From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: M Hickford <mirth.hickford@gmail.com>
Cc: Junio C Hamano <gitster@pobox.com>,
peff@peff.net,
M Hickford via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org
Subject: Re: [PATCH] Mention that password could be a personal access token.
Date: Tue, 01 Nov 2022 08:58:36 +0100 [thread overview]
Message-ID: <221101.86wn8f3xlp.gmgdl@evledraar.gmail.com> (raw)
In-Reply-To: <CAGJzqs=PovTFeVFJAT1HLcKQxHdRjozUACh3Z-x8ih6yuYSb7w@mail.gmail.com>
On Tue, Nov 01 2022, M Hickford wrote:
> On Thu, 27 Oct 2022 at 18:40, Junio C Hamano <gitster@pobox.com> wrote:
>
>> Also, I wonder if the specific "it can be access token and not
>> password" is something worth adding.
>
> Personal access tokens are ubiquitous nowadays, maybe even more common
> than passwords since GitHub disabled passwords last year. I wanted
> to acknowledge this in the docs, even if Git's own behaviour hasn't
> changed. Maybe the introduction to
> https://git-scm.com/docs/gitcredentials would be a better place to do
> that?
>
> Git will sometimes need credentials from the user in order to
> perform operations; for example, it may need to ask for a username and
> password in order to access a remote repository over HTTP. **The
> server may accept or expect a personal access token instead of a
> password.**
>
> [1] https://github.blog/changelog/2021-08-12-git-password-authentication-is-shutting-down/
A "personal access token" is just a password by another name. When you
enter such a token into your .git/config (or provide it via an auth
helper) we'll sent it over via HTTP Basic Auth, "which transmits
credentials as user-id/ password pairs, encoded using Base64"[2].
Even the blog post you linked to makes the distinction, by talking about
"account passwords". I.e. what's really going on here is that providers
have been moving to using N passwords instead of 1.
Now, I'm not just trying to be pedantic. I do think there's probably a
doc improvement to be made here. If popular providers are calling this a
"[personal] access token" perhaps we should mention it in passing.
But saying "this could also be" is the point at which this could create
its own confusion. This *is* a password. E.g. if you get such a "token"
and want to try it out with the "curl" utility (whose library we use for
http) it'll be e.g.:
curl --user <user>:<password> <url>
Not:
curl --user <user> --personal-access-token <token> <url>
Or whatever. I.e. the entire rest of the stack calls this a "password",
and that stack's a lot more likely to be what stays around in the long
term, rather than what amounts to a marketing term for a password.
1. https://www.rfc-editor.org/rfc/rfc7617
next prev parent reply other threads:[~2022-11-01 8:09 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-27 4:45 [PATCH] Mention that password could be a personal access token M Hickford via GitGitGadget
2022-10-27 17:40 ` Junio C Hamano
2022-10-27 20:21 ` Jeff King
2022-10-27 21:48 ` Junio C Hamano
2022-11-01 3:54 ` M Hickford
2022-11-01 7:58 ` Ævar Arnfjörð Bjarmason [this message]
2022-11-01 10:27 ` M Hickford
2022-11-02 10:30 ` [PATCH v2] " M Hickford via GitGitGadget
2022-11-02 10:54 ` Eric Sunshine
2022-11-02 15:44 ` Junio C Hamano
2022-11-02 15:51 ` Eric Sunshine
2022-11-02 17:30 ` Philip Oakley
2022-11-08 12:11 ` M Hickford
2022-11-08 13:01 ` [PATCH v3] " M Hickford via GitGitGadget
2022-11-08 21:48 ` Taylor Blau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=221101.86wn8f3xlp.gmgdl@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
--cc=mirth.hickford@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).