Universal GitHub Enterprise Server support?
geofft opened this issue · 4 comments
Hi! I saw the notes/slides from your talk that got posted to the Git mailing list. If I understand them correctly, you're trying to get GitLab (and have successfully gotten Gitea) to recognize your client ID out of the box so that authentication to any GitLab server, not just gitlab.com, works.
I think the same issue applies to GitHub, in that there's a self-hosted GitHub Enterprise Server product. For example, the gh command supports talking to an enterprise server, not just github.com.
Have you chatted with GitHub about doing the same thing? I think it'd be useful - my employer ended up writing something that's basically like your tool for our Enterprise Server instance. (Though at this point we've customized it significantly and we now support transparent single sign-on without even bringing up a browser, which is its own much more complicated story.... but I think it'd be useful for other people! :) )
Hi. I haven't yet, but I'd like to. I don't have access to any GitHub Enterprise Server for testing.
- Does Git Credential Manager OAuth work without setup? It looks like GCM uses universal OAuth client credentials for all instances.
GCM uses different redirect URIs for GitHub Enterprise Server and GitHub so the client registrations must be independent in some way
- How does GitHub Enterprise Server respond to unauthenticated requests? Is the
www-authenticate: Basic realm="GitHub"header the same as GitHub?
The same according to git-ecosystem/git-credential-manager#1246
As a workaround, you can configure git-credential-oauth to impersonate Git Credential Manager using its public credentials:
# impersonate Git Credential Manager
git config --global credential.https://github.example.com.oauthClientId 0120e057bd645470c1ed
git config --global credential.https://github.example.com.oauthClientSecret 18867509d956965542b521a529a79bb883344c90
git config --global credential.https://github.example.com.oauthRedirectURL http://localhost/This requires git-credential-oauth 0.11 together with Git 2.41 or later.