-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve multi-account git credential support when gh
is not configured as git credential helper
#8875
Comments
I think a useful step towards making multi-account credential management easier would be to expand the availability of the I often use this flag when I want reliable access to a GH for a particular user. I would like to add it to my git config (conditionally), such that it would be either This is not currently possible though as the git-credentials command does not support that flag. Better support for the git config setting |
Thanks @jonathanmorley, this kind of thing has been mentioned before and seems to have some support. Would you mind creating a new issue so we can prioritise it. I'd like to keep this issue specifically relating to fixing |
gh
is not configured as git credential helper
Acceptance CriteriaTwo accounts using
|
Describe the feature or problem you’d like to solve
I'm creating this issue as a continuation of #8678 (comment) because we've had a number of issues created where
gh auth switch
isn't working as expected.Background Reading
When authenticating a GitHub account with
gh
, users expect that the active account token will be used in the following cases:gh issues list
gh
e.g.gh repo clone
git push
During
auth login
, if the following conditionals are true:https
gh
is not the configured credential helper for the targeted hostThen the user is presented with the following prompt:
The purpose of this prompt is to ensure that point
3.
above is addressed. Ifgh
is configured as the credential helper, then when git requests credentials, the token of the active user will always be provided. If the user chooses "Yes" the following things can happen:gh
is configured as the credential helper.Additionally, it is possible to set
gh
as the credential helper by runninggh auth setup-git
at a later time, and this will override previously configured credential helpers.How does this relate to
gh auth switch
?Consider the following case:
gh
as my credential managerwilliammartin
andnot-williammartin
on a single host viagh auth login
not-williammartin
as that is the account I logged into most recently.gh auth switch
to change my active account towilliammartin
git clone williammartin/private-repo
and it is successful because git requests the active token fromgh
.However, consdier what happens if we don't have
gh
as the configured credential helper:gh
as my credential managerwilliammartin
andnot-williammartin
on a single host viagh auth login
not-williammartin
as that is the account I logged into most recently.gh auth switch
to change my active account towilliammartin
git clone williammartin/private-repo
and it fails because my credential manager has not been updated with the token forwilliammartin
and the repository is private.The issue here is that
gh auth switch
does not offer the opportunity to update the credential helper with the token of the account we are switching to.Workarounds
Currently we suggest that users run
gh auth setup-git
so thatgh
is their credential manager however this falls short in two places:Proposed solution
At a high level I think the correct thing to do is to interrogate the configured credential helper when
auth switch
is called. Ifgh
is configured as the credential helper than we only need to update the token in the keyring as currently happens today. Ifgh
is not configured as the credential helper then we should update it in a similar to manner to what we do during auth login. This may require an additional prompt and some consideration to be given between ssh and https.The text was updated successfully, but these errors were encountered: