From: Taylor Blau <me@ttaylorr.com>
To: git@vger.kernel.org
Subject: [TOPIC 7/12] Authentication to new hosts without setup
Date: Mon, 2 Oct 2023 11:21:02 -0400 [thread overview]
Message-ID: <ZRrf3ntvh8y0VkYy@nand.local> (raw)
In-Reply-To: <ZRregi3JJXFs4Msb@nand.local>
(Presenter: M Hickford, Notetaker: Lessley Dennington)
(Slides: https://docs.google.com/presentation/d/127xue1Sr19J1m6wk1KwY9-5G1lPxbyHOgaIi2Ro12ts/edit?usp=sharing)
* (Hickford) I interact with many Git "hosts" (GitHub, GitLab,
gitlab.freedesktop.org, etc.). I had 15 Personal Access Tokens (PATs) around,
which was tedious. I was using Git Credential Manager, which has an option to
authenticate via web browser which creates a token. I released
git-credential-oauth with this feature which you can use with a storage
helper. I'm going to show an example of authenticating to a host I've never
used before (Gitea). Demonstrates signing into Gitea via web browser and
cloning his fork of project xorm/xorm. Since the repo is public, no
authentication is necessary. Makes a commit and pushes. Auth flow is
triggered, provides consent. Authentication was successful. There was no need
for PATs or shell keys. Git-credential-oauth supports GitHub, GitLab, Gitea,
and Gitee out of the box. Works using new(ish) password_expiry_utc attribute
and wwwauth[] headers.
* (brian) Thinks it's a great idea because it's convenient. github.com/github
requires SAML/SSO and the browser, and this should work just fine. It wouldn't
be great to have in C, but as a helper it's super convenient.
* (Hickford) Ruled out a C implementation due to the challenges. Goal was to
remove a barrier to entry for contributors to OSS trying to make bug fixes and
having to set up/deal with PATs/SSH keys.
* (Jakub) Still work to do with creating a fork, pushing.
* (brian) GCM does this but represents a greater barrier to entry for less Git
literate users. Less beneficial for Git power users.
* Edit: Lessley and brian spoke after the meeting, and Lessley realized the
above was not recorded correctly. git-credential-oauth and GCM both remove
the need for users to manually set up PATs/SSH keys (which was what was
being considered as the high barrier to entry).
next prev parent reply other threads:[~2023-10-02 15:21 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 15:15 Notes from the Git Contributor's Summit, 2023 Taylor Blau
2023-10-02 15:17 ` [TOPIC 0/12] Welcome / Conservancy Update Taylor Blau
2023-10-02 15:17 ` [TOPIC 1/12] Next-gen reference backends Taylor Blau
2023-10-02 15:18 ` [TOPIC 02/12] Libification Goals and Progress Taylor Blau
2023-10-02 15:18 ` [TOPIC 3/12] Designing a Makefile for multiple libraries Taylor Blau
2023-10-02 15:19 ` [TOPIC 4/12] Scaling Git from a forge's perspective Taylor Blau
2023-10-02 15:19 ` [TOPIC 5/12] Replacing Git LFS using multiple promisor remotes Taylor Blau
2023-10-02 15:20 ` [TOPIC 6/12] Clarifying backwards compatibility and when we break it Taylor Blau
2023-10-02 15:21 ` Taylor Blau [this message]
2023-10-02 15:21 ` [TOPIC 8/12] Update on jj, including at Google Taylor Blau
2023-10-02 15:21 ` [TOPIC 9/12] Code churn and cleanups Taylor Blau
2023-10-02 15:22 ` [TOPIC 10/12] Project management practices Taylor Blau
2023-10-02 15:22 ` [TOPIC 11/12] Improving new contributor on-boarding Taylor Blau
2023-10-02 15:22 ` [TOPIC 12/12] Overflow discussion Taylor Blau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZRrf3ntvh8y0VkYy@nand.local \
--to=me@ttaylorr.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).