Re: [PATCH 06/13] docs: indicate new credential protocol fields

[PATCH 00/13] Support for arbitrary schemes in credentials · brian m. carlson <hidden> · 2024-03-24
[PATCH 09/13] credential: enable state capability · brian m. carlson <hidden> · 2024-03-24
[PATCH 08/13] credential: add an argument to keep state · brian m. carlson <hidden> · 2024-03-24
Re: [PATCH 08/13] credential: add an argument to keep state · mirth hickford <hidden> · 2024-04-01
Re: [PATCH 08/13] credential: add an argument to keep state · brian m. carlson <hidden> · 2024-04-01
[PATCH 10/13] docs: set a limit on credential line length · brian m. carlson <hidden> · 2024-03-24
[PATCH 05/13] credential: gate new fields on capability · brian m. carlson <hidden> · 2024-03-24
Re: [PATCH 05/13] credential: gate new fields on capability · Patrick Steinhardt <hidden> · 2024-03-27
Re: [PATCH 05/13] credential: gate new fields on capability · brian m. carlson <hidden> · 2024-03-27
Re: [PATCH 05/13] credential: gate new fields on capability · Patrick Steinhardt <hidden> · 2024-04-02
Re: [PATCH 05/13] credential: gate new fields on capability · brian m. carlson <hidden> · 2024-04-04
Re: [PATCH 05/13] credential: gate new fields on capability · Patrick Steinhardt <hidden> · 2024-04-04
Re: [PATCH 05/13] credential: gate new fields on capability · Jeff King <hidden> · 2024-03-28
Re: [PATCH 05/13] credential: gate new fields on capability · brian m. carlson <hidden> · 2024-03-28
[PATCH 07/13] http: add support for authtype and credential · brian m. carlson <hidden> · 2024-03-24
[PATCH 06/13] docs: indicate new credential protocol fields · brian m. carlson <hidden> · 2024-03-24
Re: [PATCH 06/13] docs: indicate new credential protocol fields · M Hickford <hidden> · 2024-03-25
Re: [PATCH 06/13] docs: indicate new credential protocol fields · brian m. carlson <hidden> · 2024-03-25
Re: [PATCH 06/13] docs: indicate new credential protocol fields · M Hickford <hidden> · 2024-03-30
Re: [PATCH 06/13] docs: indicate new credential protocol fields · brian m. carlson <hidden> · 2024-03-31
[PATCH 12/13] strvec: implement swapping two strvecs · brian m. carlson <hidden> · 2024-03-24
Re: [PATCH 12/13] strvec: implement swapping two strvecs · Patrick Steinhardt <hidden> · 2024-03-27
[PATCH 11/13] t5563: refactor for multi-stage authentication · brian m. carlson <hidden> · 2024-03-24
[PATCH 13/13] credential: add support for multistage credential rounds · brian m. carlson <hidden> · 2024-03-24
Re: [PATCH 13/13] credential: add support for multistage credential rounds · M Hickford <hidden> · 2024-03-28
Re: [PATCH 13/13] credential: add support for multistage credential rounds · brian m. carlson <hidden> · 2024-03-28
Re: [PATCH 13/13] credential: add support for multistage credential rounds · M Hickford <hidden> · 2024-04-01
[PATCH 02/13] remote-curl: reset headers on new request · brian m. carlson <hidden> · 2024-03-24
[PATCH 03/13] http: use new headers for each object request · brian m. carlson <hidden> · 2024-03-24
Re: [PATCH 03/13] http: use new headers for each object request · Patrick Steinhardt <hidden> · 2024-03-27
[PATCH 04/13] credential: add a field for pre-encoded credentials · brian m. carlson <hidden> · 2024-03-24
[PATCH 01/13] credential: add an authtype field · brian m. carlson <hidden> · 2024-03-24
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · M Hickford <hidden> · 2024-03-30
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · M Hickford <hidden> · 2024-03-30
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · Calvin Wan <hidden> · 2024-04-02
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · brian m. carlson <hidden> · 2024-04-04
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · Jackson Toeniskoetter <hidden> · 2024-04-08
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · M Hickford <hidden> · 2024-04-11
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · brian m. carlson <hidden> · 2024-04-12
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · M Hickford <hidden> · 2024-04-11
Re: [PATCH 00/13] Support for arbitrary schemes in credentials · brian m. carlson <hidden> · 2024-04-12
[PATCH v2 00/16] Support for arbitrary schemes in credentials · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 02/16] remote-curl: reset headers on new request · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 03/16] http: use new headers for each object request · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 04/16] credential: add a field for pre-encoded credentials · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 01/16] credential: add an authtype field · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 06/16] credential: add a field called "ephemeral" · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 05/16] credential: gate new fields on capability · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 07/16] docs: indicate new credential protocol fields · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 11/16] docs: set a limit on credential line length · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 09/16] credential: add an argument to keep state · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 10/16] credential: enable state capability · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 12/16] t5563: refactor for multi-stage authentication · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 08/16] http: add support for authtype and credential · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 14/16] t: add credential tests for authtype · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 13/16] credential: add support for multistage credential rounds · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 15/16] credential-cache: implement authtype capability · brian m. carlson <hidden> · 2024-04-17
[PATCH v2 16/16] credential: add method for querying capabilities · brian m. carlson <hidden> · 2024-04-17

