On Tue, Dec 30, 2014 at 11:24:09AM -0800, David Renshaw wrote: > Hi, > I would like to be able to serve a git repository over HTTPS from a > web server that requires OAuth2-style bearer tokens for authorization. > For more context, see this thread: > https://groups.google.com/forum/#!topic/sandstorm-dev/4oigfb4-9E4 > > Does anyone here have any advice about how to convince a git client to > add an "Authorization: Bearer <token>" header? > > I can think of a few approaches: > > (1) I could modify the curl remote helper to insert the header if it > sees a "bearertoken" config option. I have in fact written a > proof-of-concept patch that does this (see > https://github.com/dwrensha/git/commit/4da7b64b85b3b6652abe7), but I > don't know how much of chance something like this has of getting > merged into the mainline git client. An idea that might be interesting is to add a framework to select a set of authentication types (defaulting, of course, to "any"). As part of that, you could add a type, "bearer", that uses the password we've collected via the credential helper as the bearer token. I think that has the best chance of getting merged designwise. I've CC'd Peff, as he has touched the area a lot and might have other suggestions. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature