On 8/11/2021 7:00 AM, lilinchao@xxxxxxxxxx wrote: > Many websites support two-factor authentication(2FA) to log in, like Github, I wander if we can support it in application layer. > When client clone something, they need input username and password, it is like a website login process. For security, we can > enable 2FA during this process. Typically, this is handled at the credential helper layer, which is a tool outside of the Git codebase that can more closely work with such 2FA/MFA requirements. For example, GCM Core [1] supports 2FA with GitHub, Azure DevOps, and BitBucket. [1] https://github.com/microsoft/Git-Credential-Manager-Core The mechanism is that Git attempts an operation and gets an error code, so it asks for a credential from the helper. The helper then communicates with the server to do whatever authentication is required, including possibly performing multi-factor auth. All of these details are hidden from Git, which is good. I've CC'd Matthew Cheetham who is the maintainer of GCM Core to correct me if I misstated anything here. Thanks, -Stolee
