From: Christian Halstrick <christian.halstrick@gmail.com>
To: Jeff King <peff@peff.net>
Cc: Junio C Hamano <gitster@pobox.com>,
Johannes Schindelin <Johannes.Schindelin@gmx.de>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
Git <git@vger.kernel.org>
Subject: Re: OAuth2 support in git?
Date: Tue, 19 Jun 2018 14:36:50 +0200 [thread overview]
Message-ID: <CAENte7hzJw5VW2JFLV1Pj5v4u52=xL-dvhcfRACYa2eUvQnAVA@mail.gmail.com> (raw)
In-Reply-To: <20180618212614.GA2504@sigill.intra.peff.net>
What is not clear to me is how we can make use of the servers initial
response in
order control which credential helper to call and how to transport the
credentials.
Imagine we try to clone over http. The initial request sent to the server
may not contain a "Authorization: ..." header and the server responds
with Unauthorized.
But the server response contains hints like a "WWW-Authenticate: Basic
realm=..." line
or a "WWW-Authenticate: Bearer realm=..." line which helps choosing the
authentication scheme used next. Maybe the server even responds with both lines
telling I would accept BASIC or BEARER.
I can imagine that we want libcurl to deal with that decisions. But
even then. How
do we make sure the our credential helpers can act return either user/password
or bearer tokens based on the server response? If credential helper
would have access
to the servers response (or only relevant parts of it?) it could
decide whether to
feel responsible for that server or not and what data to return.
And if credential helper could optionally give metadata about the kind
credential they offer
(e.g. "I return user/password" or "I return a bearer token") then core
code could know
where to transport this data. E.g. in a "Authorization: Basic ..." or
a "Authorization: Bearer ..."
field.
Ciao
Chris
next prev parent reply other threads:[~2018-06-19 12:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 8:09 OAuth2 support in git? Christian Halstrick
2018-06-14 10:13 ` brian m. carlson
2018-06-14 15:15 ` Jeff King
2018-06-14 20:46 ` Randall S. Becker
2018-06-14 21:01 ` Jeff King
2018-06-14 22:20 ` brian m. carlson
2018-06-17 11:37 ` Johannes Schindelin
2018-06-18 4:17 ` Jeff King
2018-06-18 15:53 ` Junio C Hamano
2018-06-18 21:26 ` Jeff King
2018-06-19 12:36 ` Christian Halstrick [this message]
2018-06-19 16:45 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAENte7hzJw5VW2JFLV1Pj5v4u52=xL-dvhcfRACYa2eUvQnAVA@mail.gmail.com' \
--to=christian.halstrick@gmail.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).