On 2022-11-09 15:06, Glen Choo wrote: >> Proposed Changes >> ================ >> >> 1. Teach Git to read HTTP response headers, specifically the standard >> WWW-Authenticate (RFC 7235 Section 4.1) headers. >> >> 2. Teach Git to include extra information about HTTP responses that require >> authentication when calling credential helpers. Specifically the >> WWW-Authenticate header information. >> >> Because the extra information forms an ordered list, and the existing >> credential helper I/O format only provides for simple key=value pairs, >> we introduce a new convention for transmitting an ordered list of >> values. Key names that are suffixed with a C-style array syntax should >> have values considered to form an order list, i.e. key[]=value, where >> the order of the key=value pairs in the stream specifies the order. >> >> For the WWW-Authenticate header values we opt to use the key wwwauth[]. >> >> 3. Teach Git to specify authentication schemes other than Basic in >> subsequent HTTP requests based on credential helper responses. >> > > From a reading of this section + the subject line, it's not immediately > obvious that 3. also requires extending the credential helper protocol > to include the "authtype" field. IMO it's significant enough to warrant > an explicit call-out. After some consideration I've decided to split out #3 here to a future patch series. Parts 1 and 2 surround Git to credential helper contextual information which is still useful in it's own right. Part 3 should really be expanded here to better cover and explain the reverse helper-to-Git direction, whereby helpers can modify Git's response headers to the remote. With 1+2 most of the benefits of having an enlightened helper understand the auth challenge, and intelligently select identities is still possible. Remotes just need to continue to extract tokens from the basic Authorization header as they do today until then. Thanks, Matthew
