As said we set up the exe itself to be the credential provider on Windows. While that has worked fairly well there was a few drawbacks, chief among them being performance. GitHub.exe was real slow to get to the point where it could ask the underlying sqlite db for the credentials which made push and pull needlessly time consuming. What's your thoughts on dealing with the split world problem if we start relying on Git Credential Manager? What happens if it holds credentials for another account than the one signed into GHD? And what if it can't find the credentials, won't it pop some interactive prompt?
Describes common issues when using Git credentials and HTTPS to connect to AWS. Integrate AWS Cloud9 with AWS CodeCommit Integrate Visual Studio with. You will find many of the concepts and basic procedures in this guide still apply. MacOS, you can use the Keychain Access utility to store your credentials.
I feel that it's important that we control the credentials fully for our embedded git at least. What's your thoughts on dealing with the split world problem if we start relying on Git Credential Manager? I have some concerns, especially if we have our hearts set on making it trivial to migrate from GHD to TNG:9000.
If we want to support the ability to run both apps side-by-side we're going to have to address this in GHD. What happens if it holds credentials for another account than the one signed into GHD? An excellent question. I guess this could be handled by detecting this and asking the user if they want to migrate it, but that's just a thought (and depends on the previous question).
And what if it can't find the credentials, won't it pop some interactive prompt? Definitely something we'd need to investigate, especially as it promotes 2FA support. I think this is something we can push for from Day 1, but if we don't have feature XYZ that exists in Desktop Classic I can foresee some resistance Makes perfect sense, and I'm not advocating for shuttering support for Desktop classic as soon as TNG:9000 launches; but would like to strongly encourage people to migrate over to the New Thing ™️ as quickly as is reasonable so we're not stuck in exactly that situation.
I wonder how strongly people would react to having to re-track repositories in TNG:9000 if they knew it's a new thing that's mostly like the old thing on launch day? I created so we can talk about the data migration question separately. What's your thoughts on dealing with the split world problem if we start relying on Git Credential Manager? Would we be able to check if we match the reds in Git Credential Manager, and then update it with our credentials if they don't match? My impression, and can correct me if I'm misguided, is that TNG:9000 should do a better job of interoperating with the larger git ecosystem.
In my mind, ensuring the credential manager is properly configured could be part of that. This is still a pretty big unknown, so let's try to ? it down. I see a couple options: Credential helper Use git's built-in credential helper.
On macOS, this stores the credentials in the Keychain, and on Windows this stores the credentials in the Windows Credential Store (if using a recent version of Git for Windows). We could:. Get the credentials for github.com (or Enterprise or whatever) from git credential fill. Test that they work. If they do, cool. If they don't, fill it with our credentials. ? Gets the user on The Right Path for command line usage, and plays well with any other utilities that'd leverage git.
![Visual Studio For Mac Always Asking For Git Credentials Visual Studio For Mac Always Asking For Git Credentials](/uploads/1/2/5/4/125456163/102868509.png)
? Maybe less work?. ? What happens if it holds credentials for another account than the one signed into GHD? Git AskPass Use GITASKPASS as we do in Desktop Classic currently. We tell git to call a program for credentials, and that program then provides our credentials.
? Works independently of how the user has anything configured. ? We've done it before.
? It's a pain in the ass to implement. ? Doesn't help users get on The Right Path. I'd rather us play nice with conventions wherever possible:. use the OS credential store rather than roll our own solution. store credentials in ways that other tools can interoperate with us nicely I'm still favouring the credential helper because of the fewer downsides (and we get to leverage the existing components), but this is an excellent point: What happens if it holds credentials for another account than the one signed into GHD? Unfortunately the credential API for OSes doesn't support more granularity in querying beyond the domain name, but I'm also curious how often this is likely to occur - especially given we're focused on new GitHub users.
In this scenario, I think we could easily warn the user that we've found a different set of credentials stored locally and give them two options:. suggest they restart the signin flow with the account found locally, and let them cancel this setup.
continue with the setup and overwrite the existing credentials with their new one. We seemed to be talking past each other a bit so and I zoomed yesterday and and I zoomed last night. Here's where we ended up:. We'll use GITASKPASS to provide credentials for our operations.
Whether this is the app itself or a separate binary is an implementation detail. We'll provide users the option of syncing their credentials from Desktop TNG to the git credential store. In this way, we'll hopefully interop nicely with the greater ecosystem. On macOS, this'll be straightforward. On Windows, this will probably involve some heuristics to work with Git for Windows. Does that sound accurate? It might be useful to draw out a list of some of the scenarios and how this approach handles them.
For example, a scenario I'm concerned about would be the user has been using the Git Credential Manager on Windows with one account. They login to Desktop with another and then invoke 'Open in Git Shell'.
What account will that shell be using? On the other hand, the number of users with multiple accounts is probably vanishingly small so maybe we don't worry about it. But at least we've thought through it.
Another scenario: If you've logged into GitHub for Visual Studio or used the Git Credential Manager to authenticate to github.com, are you automatically logged into Desktop TNG? It might be useful to draw out a list of some of the scenarios and how this approach handles them. Yeah good call ?. If they're authenticating a GitHub repository (.com or Enterprise), we provide the credentials we have. If they're rejected, tell the user. If they're authenticating a 3rd party repository. If we're on Windows try to find the Git Credential Manager and ask it for credentials.
If we're on macOS, let the built in credential cacher handle it. If all that fails, we shrug and tell the user. Should we do anything more here? For example, a scenario I'm concerned about would be the user has been using the Git Credential Manager on Windows with one account. They login to Desktop with another and then invoke 'Open in Git Shell'.
What account will that shell be using? I think that depends on the outcome of. If you've logged into GitHub for Visual Studio or used the Git Credential Manager to authenticate to github.com, are you automatically logged into Desktop TNG? We never use anyone else's credentials.
![Always Always](/uploads/1/2/5/4/125456163/364368190.png)
Especially in the case of rando credentials from the Git Credential Manager, we can't rely on them having all the permissions that Desktop needs.