diff mbox series

[v2] Mention that password could be a personal access token.

Message ID pull.1396.v2.git.1667385022103.gitgitgadget@gmail.com (mailing list archive)
State Superseded
Headers show
Series [v2] Mention that password could be a personal access token. | expand

Commit Message

M Hickford Nov. 2, 2022, 10:30 a.m. UTC 
From: M Hickford <mirth.hickford@gmail.com>

These days, the 'password' for a software forge might be personal access
token or OAuth access token. These are popular, so worth clarifying that
Git treats them just the same.

Signed-off-by: M Hickford <mirth.hickford@gmail.com>
---
    Mention that password could be a personal access token.
    
    These days, the 'password' for a software forge might be personal access
    token or OAuth access token.

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1396%2Fhickford%2Fmore-about-credentials-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1396/hickford/more-about-credentials-v2
Pull-Request: https://github.com/gitgitgadget/git/pull/1396

Range-diff vs v1:

 1:  fef359f533a < -:  ----------- Mention that password could be a personal access token.
 -:  ----------- > 1:  0bb69988ad7 Mention that password could be a personal access token.


 Documentation/gitcredentials.txt | 3 +++
 1 file changed, 3 insertions(+)


base-commit: c03801e19cb8ab36e9c0d17ff3d5e0c3b0f24193

Comments

Eric Sunshine Nov. 2, 2022, 10:54 a.m. UTC | #1 
On Wed, Nov 2, 2022 at 6:36 AM M Hickford via GitGitGadget
<gitgitgadget@gmail.com> wrote:
> These days, the 'password' for a software forge might be personal access
> token or OAuth access token. These are popular, so worth clarifying that
> Git treats them just the same.
>
> Signed-off-by: M Hickford <mirth.hickford@gmail.com>
> ---
> diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
> @@ -21,6 +21,9 @@ in order to access a remote repository over HTTP. This manual describes
>  the mechanisms Git uses to request these credentials, as well as some
>  features to avoid inputting these credentials repeatedly.
>
> +Some repositories accept multiple passwords, including personal access
> +tokens and OAuth access tokens. Git handles all of these the same.

I easily understood Ævar's point about these types of secrets all
being different names for a password, but I find the above change
rather confusing when it mentions "multiple passwords". That makes me
think I may need to somehow configure multiple passwords for a site
(even though I know that's not what you meant).

How about a different approach, calling it a "secret" first, and then
defining "secret" as different names for "password". Perhaps something
like this:

    Git will sometimes need credentials from the user in order to
    perform operations; for example, it may need to ask for a username
    and secret in order to access a remote repository over HTTP.  The
    secret may be a password, passcode, personal access token, OAuth
    access token, etc.  This manual describes the mechanisms Git uses
    to request these credentials, as well as some features to avoid
    inputting these credentials repeatedly.
Junio C Hamano Nov. 2, 2022, 3:44 p.m. UTC | #2 
On Wed, Nov 2, 2022 at 3:55 AM Eric Sunshine <sunshine@sunshineco.com> wrote:
>
> How about a different approach, calling it a "secret" first, and then
> defining "secret" as different names for "password".

Or more directly, say "password" and parenthetically add that some hosting
sites may call it with different names like "personal tokens"?
Eric Sunshine Nov. 2, 2022, 3:51 p.m. UTC | #3 
On Wed, Nov 2, 2022 at 11:45 AM Junio C Hamano <gitster@pobox.com> wrote:
> On Wed, Nov 2, 2022 at 3:55 AM Eric Sunshine <sunshine@sunshineco.com> wrote:
> > How about a different approach, calling it a "secret" first, and then
> > defining "secret" as different names for "password".
>
> Or more directly, say "password" and parenthetically add that some hosting
> sites may call it with different names like "personal tokens"?

I tried the parenthetical approach first but the sentence structure
became too complex and more difficult to understand. Having a separate
sentence helped simplify. That said, perhap something like this?

    Git will sometimes need credentials from the user in order to
    perform operations; for example, it may need to ask for a username
    and password in order to access a remote repository over HTTP.  In
    place of a password, some sites may instead provide a passcode,
    personal access token, OAuth access token, etc.  This manual...
Philip Oakley Nov. 2, 2022, 5:30 p.m. UTC | #4 
On 02/11/2022 15:51, Eric Sunshine wrote:
> On Wed, Nov 2, 2022 at 11:45 AM Junio C Hamano <gitster@pobox.com> wrote:
>> On Wed, Nov 2, 2022 at 3:55 AM Eric Sunshine <sunshine@sunshineco.com> wrote:
>>> How about a different approach, calling it a "secret" first, and then
>>> defining "secret" as different names for "password".
>> Or more directly, say "password" and parenthetically add that some hosting
>> sites may call it with different names like "personal tokens"?
> I tried the parenthetical approach first but the sentence structure
> became too complex and more difficult to understand. Having a separate
> sentence helped simplify. That said, perhap something like this?
>
>     Git will sometimes need credentials from the user in order to
>     perform operations; for example, it may need to ask for a username
>     and password in order to access a remote repository over HTTP.  In

Perhaps s/password/secret 'password'/ here 9above0, and then talk about
the names for that "secret" in the follow up sentence below.
>     place of a password, some sites may instead provide a passcode,
>     personal access token, OAuth access token, etc.  This manual...
--
Philip
M Hickford Nov. 8, 2022, 12:11 p.m. UTC | #5 
On Wed, 2 Nov 2022 at 15:45, Junio C Hamano <gitster@pobox.com> wrote:
>
> Or more directly, say "password" and parenthetically add that some hosting
> sites may call it with different names like "personal tokens"?

Right, Git asks for a "password", but the user might enter a personal
access token instead.
diff mbox series

Patch

diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
index 80517b4eb2c..402e067a6ca 100644
--- a/Documentation/gitcredentials.txt
+++ b/Documentation/gitcredentials.txt
@@ -21,6 +21,9 @@  in order to access a remote repository over HTTP. This manual describes
 the mechanisms Git uses to request these credentials, as well as some
 features to avoid inputting these credentials repeatedly.
 
+Some repositories accept multiple passwords, including personal access
+tokens and OAuth access tokens. Git handles all of these the same.
+
 REQUESTING CREDENTIALS
 ----------------------