Hi, On Fri, 13 Aug 2021, lilinchao@xxxxxxxxxx wrote: > >On 8/11/2021 7:00 AM, lilinchao@xxxxxxxxxx wrote: > >> Many websites support two-factor authentication(2FA) to log in, like Github, I wander if we can support it in application layer. > >> When client clone something, they need input username and password, it is like a website login process. For security, we can > >> enable 2FA during this process. > > > >Typically, this is handled at the credential helper layer, which > >is a tool outside of the Git codebase that can more closely work > >with such 2FA/MFA requirements. For example, GCM Core [1] supports > >2FA with GitHub, Azure DevOps, and BitBucket. > > > >[1] https://github.com/microsoft/Git-Credential-Manager-Core > > > >The mechanism is that Git attempts an operation and gets an error > >code, so it asks for a credential from the helper. The helper > >then communicates with the server to do whatever authentication > >is required, including possibly performing multi-factor auth. > >All of these details are hidden from Git, which is good. > > > Indeed, this is good, I've experienced this tool these days at WSL and Windows, > but finally I hope these features can be supported by Git itself, and then the user end can easily configure it. The problem here is that 2FA is highly provider-specific. And that's why Git itself refuses to implement it. Hence the credential helper layer. Ciao, Johannes
