gitlab: asking every time

hickford / git-credential-oauth

A Git credential helper that securely authenticates to GitHub, GitLab and BitBucket using OAuth.

Apache License 2.0

417 stars 14 forks source link

gitlab: asking every time #53

Closed stefangweichinger closed 5 months ago

stefangweichinger commented 5 months ago

I think I have something wrong.

I added a token for a (on-premise) gitlab-repository and configured accordingly:

[credential]
    helper = cache --timeout 72000
    helper = oauth
[credential "https://gitlab.my.tld"]
    oauthClientId = d1dced4c03ef4f8axxxxxxxxxxxxxxxxxxxxxxb2216e3a
    oauthAuthURL = /oauth/authorize
  oauthTokenURL = /oauth/token
  oauthScopes = write_repository

Every time I run for example git pull (or maybe: at the first run in a terminal?) the browser pops up and I have to authorize the access. I assume this is not the intended behavior? How to fix that? Thanks!

hickford commented 5 months ago

GitLab requires the username be 'oauth2'. Check your remote URL git remote -v and remove any other username. Also check git config credential.username.

There's no need to set username 'oauth2' explicitly.

stefangweichinger commented 5 months ago

I have the remote "origin https://gitlab.mytld/sgw/myrepo.git"

git config credential.username returns nothing.

I googled a bit and added the line "username = oauth" to the section "remote" in .git/config (in my cloned/local repository) . Might work, so far it does without asking again. I test that, thanks!

hickford commented 5 months ago

Great. Please reopen if you have further problems.

stefangweichinger commented 5 months ago

Unfortunately I see this again.

I share my config:

# in ~/.gitconfig

[credential]
    helper = cache --timeout 7200
    helper = oauth
[credential "https://gitlab.my.tld"]
  oauthClientId = 59286d8534aexxx
  oauthScopes = write_repository

# in the repository
# cat .git/config 
[core]
    repositoryformatversion = 0
    filemode = true
    bare = false
    logallrefupdates = true
[remote "origin"]
    url = https://gitlab.my.tld/sgw/somerepo.git
  fetch = +refs/heads/*:refs/remotes/origin/*
  username = oauth
[branch "master"]
    remote = origin
    merge = refs/heads/master
[pull]
    rebase = false

stefangweichinger commented 5 months ago

It seems it has to be:

[remote "origin"]
    url = https://gitlab.stefanselbach.com/sgw/it-todos.git
  fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master
[pull]
    rebase = false
[credential]
    helper = store
[user]
    name = oauth

testing ...

hickford commented 5 months ago

helper = cache --timeout 7200

Try increasing the cache timeout from 7200 seconds (2 hours) to 72000 seconds (20 hours).

Note that "Credentials are forgotten sooner if the cache-daemon dies, for example if the system restarts" https://git-scm.com/docs/git-credential-cache

helper = store

This won't work well, because helper git-credential-store is unable to save the OAuth refresh token.

stefangweichinger commented 5 months ago

You told me to use username "oauth2", that was also wrong, I assume.

I test with this now:

[core]
    repositoryformatversion = 0
    filemode = true
    bare = false
    logallrefupdates = true
[remote "origin"]
    url = https://gitlab.my.tld/some.git
  fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master
[pull]
    rebase = false
[credential]
    helper = cache --timeout 72000
[user]
    name = oauth2

I'll see after the next reboot or so ... thanks so far