Patch for #34710, improving caching credentials with oauth mention #34712
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,7 +7,7 @@ | |
| - /github/using-git/caching-your-github-credentials-in-git | ||
| - /github/getting-started-with-github/caching-your-github-credentials-in-git | ||
| - /github/getting-started-with-github/getting-started-with-git/caching-your-github-credentials-in-git | ||
| intro: 'If you''re [cloning {% data variables.product.product_name %} repositories using HTTPS](/github/getting-started-with-github/about-remote-repositories), we recommend you use {% data variables.product.prodname_cli %} or a Git credential helper to authenticate and to remember your credentials.' | ||
| versions: | ||
| fpt: '*' | ||
| ghes: '*' | ||
|
|
@@ -23,7 +23,7 @@ | |
|
|
||
| ## {% data variables.product.prodname_cli %} | ||
|
|
||
| {% data variables.product.prodname_cli %} works cooperatively with Git on your command line. It helps you log in to {% data variables.product.product_name %}, and automatically stores your Git credentials for you. Choose `HTTPS` as your preferred protocol for Git operations and answer "yes" to the prompt asking if you would like to authenticate to Git with your {% data variables.product.product_name %} credentials. | ||
|
There was a problem hiding this comment. Technically, users can configure I hesitate with this language because it is somewhat misleading and technically the credential being stored isn't solely or primarily for working with There was a problem hiding this comment. Note that the wording "store your Git credentials for you" is in the current docs. If this is misleading, and should instead read, "store your GitHub credentials for you", or "GitHub OAuth token" if you prefer, then that is something to consider fixing in the current docs independent of this PR. |
||
|
|
||
| 1. [Install](https://github.com/cli/cli#installation) {% data variables.product.prodname_cli %} on macOS, Windows, or Linux. | ||
| 1. In the command line, enter `gh auth login`, then follow the prompts. | ||
|
|
@@ -34,7 +34,7 @@ | |
|
|
||
| ## Git Credential Manager | ||
|
|
||
| [Git Credential Manager](https://github.com/GitCredentialManager/git-credential-manager) (GCM) extends your Git installation. On Git's behalf, it helps you log in to {% data variables.product.product_name %}, including 2FA (two-factor authentication), and stores your credentials securely. Or, if you have manually [created and stored a {% data variables.product.pat_generic %}](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens), GCM can store that token securely, and provided it to {% data variables.product.product_name %} automatically when needed. In Git terms, GCM is an [OAuth credential helper](https://git-scm.com/docs/gitcredentials). | ||
|
There was a problem hiding this comment. Again, I think the language here is a little misleading:
There was a problem hiding this comment. I think the thing that's tripping up around OAuth is that There was a problem hiding this comment. The topic of this part of the docs is Caching your GitHub credentials in Git, as part of Getting started with Git. I think the existing docs don't explain well enough the three points @andyfeller lists about how credentials, GitHub, and git interact. They instead tell users how to set up one mechanism works. Both explaining and instructing "how to" are valid goals for documentation, but they are not the same thing. See the Diátaxis framework for what I think is a pretty good explanation of the difference. The purpose of my PR was essentially to improve the explanation aspect of this page of the docs. I sense that the pushback relates to keeping this page a "how to". GitHub should make a choice about what the goal of this page is. |
||
|
|
||
| {% mac %} | ||
|
|
||
|
|
@@ -105,3 +105,25 @@ | |
| <br> | ||
|
|
||
| For more information or to report issues with GCM, see the official GCM docs at "[Git Credential Manager](https://github.com/GitCredentialManager/git-credential-manager)." | ||
|
|
||
| ## Other Git credential helpers | ||
|
There was a problem hiding this comment. I cannot speak for this section here but I hesitate whether GitHub officially supports these other There was a problem hiding this comment. @andyfeller, it is certainly helpful for GitHub to define which helpers are recommended. I argue that it is important for this page to be clear about whether other credential helpers are allowed. The fact that GitHub has a mechanism for detecting OAuth apps other than GitHub CLI and GCM, and docs on Approving OAuth apps for your organization, gives me the message that other credential helpers are allowed. If they are allowed, then I think the docs should say that somewhere, rather than be silent. |
||
|
|
||
| There are [many Git credential helpers](https://git-scm.com/doc/credential-helpers). Those which can authenticate via OAuth might well serve to authenticate to Git with your {% data variables.product.product_name %} credentials. Note that a Git installation can work with multiple credential helpers — it tries each in turn, until one gets it access. Thus you can perhaps add a credential helper for {% data variables.product.product_name %} to your existing helpers. Follow the instructions for the helper, and the [Git credentials documentation](https://git-scm.com/docs/gitcredentials), to configure the helper. | ||
|
|
||
| OAuth credential helpers will get you immediate access to your own repos. If you work with repos controlled by an organization, or with your forks and clones of those repos, then two extra steps are necessary. | ||
|
|
||
| 1. You must request that organization's approval for OAuth access by your helper. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/requesting-organization-approval-for-oauth-apps)". | ||
| 1. The organization must approve access. See "[AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization)". | ||
|
There was a problem hiding this comment. Hi @JDLH — the inclusion of any links to articles such as this one, which is not versioned for GHES, in an article that is versioned for GHES, will cause link errors. We'd look at fixing these once an SME has looked at the content you're proposing. Many thanks |
||
|
|
||
|
Check failure on line 117 in content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md
|
||
| Access is pre-authorized for {% data variables.product.prodname_cli %} and Git Credential Manager. If you use those tools, you do not need to request approval. | ||
|
Check failure on line 118 in content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md
|
||
|
|
||
| {% tip %} | ||
|
|
||
|
Check failure on line 121 in content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md
|
||
| **Tip:** If you use a Git command which requires access to an organization's repo (e.g. `git fetch`), and your helper seems to authenticate correctly, but the command fails with an error, then check that you have received the organization's approval for OAuth access by that app. The error may say something like: | ||
|
Check failure on line 122 in content/get-started/getting-started-with-git/caching-your-github-credentials-in-git.md
|
||
|
|
||
| ```text | ||
| remote: Repository not found. | ||
| fatal: repository 'https://github.com/User/repo.git/' not found | ||
| ``` | ||
|
|
||
| {% endtip %} | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hesitate making this any generic
gitcredential manager as GitHub specifically supports GCM, which is the specific recommendation.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest that the docs should describe both what is possible, and what is recommended. The previous wording suggests that GCM is the only possible credential helper usable. I think that is inaccurate; clearly GitHub has a way of allowing other OAuth-based credential helpers. My wording suggestion is focussed on being more inclusive about what is possible. Maybe add a sentence about what is recommended (though the later paragraphs talk about that).