or they/them)
> Toronto, Ontario, CA
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] doc: gitcredentials: introduce OAuth helpers
2023-05-28 22:51 ` brian m. carlson
2023-05-29 9:50 ` M Hickford
@ 2023-06-21 6:28 ` M Hickford
1 sibling, 0 replies; 7+ messages in thread
From: M Hickford @ 2023-06-21 6:28 UTC (permalink / raw)
To: brian m. carlson, M Hickford via GitGitGadget, git, peff,
msuchanek, lessleydennington, me, mjcheetham, M Hickford
> I expect, however, that functionally, that will be difficult to do,
> given the fact that OAuth typically requires registration with the
> remote system, and thus we'd intrinsically be prioritizing some
> well-known forges over less-known or personally-hosted forges, which
> we've traditionally tried not to do. For example, your
> git-credential-oauth contains a hard-coded list of 11 forges
Forge diversity is my motivation! Consider the average Git user. They
contribute to several projects on GitHub. They are deterred from
contributing to worthy projects elsewhere by the setup cost of
configuring personal access tokens or SSH keys. To use five forges
from three machines, you have to generate 15 personal access tokens or
upload SSH keys 15 times. Whereas a git-credential-oauth user can
contribute to projects on many popular hosts without any setup. That's
progress surely.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2] doc: gitcredentials: link to helper list
2023-05-28 19:45 [PATCH] doc: gitcredentials: introduce OAuth helpers M Hickford via GitGitGadget
2023-05-28 22:51 ` brian m. carlson
@ 2023-06-21 7:30 ` M Hickford via GitGitGadget
2023-06-27 8:21 ` Jeff King
2023-07-08 20:36 ` [PATCH v3] " M Hickford via GitGitGadget
1 sibling, 2 replies; 7+ messages in thread
From: M Hickford via GitGitGadget @ 2023-06-21 7:30 UTC (permalink / raw)
To: git
Cc: peff, msuchanek, sandals, lessleydennington, me, mjcheetham,
M Hickford, M Hickford
From: M Hickford <mirth.hickford@gmail.com>
Link to community list of credential helpers. This is useful information
for users.
Describe how OAuth credential helpers work. OAuth is a user-friendly
alternative to personal access tokens and SSH keys. Reduced setup cost
makes it easier for users to contribute to projects across multiple
forges.
Signed-off-by: M Hickford <mirth.hickford@gmail.com>
---
gitcredentials: link to list of helpers
Add link to list of helpers
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1538%2Fhickford%2Fhelpers-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1538/hickford/helpers-v2
Pull-Request: https://github.com/gitgitgadget/git/pull/1538
Range-diff vs v1:
1: 49e2a6fc9f2 ! 1: 26818290468 doc: gitcredentials: introduce OAuth helpers
@@ Metadata
Author: M Hickford <mirth.hickford@gmail.com>
## Commit message ##
- doc: gitcredentials: introduce OAuth helpers
+ doc: gitcredentials: link to helper list
- OAuth credential helpers are widely useful but work differently to other
- credential helpers, so worth introducing in the docs.
+ Link to community list of credential helpers. This is useful information
+ for users.
- Link to relevant projects.
+ Describe how OAuth credential helpers work. OAuth is a user-friendly
+ alternative to personal access tokens and SSH keys. Reduced setup cost
+ makes it easier for users to contribute to projects across multiple
+ forges.
Signed-off-by: M Hickford <mirth.hickford@gmail.com>
## Documentation/gitcredentials.txt ##
-@@ Documentation/gitcredentials.txt: $ git config --global credential.helper foo
+@@ Documentation/gitcredentials.txt: $ git help credential-foo
+ $ git config --global credential.helper foo
-------------------------------------------
-
-+=== OAuth credential helpers
-+
-+An alternative to entering passwords or personal access tokens is to use an
-+OAuth credential helper. Many popular Git hosts support OAuth. The first time
-+you authenticate, the helper opens a browser window to the host.
-+Subsequent authentication is non interactive.
-+
-+Two cross-platform open-source OAuth credential helpers are:
++=== Available helpers
+
-+* https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager]
-+* https://github.com/hickford/git-credential-oauth[git-credential-oauth]
++The community maintains a comprehensive
++https://git-scm.com/doc/credential-helpers[list of Git credential helpers]
++available.
+
++=== OAuth
+
++An alternative to inputting passwords or personal access tokens is to use an
++OAuth credential helper. Initial authentication opens a browser window to the
++host. Subsequent authentication happens in the background. Many popular Git
++hosts support OAuth.
+
CREDENTIAL CONTEXTS
-------------------
-
Documentation/gitcredentials.txt | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
index 100f045bb1a..a266870a042 100644
--- a/Documentation/gitcredentials.txt
+++ b/Documentation/gitcredentials.txt
@@ -104,6 +104,18 @@ $ git help credential-foo
$ git config --global credential.helper foo
-------------------------------------------
+=== Available helpers
+
+The community maintains a comprehensive
+https://git-scm.com/doc/credential-helpers[list of Git credential helpers]
+available.
+
+=== OAuth
+
+An alternative to inputting passwords or personal access tokens is to use an
+OAuth credential helper. Initial authentication opens a browser window to the
+host. Subsequent authentication happens in the background. Many popular Git
+hosts support OAuth.