From: M Hickford <hidden>
Date: 2024-03-25 23:16:20

Tell users that they can continue to use a username and password even if
the new capability is supported.

Signed-off-by: brian m. carlson <redacted>
---
 Documentation/git-credential.txt | 34 +++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/Documentation/git-credential.txt b/Documentation/git-credential.txt
index 918a0aa42b..f3ed3a82fa 100644
--- a/Documentation/git-credential.txt
+++ b/Documentation/git-credential.txt

@@ -178,6 +178,24 @@ empty string.
 Components which are missing from the URL (e.g., there is no
 username in the example above) will be left unset.
 
+`authtype`::
+	This indicates that the authentication scheme in question should be used.
+	Common values for HTTP and HTTPS include `basic`, `digest`, and `ntlm`,
+	although the latter two are insecure and should not be used.  If `credential`
+	is used, this may be set to an arbitrary string suitable for the protocol in
+	question (usually HTTP).

How about adding 'bearer' to this list? Popular hosts Bitbucket https://bitbucket.org and Gitea/Forgejo (such as https://codeberg.org) support Bearer auth with OAuth tokens.

++
+This value should not be sent unless the appropriate capability (see below) is
+provided on input.
+
+`credential`::
+	The pre-encoded credential, suitable for the protocol in question (usually
+	HTTP).  If this key is sent, `authtype` is mandatory, and `username` and
+	`password` are not used.

A credential protocol attribute named 'credential' is confusing. How about 'authorization' since it determines the HTTP Authorization header? This detail is surely worth mentioning too.

quoted hunk ↗ jump to hunk

++
+This value should not be sent unless the appropriate capability (see below) is
+provided on input.
+
 `wwwauth[]`::
 
 	When an HTTP response is received by Git that includes one or more

@@ -189,7 +207,21 @@ attribute 'wwwauth[]', where the order of the attributes is the same as
 they appear in the HTTP response. This attribute is 'one-way' from Git
 to pass additional information to credential helpers.
 
-Unrecognised attributes are silently discarded.
+`capability[]`::
+	This signals that the caller supports the capability in question.



+	This can be used to provide better, more specific data as part of the
+	protocol.
++
+The only capability currently supported is `authtype`, which indicates that the
+`authtype` and `credential` values are understood.  It is not obligatory to use
+these values in such a case, but they should not be provided without this
+capability.

++
+Callers of `git credential` and credential helpers should emit the
+capabilities they support unconditionally, and Git will gracefully
+handle passing them on.
+> +Unrecognised attributes and capabilities are silently discarded.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help