User survey

[hickford]

Hi users. A quick survey:

1. How did you discover git-credential-oauth?
2. How did you install git-credential-oauth?
3. Do you authenticate to any Git hosts outside GitHub?
4. What's your credential.helper configuration? Run git config --get-all credential.helper to check.
5. What problem did git-credential-Oauth solve for you?
6. Any ideas for improvements?

[kra-mo]

1. dnf search git-credential
2. dnf
3. I may be stupid, but I have no idea how I'm supposed to use the get command, some more documentation on that would be appreciated

[hickford]

@kra-mo The get command is called by Git. The only command you need to run manually is git credential-oauth configure.

I'll try to make this clearer.

[chisaato]

1. from news on android google chrome, maybe some blogs recommend this.
2. download and install binary. cause currently fedora haven't upgrade to latest
3. more docs, such as mention github support is out of box, I have found this when I browse the source 3.1 close browser tab when authorize success (maybe need js in html?).

[edavidaja]

1. I saw it go by in a list of scoop or brew updates
2. scoop / brew / into a container image
3. I will be recommending this project for use in server-based development environments once the work on headless mode is complete.

Thank you for your work on this!

[hickford]

@gzzchh Thanks.

close browser tab when authorize success

I'd like that, but AFAIK it's not technically possible because "Scripts may not close windows that were not opened by script" https://developer.mozilla.org/en-US/docs/Web/API/Window/close

[chisaato]

Follow the code generate by ChatGPT. closing window is OK.

        html := `
<html>
<head>
<script>
setTimeout(function() {
    window.close();
}, 2000);
</script>
</head>
<body>
Success. You may close this page and return to Git.
</body>
</html>
`

        w.Write([]byte(html))

[rbelem]

1. On askubuntu.com
2. devbox global add git-credential-oauth
3. On-premise bitbucket and gitlab

[Christoph-Raab]

1. Recommendation by colleague
2. Downloaded from github (not packed in ubuntu 22.04)
3. Only use it for on-prem GitLab
4. New ssh solution was horrible implemented and too much effort to setup
5. Include in ubuntu 22.04 package manager, maybe autorefresh tokens in the background, +1 to autoclose browser window

[hickford]

@Christoph-Raab Thanks for your response.

autorefresh tokens in the background

Are you having to reauthenticate regularly in browser? What's your helper setup git config --get-all credential.helper? If you are using cache, try setting a longer timeout such as cache --timeout 72000 (20 hours).

[Christoph-Raab]

I regular have to retry on a push or fetch

remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://<gitlab-host>/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied

git config --get-all credential.helper doesn't return anything, but my git config looks like this

 [credential "<gitlab-host>"]
         oauthClientId = <some id>
         oauthClientSecret = <some secret>
         oauthScopes = read_repository write_repository
         oauthAuthURL = /oauth/authorize
         oauthTokenURL = /oauth/token
         helper = cache --timeout 36000
         helper = oauth

[hickford]

I regularly have to retry on a push or fetch

Sounds like Git is trying to use expired OAuth tokens. @Christoph-Raab Which version of Git are you using (git --version)? credential-cache has support for password_expiry_utc attribute from 2.40 and oauth_refresh_token attribute from 2.41 (https://github.com/hickford/git-credential-oauth/issues/20) .

[Christoph-Raab]

I'm on 2.34.1. I can try to update and check if that fixes the issue.

[jupblb]

1. Home Manager news
2. Home Manager
3. No
4. cache --timeout 36000
5. No longer need to deploy my private ssh key
6. All good! Although you may want to use another tool to run this survey. 😉

[Svenlaa]

1. Stackoverflow answer
2. sudo dnf install git-credential-oauth
3. Yes GitLab, but not this OS/Machine
4. cache --timeout 7200 \n oauth
5. I wanted to clone my private repo from github on linux, and this got my creds setup
6. A survey where all answers are public maybe isn't the best idea

[abh]

1. Looking for how to get go get ... to authenticate to a private https-only git repository (where I don't think I actually needed this; disabling GOSUMDB for my domain was the solution).
2. Homebrew
3. Yes, Gitea (and gitosis and GitHub enterprise and ...)
4. my config is:

   osxkeychain
   cache --timeout 10400
   oauth

plus

[credential "https://gitea...."]
        helper = oauth
    oauthClientId = a386d92d-2983-....
    oauthScopes = read_repository
    oauthAuthURL = /login/oauth/authorize
    oauthTokenURL = /login/oauth/access_token

6. Less long lived magic tokens.
7. I'll make a separate issue

[voltagex]

How did you discover git-credential-oauth?