CREDENTIAL CONTEXTS
-------------------
base-commit: 79bdd48716a4c455bdc8ffd91d57a18d5cd55baa
--
gitgitgadget
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] doc: gitcredentials: link to helper list
2023-06-21 7:30 ` [PATCH v2] doc: gitcredentials: link to helper list M Hickford via GitGitGadget
@ 2023-06-27 8:21 ` Jeff King
2023-07-08 20:36 ` [PATCH v3] " M Hickford via GitGitGadget
1 sibling, 0 replies; 7+ messages in thread
From: Jeff King @ 2023-06-27 8:21 UTC (permalink / raw)
To: M Hickford via GitGitGadget
Cc: git, msuchanek, sandals, lessleydennington, me, mjcheetham,
M Hickford
On Wed, Jun 21, 2023 at 07:30:24AM +0000, M Hickford via GitGitGadget wrote:
> From: M Hickford <mirth.hickford@gmail.com>
>
> Link to community list of credential helpers. This is useful information
> for users.
>
> Describe how OAuth credential helpers work. OAuth is a user-friendly
> alternative to personal access tokens and SSH keys. Reduced setup cost
> makes it easier for users to contribute to projects across multiple
> forges.
Kind of seems like two topics in one patch, but OK.
I don't have much of an opinion on either topic, but...
> diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
> index 100f045bb1a..a266870a042 100644
> --- a/Documentation/gitcredentials.txt
> +++ b/Documentation/gitcredentials.txt
> @@ -104,6 +104,18 @@ $ git help credential-foo
> $ git config --global credential.helper foo
> -------------------------------------------
>
> +=== Available helpers
> +
> +The community maintains a comprehensive
> +https://git-scm.com/doc/credential-helpers[list of Git credential helpers]
> +available.
I'd note that full hyperlinks like this are kind of lousy in the manpage
builds. You get:
Available helpers
The community maintains a comprehensive list of Git credential
helpers[1] available.
in the text, and then way down at the bottom of the manpage:
NOTES
1. list of Git credential helpers
https://git-scm.com/doc/credential-helpers
Something like:
diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
index fd5ecede13..1c7d302f18 100644
--- a/Documentation/gitcredentials.txt
+++ b/Documentation/gitcredentials.txt
@@ -106,9 +106,8 @@ $ git config --global credential.helper foo
=== Available helpers
-The community maintains a comprehensive
-https://git-scm.com/doc/credential-helpers[list of Git credential helpers]
-available.
+The community maintains a comprehensive list of Git credential helpers
+at https://git-scm.com/doc/credential-helpers.
=== OAuth
yields nicer text in the manpage, and asciidoc is smart enough to turn
it into a hyperlink in the html version.
-Peff
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v3] doc: gitcredentials: link to helper list
2023-06-21 7:30 ` [PATCH v2] doc: gitcredentials: link to helper list M Hickford via GitGitGadget
2023-06-27 8:21 ` Jeff King
@ 2023-07-08 20:36 ` M Hickford via GitGitGadget
1 sibling, 0 replies; 7+ messages in thread
From: M Hickford via GitGitGadget @ 2023-07-08 20:36 UTC (permalink / raw)
To: git
Cc: peff, msuchanek, sandals, lessleydennington, me, mjcheetham,
M Hickford, M Hickford
From: M Hickford <mirth.hickford@gmail.com>
Link to community list of credential helpers. This is useful information
for users.
Describe how OAuth credential helpers work. OAuth is a user-friendly
alternative to personal access tokens and SSH keys. Reduced setup cost
makes it easier for users to contribute to projects across multiple
forges.
Signed-off-by: M Hickford <mirth.hickford@gmail.com>
---
gitcredentials: link to list of helpers
Add link to list of helpers
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1538%2Fhickford%2Fhelpers-v3
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1538/hickford/helpers-v3
Pull-Request: https://github.com/gitgitgadget/git/pull/1538
Range-diff vs v2:
1: 26818290468 ! 1: a6265156eed doc: gitcredentials: link to helper list
@@ Documentation/gitcredentials.txt: $ git help credential-foo
+=== Available helpers
+
-+The community maintains a comprehensive
-+https://git-scm.com/doc/credential-helpers[list of Git credential helpers]
-+available.
++The community maintains a comprehensive list of Git credential helpers at
++https://git-scm.com/doc/credential-helpers.
+
+=== OAuth
+
Documentation/gitcredentials.txt | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
index 65d652dc40e..71dd19731af 100644
--- a/Documentation/gitcredentials.txt
+++ b/Documentation/gitcredentials.txt
@@ -104,6 +104,17 @@ $ git help credential-foo
$ git config --global credential.helper foo
-------------------------------------------
+=== Available helpers
+
+The community maintains a comprehensive list of Git credential helpers at
+https://git-scm.com/doc/credential-helpers.
+
+=== OAuth
+
+An alternative to inputting passwords or personal access tokens is to use an
+OAuth credential helper. Initial authentication opens a browser window to the
+host. Subsequent authentication happens in the background. Many popular Git
+hosts support OAuth.
CREDENTIAL CONTEXTS
-------------------
base-commit: 061c58647eb4b3f0e2c898333577d4b2af115b1d
--
gitgitgadget
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-07-08 20:37 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-28 19:45 [PATCH] doc: gitcredentials: introduce OAuth helpers M Hickford via GitGitGadget
2023-05-28 22:51 ` brian m. carlson
2023-05-29 9:50 ` M Hickford
2023-06-21 6:28 ` M Hickford
2023-06-21 7:30 ` [PATCH v2] doc: gitcredentials: link to helper list M Hickford via GitGitGadget
2023-06-27 8:21 ` Jeff King
2023-07-08 20:36 ` [PATCH v3] " M Hickford via GitGitGadget
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).