-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gitcreds #132
Gitcreds #132
Conversation
#' [gitcreds::gitcreds_get()] directly, yourself, if you want to see what is | ||
#' found for a specific URL. If no matching PAT is found, | ||
#' [gitcreds::gitcreds_get()] errors, whereas `gh_token()` does not and, | ||
#' instead, returns `""`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I rephrased this somewhat. Because if you've used command line Git with USERNAME/PASSWORD, gitcreds should not be finding those creds. Only if the creds went it with some PAT-y workflow. The only people for whom these are the same are people using 2FA.
Or, if I'm wrong, then I predict some trouble with a password getting sent as a PAT for people who aren't using 2FA and their password != a PAT.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, gitcreds returns any credentials, token or not. It is up to gh and other upstream packages to decide what to do with the credentials.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Btw. how is 2FA related to this? I forgot this again....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you've turned on 2FA for GitHub, any https access MUST occur with a PAT, i.e. you cannot ever use username/password.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And other people (who may not have turned on 2FA) may behave similarly. So this is a key part of why https is encouraged by gert and usethis. Because once we can get as much agreement as possible between gert and gh and between (gert+gh) and command line git, a huge chunk of users can set up a PAT and several tools all start to "just work".
@jennybc Thanks for the fixes! |
No description provided.