Gitcreds #132
Gitcreds #132
Conversation
| #' [gitcreds::gitcreds_get()] directly, yourself, if you want to see what is | ||
| #' found for a specific URL. If no matching PAT is found, | ||
| #' [gitcreds::gitcreds_get()] errors, whereas `gh_token()` does not and, | ||
| #' instead, returns `""`. |
There was a problem hiding this comment.
I rephrased this somewhat. Because if you've used command line Git with USERNAME/PASSWORD, gitcreds should not be finding those creds. Only if the creds went it with some PAT-y workflow. The only people for whom these are the same are people using 2FA.
Or, if I'm wrong, then I predict some trouble with a password getting sent as a PAT for people who aren't using 2FA and their password != a PAT.
There was a problem hiding this comment.
Yeah, gitcreds returns any credentials, token or not. It is up to gh and other upstream packages to decide what to do with the credentials.
There was a problem hiding this comment.
Btw. how is 2FA related to this? I forgot this again....
There was a problem hiding this comment.
If you've turned on 2FA for GitHub, any https access MUST occur with a PAT, i.e. you cannot ever use username/password.
There was a problem hiding this comment.
And other people (who may not have turned on 2FA) may behave similarly. So this is a key part of why https is encouraged by gert and usethis. Because once we can get as much agreement as possible between gert and gh and between (gert+gh) and command line git, a huge chunk of users can set up a PAT and several tools all start to "just work".
|
@jennybc Thanks for the fixes! |
No description provided.