On 2022-11-03 12:00, M Hickford wrote: > On Wed, 2 Nov 2022 at 22:09, Matthew John Cheetham via GitGitGadget > <gitgitgadget@xxxxxxxxx> wrote: >> >> `authtype`:: >> >> Indicates the type of authentication scheme that should be used by Git. >> Credential helpers may reply to a request from Git with this attribute, >> such that subsequent authenticated requests include the correct >> `Authorization` header. >> If this attribute is not present, the default value is "Basic". >> Known values include "Basic", "Digest", and "Bearer". >> If an unknown value is provided, this is taken as the authentication >> scheme for the `Authorization` header, and the `password` field is >> used as the raw unencoded authorization parameters of the same header. > > Do you have an example using authtype=Digest? Would the helper > populate the password field with the user's verbatim password or the > Digest challenge response? Put another way, is the Digest > challenge-response logic in Git (libcurl) or the helper? > > https://www.rfc-editor.org/rfc/rfc7616#section-3.4 Digest should be handled by libcurl, but you've spotted that I missed configuring libcurl here to select digest over basic for a returned username and password. You may have noticed I've dropped these `authtype`/response config patches from the latest iteration (v4) as I intend to expand this part in a separate future series. I'll be sure to specifically test and handle digest here! Thanks for spotting :) Thanks, Matthew