Searched, because it's 2024 and Git on Linux still doesn't have password storage by default

How did you install git-credential-oauth?

deb package, then uninstalled as it pulled in most of an XServer, then realised it wouldn't work for me as it's a remote box and I'm not SSH forwarding

Do you authenticate to any Git hosts outside GitHub?

Yes

What's your credential.helper configuration? Run git config --get-all credential.helper to check.

Nothing, on this box, apparently.

"manager" on Windows.

What problem did git-credential-Oauth solve for you?

None yet.

Any ideas for improvements?

I don't know - without CLI-only OAuth working this won't work for me

[hickford]

@voltagex

deb package pulled in most of an XServer

Debian package git-credential-oauth has no strict dependencies, though it recommends package xdg-open. You can avoid installing it with apt install --no-install-recommends git-credential-oauth.

it wouldn't work for me as it's a remote box

Have you tried helper = oauth -device (v0.11.0 or later)? This works on any system including browserless systems. https://github.com/hickford/git-credential-oauth/blob/main/README.md#browserless-systems

[voltagex]

Thanks for your help @hickford

I am able to use it on my box that has a UI and a web browser, but -device with Forgejo leads to endpoint missing DeviceAuthURL which I believe needs some changes from Forgejo itself.

[j-lakeman]

1. How did you discover git-credential-oauth?

apt search git credential / Stack Overflow

2. How did you install git-credential-oauth? apt
3. Do you authenticate to any Git hosts outside GitHub?

• Gitea
• Forgejo
• Codeberg
• GitLab

6. Any ideas for improvements?

pls support more “indie” platforms like the ones above

[midsorbet]

Have you tried helper = oauth -device (v0.11.0 or later)? This works on any system including browserless systems. https://github.com/hickford/git-credential-oauth/blob/main/README.md#browserless-systems

GitHub kept giving me a link that would redirect back to 127.0.0.1:37653 after logging in from a browser. I had to setup a SSH tunnel to set it up on my hetzner box (ssh -i -L 127.0.0.1:37653:127.0.0.1:37653 hetzner). It did work as advertised when I was setting it up on my local machine.

System details OS: nixOS 24.05 Version: 0.11.3

Git config

[credential]
        helper = "/nix/store/xl2hmm62sbjfm574car3a8ac45y83qik-git-credential-oauth-0.11.3/bin/git-credential-oauth"
        helper = "cache --timeout 120"
        helper = "oauth -device"

[Wallby]

1. I saw https://github.com/git-ecosystem/git-credential-manager/blob/main/docs/credstores.md but the gpg option was too complex/not user friendly, secretservice didn't work on chromeos flex, and I didn't want to use cache (see 5 for why). I found this by running apt search for git credential stuff and this showed up
2. Using apt on chromeos flex linux development environment
3. The default (using git credential-oauth configure)
4. Not having to rely on having to enter my git token every time the cache runs out because I am signed into github with my browser

[mass8326]

1. Discovered git-credential-oath when Googling for a seamless way of authenticating like on Windows
2. Previously installed using the PPA, but now I install using Go
3. No hosts used outside GitHub
4. See below for my credential.helper configuration
5. git-credential-oauth prevents the annoyance of having to use SSH or PATs
6. I've opened a separate issue for a potential improvement

My credential.helper on bare metal Linux:

/usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret
oauth

My credential.helper on WSL:

cache --timeout 21600
oauth

[JDLH]

1. How did you discover git-credential-oauth?

I was working on a private GitHub repository where I needed my local computer's bare git to authenticate to GitHub using OAuth. (The project did not want to issue personal access tokens or use ssh.) GitHub's git cli instructions recommended using Git Credential Manager, installing via Homebrew. I use MacPorts and not Homebrew, so I searched MacPorts for a git credential helper supporting oauth. I found this.

2. How did you install git-credential-oauth?

Using MacPorts and its git-credential-oauth port.

3. Do you authenticate to any Git hosts outside GitHub?

No. And not GitHub yet! I am having difficulty.

4. What's your credential.helper configuration? Run git config --get-all credential.helper to check.

% git config --get-all credential.helper                   
osxkeychain
oauth -verbose

5. What problem did git-credential-Oauth solve for you?

I hope that it will let me work with a private repo on GitHub.

6. Any ideas for improvements?

Better diagnostics for my failure case.

[mariuszste]

1. stack overflow
2. AUR
3. yes, forgejo

4. cache --timeout 21600
   oauth

5. not being able to use SSH, no passwords on disk, "modern"
6. Document what's supported/tested. I was shocked when it worked first try. A support matrix telling you what works out of the box, what requires additional configuration, what doesn't and why, etc.