mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: Taylor Blau <>
Subject: [TOPIC 7/12] Authentication to new hosts without setup
Date: Mon, 2 Oct 2023 11:21:02 -0400	[thread overview]
Message-ID: <ZRrf3ntvh8y0VkYy@nand.local> (raw)
In-Reply-To: <ZRregi3JJXFs4Msb@nand.local>

(Presenter: M Hickford, Notetaker: Lessley Dennington)

* (Hickford) I interact with many Git "hosts" (GitHub, GitLab,, etc.). I had 15 Personal Access Tokens (PATs) around,
  which was tedious. I was using Git Credential Manager, which has an option to
  authenticate via web browser which creates a token. I released
  git-credential-oauth with this feature which you can use with a storage
  helper. I'm going to show an example of authenticating to a host I've never
  used before (Gitea). Demonstrates signing into Gitea via web browser and
  cloning his fork of project xorm/xorm. Since the repo is public, no
  authentication is necessary. Makes a commit and pushes. Auth flow is
  triggered, provides consent. Authentication was successful. There was no need
  for PATs or shell keys. Git-credential-oauth supports GitHub, GitLab, Gitea,
  and Gitee out of the box. Works using new(ish) password_expiry_utc attribute
  and wwwauth[] headers.
* (brian) Thinks it's a great idea because it's convenient.
  requires SAML/SSO and the browser, and this should work just fine. It wouldn't
  be great to have in C, but as a helper it's super convenient.
* (Hickford) Ruled out a C implementation due to the challenges. Goal was to
  remove a barrier to entry for contributors to OSS trying to make bug fixes and
  having to set up/deal with PATs/SSH keys.
* (Jakub) Still work to do with creating a fork, pushing.
* (brian) GCM does this but represents a greater barrier to entry for less Git
  literate users. Less beneficial for Git power users.
   * Edit: Lessley and brian spoke after the meeting, and Lessley realized the
     above was not recorded correctly. git-credential-oauth and GCM both remove
     the need for users to manually set up PATs/SSH keys (which was what was
     being considered as the high barrier to entry).

  parent reply	other threads:[~2023-10-02 15:21 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-02 15:15 Notes from the Git Contributor's Summit, 2023 Taylor Blau
2023-10-02 15:17 ` [TOPIC 0/12] Welcome / Conservancy Update Taylor Blau
2023-10-02 15:17 ` [TOPIC 1/12] Next-gen reference backends Taylor Blau
2023-10-02 15:18 ` [TOPIC 02/12] Libification Goals and Progress Taylor Blau
2023-10-02 15:18 ` [TOPIC 3/12] Designing a Makefile for multiple libraries Taylor Blau
2023-10-02 15:19 ` [TOPIC 4/12] Scaling Git from a forge's perspective Taylor Blau
2023-10-02 15:19 ` [TOPIC 5/12] Replacing Git LFS using multiple promisor remotes Taylor Blau
2023-10-02 15:20 ` [TOPIC 6/12] Clarifying backwards compatibility and when we break it Taylor Blau
2023-10-02 15:21 ` Taylor Blau [this message]
2023-10-02 15:21 ` [TOPIC 8/12] Update on jj, including at Google Taylor Blau
2023-10-02 15:21 ` [TOPIC 9/12] Code churn and cleanups Taylor Blau
2023-10-02 15:22 ` [TOPIC 10/12] Project management practices Taylor Blau
2023-10-02 15:22 ` [TOPIC 11/12] Improving new contributor on-boarding Taylor Blau
2023-10-02 15:22 ` [TOPIC 12/12] Overflow discussion Taylor Blau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZRrf3ntvh8y0VkYy@nand.local \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).