Enable X-Gitea-OTP header for git operations #28968
Comments
Kwonunn
added
the
type/proposal
|
That sounds really exhausting because the OTP always needs to be refreshed. Why not use a PAT instead of the normal password? |
|
This is just for use in cases where I'm fetching a project once onto a server I don't want to set up SSH on. Using tokens for this would either require making a fresh token every time which is annoying, or having one to always use which is a security hole. |
|
This is quite interesting. On one hand user/pass auth for api/git operations are being depreciated, but it does give the idea of otp with scoped tokens 🤔 |
|
Is Gitea planning to deprecate http entirely for git operations? |
|
No, only the combination with username and password. |
|
Why, if I may ask? I know GitHub has stopped allowing it but I'm not quite sure why. |
|
Because the username/password combination should be used in less places in favor of configurable tokens. |
|
I see. Then, perhaps another method is more appropriate. Maybe we could add a quick token button in this menu |
Why? |
#28968 (comment) |
Should I make a new feature request for this new idea and just leave the http OTP thing? |
|
Not beeing able to use Username/Password could be a problem for one time contributors |
Feature Description
Currently, users with Multi-Factor Auth can't use http/https to perform git operations. The Gitea API does support sending the OTP along using the X-Gitea-OTP header. It would be useful if git operations also supported this header.
It is possible to add custom headers to git http requests using the
-c http.extraHeaders="X-Gitea-OTP: 123456"flag.This would be useful for one-time cloning of projects to computers where we don't want to set up our entire SSH key, and is a lot easier than creating an application token for the operation.
Screenshots
No response
The text was updated successfully, but these errors were encountered: