From: M Hickford <mirth.hickford@gmail.com>
To: Jeff King <peff@peff.net>
Cc: M Hickford <mirth.hickford@gmail.com>,
Taylor Blau <me@ttaylorr.com>,
M Hickford via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org
Subject: Re: [PATCH] docs: clarify that credential discards unrecognised attributes
Date: Sat, 12 Nov 2022 19:08:42 +0000 [thread overview]
Message-ID: <CAGJzqsnd3UbCuj6xfsAgVEFz5OaDBhnCTNeAvOVPK9NWBDnDRA@mail.gmail.com> (raw)
In-Reply-To: <Y2/OIrSz+xrqkd+C@coredump.intra.peff.net>
On Sat, 12 Nov 2022 at 16:47, Jeff King <peff@peff.net> wrote:
> > > We did discuss patches a long time ago that would let Git carry
> > > arbitrary keys between helpers, even if Git itself didn't understand it.
> > > One of the intended uses was to let helpers talk to each other about
> > > TTLs. So if you had say:
> > >
> > > [credential]
> > > helper = generate-some-token
> > > helper = cache
> > >
> > > where the first helper generates a token, and the second caches it, the
> > > first one could shove a "ttl" or "expiration" key into the protocol,
> > > which the cache could then learn to respect.
> >
>
> What you're doing works fine with the code as-is; you just can't carry
> extra data (like a ttl) between the two.
FWIW I have a draft patch that adds password_expiry_utc and
oauth_refresh_token attributes to credential
https://github.com/gitgitgadget/git/pull/1394 introducing expiry logic
in the credential layer. I'll share a RFC sometime in future.
> I agree for GitHub's tokens that the times involved make auto-expiration
> not that important. The example back in that thread was something more
> time-limited (like minutes or hours). I don't know how often that kind
> of things is in the wild.
GitLab OAuth tokens expire after 2 hours (the refresh tokens are valid
longer). This is a security improvement over long-lived tokens.
next prev parent reply other threads:[~2022-11-12 19:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-24 7:57 [PATCH] docs: clarify that credential discards unrecognised attributes M Hickford via GitGitGadget
2022-10-24 23:59 ` Jeff King
2022-10-25 0:00 ` Jeff King
2022-10-25 1:51 ` Thanks M Hickford
2022-10-25 9:05 ` Thanks Bagas Sanjaya
2022-10-26 4:39 ` Thanks M Hickford
2022-10-26 5:18 ` Thanks Jeff King
2022-10-26 9:36 ` Thanks Junio C Hamano
2022-11-12 2:21 ` [PATCH] docs: clarify that credential discards unrecognised attributes M Hickford
2022-11-12 16:47 ` Jeff King
2022-11-12 19:08 ` M Hickford [this message]
2022-11-14 22:40 ` Jeff King
2022-11-13 4:56 ` Taylor Blau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGJzqsnd3UbCuj6xfsAgVEFz5OaDBhnCTNeAvOVPK9NWBDnDRA@mail.gmail.com \
--to=mirth.hickford@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).