Open kentcb opened 4 years ago
@kentcb I haven't kept up with this project for a while, but I wanted to point out a clue from the logs.
Note the 'https://github.com/'
URL used here to look for the authentication:
11:51:44.510547 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'https://github.com/'.
Further down there's a 'https://PersonalAccessToken@github.com/'
URL when it's storing credentials:
trace: [Store] storing GitHub credentials for 'https://PersonalAccessToken@github.com/'.
The PersonalAccessToken
string is unfamiliar to me (I see a couple of clues in the source for Microsoft authentication, which shouldn't matter here) but given this value should be the user associated with the authentication request and it's not part of the earlier check it might explain why it's always prompting for you.
You might be able to workaround it by editing the stored credential in Windows Credential Manager to drop this PersonalAccessToken
(can you?) value to prevent the repetitive prompting, but that's not the whole solution.
Thanks for the suggestion @shiftkey. I'm digging into this from the support side as well and will report back with any findings.
It does look like the credential manager might be being fed with a host
value of PersonalAccessToken@github.com
. I don't know why that would happen. 😕
I see logs similar to what @kentcb reported if I do:
> git credential-manager fill
protocol=https
host=PersonalAccessToken@github.com
Any ideas?
@shiftkey,
I've dug into this some more and I think @kentcb's log does look pretty normal.
When I do a git fetch
, I'm also seeing a calls to both git-credential-manager get
and git-credential-manager store
. In fact, since reinstalling Git for Windows I'm now seeing 2 calls to git-credential-manager store
for every git fetch
! This is a little worrying considering that git-credential-manager
is a .NET process and expensive to spin up. 😕
15:12:44.676722 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.20.0) 'get'
15:12:47.712717 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.20.0) 'store'
15:12:48.637163 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.20.0) 'store'
Looking at the documentation, I think it should only be calling git-credential-manager store
when it falls back to using the built-in credential entry.
https://github.com/Microsoft/Git-Credential-Manager-for-Windows/wiki/How-the-Git-Credential-Managers-works
...but not for the GitHub auth? https://github.com/Microsoft/Git-Credential-Manager-for-Windows/wiki/How-the-Git-Credential-Managers-works#github-2-factor-authentication
Something strange is going on.
I've re-read the git credential
docs and think I understand what's going on:
https://git-scm.com/docs/git-credential
git credential-manager fill
git clone
git credential-manager store
if the clone succeeded or git credential-manager delete
if it failedI'm guessing that something is going wrong when @kentcb attempts to clone and git credential-manager delete
sometimes being called (nuking his credentials).
I wonder if this PR to GCMCore is related?
Given that I can't reproduce this on 1.18.4, I'd imagine #840 is the point this behavior changed. Previously, valid credentials weren't erased aggressively.
I see @kentcb is on v1.19.0
:
11:51:44.400521 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.19.0) 'get'
I suspect setting the GCM_VALIDATE
to 'false' would bypass this issue. When it's set to false
, the credential manager won't attempt to validate the credentials every time they're used. This avoids a call to the user/subscriptions
API, which I think might be failing.
This would just be a workaround though and the question would still be why user/subscriptions
is failing (assuming it it). The Git Credential Manager Core doesn't appear to have this validating check.
Maybe this is totally unrelated, but I had the same problem, that suddenly personal access tokens were generated on my GitHub account and the Visual Studio GitHub extension asked for credentials frequently.
I found this issue and could see that the credential manager (in windows settings) showed an entry git:https://github.com
with an account PersonalAccessToken. After looking around I figured out that I had a really old Git for Windows (version 2.17) installed (shame on me). After updating to Git for Windows (version 2.25) and pushing a new commit to GitHub there was no problem at all. Additionally the account name switched from PersonalAccessToken back to my GitHub account name.
Unfortunately I did not check the version of git-credential-manager before the update. Now I'm running 1.20.0.
Maybe this helps in some way.
I've reported this before, but it's come back again. I am continuing to be prompted, seemingly every time I push. I am accumulating a heap of PATs as a result.
Here's the console output with
GCM_TRACE=1
andGIT_TRACE=1
.Once again,
credential.log
is completely empty. I'd love some help to solve this painful problem once and for all. 🙏