| commit | 2ae6dc686d79a6dcf52e67dbe886f1bfca8876d5 | |
| author | brian m. carlson <sandals@crustytoothpaste.net> | |
| Wed, 17 Apr 2024 00:02:30 +0000 (17 00:02 +0000) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Wed, 17 Apr 2024 05:39:07 +0000 (16 22:39 -0700) | ||
| tree | 1e869a26ec3fa3ad0742f2513d938690c4180379 | treesnapshot (tar.gz zip) |
| parent | ca9ccbf67450ffcda235970f0693794cee912562 | commitdiff |
credential: add a field called "ephemeral"
Now that we have support for a wide variety of types of authentication,
it's important to indicate to other credential helpers whether they
should store credentials, since not every credential helper may
intuitively understand all possible values of the authtype field. Do so
with a boolean field called "ephemeral", to indicate whether the
credential is expected to be temporary.
For example, in HTTP Digest authentication, the Authorization header
value is based off a nonce. It isn't useful to store this value
for later use because reusing the credential long term will not result
in successful authentication due to the nonce necessarily differing.
An additional case is potentially short-lived credentials, which may
last only a few hours. It similarly wouldn't be helper for other
credential helpers to attempt to provide these much later.
We do still pass the value to "git credential store" or "git credential
erase", since it may be helpful to the original helper to know whether
the operation was successful.
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Now that we have support for a wide variety of types of authentication,
it's important to indicate to other credential helpers whether they
should store credentials, since not every credential helper may
intuitively understand all possible values of the authtype field. Do so
with a boolean field called "ephemeral", to indicate whether the
credential is expected to be temporary.
For example, in HTTP Digest authentication, the Authorization header
value is based off a nonce. It isn't useful to store this value
for later use because reusing the credential long term will not result
in successful authentication due to the nonce necessarily differing.
An additional case is potentially short-lived credentials, which may
last only a few hours. It similarly wouldn't be helper for other
credential helpers to attempt to provide these much later.
We do still pass the value to "git credential store" or "git credential
erase", since it may be helpful to the original helper to know whether
the operation was successful.
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| credential.c | diffblobblamehistory | |
| credential.h | diffblobblamehistory | |
| t/t0300-credentials.sh | diffblobblamehistory |