credential manager defaults: tries to use IE, oauth login blocked by MS

[iNeedThisToWork]

• [x] I was not able to find an open or closed issue matching what I'm seeing

Setup

Windows 11 Pro 23H2 x64

$ git --version --build-options

git version 2.45.2.windows.1
cpu: x86_64
built from commit: 91d03cb2e4fbf6ad961ace739b8a646868cb154d
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon

$ cmd.exe /c ver

Microsoft Windows [Version 10.0.22631.3737]

• What options did you set as part of the installation? Or did you choose the defaults?

yes, defaults

Editor Option: VIM
Custom Editor Path:
Default Branch Option:
Path Option: Cmd
SSH Option: OpenSSH
Tortoise Option: false
CURL Option: OpenSSL
CRLF Option: CRLFAlways
Bash Terminal Option: MinTTY
Git Pull Behavior Option: Merge
Use Credential Manager: Enabled
Performance Tweaks FSCache: Enabled
Enable Symlinks: Disabled
Enable Pseudo Console Support: Disabled
Enable FSMonitor: Disabled

• Any other interesting things about your environment that might be related to the issue you're seeing?

no

Details

• Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other

N/A

• What commands did you run to trigger this issue? If you can provide a Minimal, Complete, and Verifiable example this will help us understand the issue.

git-credential-manager

• What did you expect to occur after running these commands?

Be able to use the Webview/WebBrowser of git-credential-manager to refresh oauth login to a https repo on AzureAD / visualstudio.com

• What actually happened instead?

Fix: git config --local credential.msauthFlow system from https://stackoverflow.com/questions/75766427/git-credential-manager-is-using-ie-but-i-want-it-to-use-edge

Why am i submitting this? Because it was painful to debug -- i thought the ms edge webview was outdated. I would have never guessed git-credential-manager is trying to use IE under the hood.

• If the problem was occurring with a specific repository, can you provide the URL to that repository to help us with testing?

N/A

[dscho]

Is your default web browser still configured to point to Internet Explorer? Go to Settings>Apps>Default apps>Web browser to find out.

[rimrul]

Is your default web browser still configured to point to Internet Explorer? Go to Settings>Apps>Default apps>Web browser to find out.

According to the GCM docs, that system config uses the default browser, which seems to be edge in this case. But the default value is auto and auto seems to mean embedded where available (Windows), system otherwise.

GCM inherits this embedded webview from MSAL. MSAL does support an edge based WebView2 nowadays, but that requires MSAL + MSAL.Desktop for .NET Framework applications. As GCM Windows Builds are built using .NET Framework, and seemingly without MSAL.Desktop, they only get access to the IE based legacy webview.

[dscho]

Great find @rimrul, thank you!

@mjcheetham what's your take on this, should Git for Windows configure credential.msauthFlow=system if Git Credential Manager is selected in Git for Windows' installer?

[iNeedThisToWork]

Is your default web browser still configured to point to Internet Explorer? Go to Settings>Apps>Default apps>Web browser to find out.

Thanks for keeping me honest! Now that you mention it, Microsoft has been messing around with this subsystem on win11 and it looks different now:

There is no setting for "web browser" anymore or, it is hidden.