On Mon, 12 Jun 2023 at 23:12, Junio C Hamano <gitster@xxxxxxxxx> wrote: > > M Hickford <mirth.hickford@xxxxxxxxx> writes: > > > Could Git remember which remotes require authentication for which > > operations? > > Interesting idea. > > Credential helpers may know which URL needed authentication before, > but that is not per operation. I wonder if it is sufficient as the > zeroth approximation to always try authenticated access if helpers > have any auth material to the URL regardless of the operation? The simplicity appeals. A challenge is that `helper get` may be slow or even block requiring user interaction (to unlock a keyring or complete OAuth). A solution could be to introduce a new action `get-existing` or `fast-get` to the helper protocol. Storage helpers would handle this similarly to `get` (unless a keyring is locked). Credential-generating helpers would refrain from generating fresh credentials. However as Brian pointed out, Git doesn't know which authentication scheme to use until it sees the WWW-Authenticate header in the response from the initial unauthenticated request, so I think config or state would be necessary. > > There needs a way to force unautheticated access if we were to do > anything of that sort, of course. > > >
