On 2023-05-28 at 19:45:27, M Hickford via GitGitGadget wrote: > From: M Hickford <mirth.hickford@xxxxxxxxx> > > OAuth credential helpers are widely useful but work differently to other > credential helpers, so worth introducing in the docs. > > Link to relevant projects. There are many possible implementations of credential helpers, and I'd prefer we didn't specifically propose any of them here. We ship with some in contrib, and I think it would be better to fix them to be functional for this use case rather than link to external projects. I expect, however, that functionally, that will be difficult to do, given the fact that OAuth typically requires registration with the remote system, and thus we'd intrinsically be prioritizing some well-known forges over less-known or personally-hosted forges, which we've traditionally tried not to do. For example, your git-credential-oauth contains a hard-coded list of 11 forges (and also proposes adding credentials for new ones into the config, which isn't really a secure way to store secrets). -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
