You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment GCM Core can shell out to external 'helper' applications that display authentication GUIs to capture input and notify the user of an OAuth flow. The name of the helpers are hard-coded, and the binaries must exist next to the main GCM Core binary on disk. This makes it hard to replace or add helpers not shipped in-box.
Proposal
Introduce a configurable 'search path' setting (environment variable?) that external helpers can plug in to let GCM Core discover them.
Add a setting to override the name of the UI helper for each host provider (e.g., credential.githubAuthHelper = gh-cl-helper)
3rd party helpers can add themselves on the 'helper search path' and set the credential.*AuthHelper option
Issues
Malicious apps could insert themselves in the search path and capture/send-home input secrets. How can we verify or trust which application we're launching? Is this onus on the user?
Multiple helpers could start fighting over the order of the search path setting, which might be confusing/annoying for users. Do we need to take more control over this? git-credential-manager-core install-plugin <x>? Too complicated?
The text was updated successfully, but these errors were encountered:
At the moment GCM Core can shell out to external 'helper' applications that display authentication GUIs to capture input and notify the user of an OAuth flow. The name of the helpers are hard-coded, and the binaries must exist next to the main GCM Core binary on disk. This makes it hard to replace or add helpers not shipped in-box.
Proposal
credential.githubAuthHelper = gh-cl-helper
)credential.*AuthHelper
optionIssues
git-credential-manager-core install-plugin <x>
? Too complicated?The text was updated successfully, but these errors were encountered: