Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store PasswordExpiry and OAuthRefreshToken #1464

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Store PasswordExpiry and OAuthRefreshToken #1464

wants to merge 1 commit into from

Conversation

hickford
Copy link
Contributor

@hickford hickford commented Nov 3, 2023
edited
Loading

Add properties ICredential.PasswordExpiry and ICredential.OAuthRefreshToken. These correspond to Git credential attributes password_expiry_utc and oauth_refresh_token, see https://git-scm.com/docs/git-credential#IOFMT. Previously these attributes were silently disarded.

Plumb these properties from input to host provider to credential store to output.

Credential store support for these attributes is optional, marked by new properties CredentialStore.CanStorePasswordExpiry and ICredentialStore.CanStoreOAuthRefreshToken. Implement support in CredentialCacheStore, SecretServiceCollection and WindowsCredentialManager.

Add method IHostProvider.ValidateCredentialAsync. The default implementation simply checks expiry. Other implementations might query a server.

Improve implementations of GenericHostProvider and GitLabHostProvider. Previously, GetCredentialAsync saved credentials as a side effect. This is no longer necessary. The workaround to store OAuth refresh tokens under a separate service is no longer necessary assuming CredentialStore.CanStoreOAuthRefreshToken. Querying GitLab to check token expiration is no longer necessary assuming CredentialStore.CanStorePasswordExpiry.

Fixes #1463
Fixes #268

@hickford
introduce PasswordExpiryUTC and OAuthRefreshToken
fdd7759 
Add properties ICredential.PasswordExpiryUTC and
ICredential.OAuthRefreshToken. These correspond to Git credential
attributes password_expiry_utc and oauth_refresh_token, see
https://git-scm.com/docs/git-credential#IOFMT. Previously these
attributes were silently disarded.

Plumb these properties from input to host provider to credential store
to output.

Credential store support for these attributes is optional, marked by
new properties ICredentialStore.CanStorePasswordExpiryUTC and
ICredentialStore.CanStoreOAuthRefreshToken. Implement support in
CredentialCacheStore, SecretServiceCollection and
WindowsCredentialManager.

Add method IHostProvider.ValidateCredentialAsync. The default
implementation simply checks expiry.

Improve implementations of GenericHostProvider and GitLabHostProvider.
Previously, GetCredentialAsync saved credentials as a side effect. This
is no longer necessary. The workaround to store OAuth refresh tokens
under a separate service is no longer necessary assuming
CredentialStore.CanStoreOAuthRefreshToken. Querying GitLab to check
token expiration is no longer necessary assuming
CredentialStore.CanStorePasswordExpiryUTC.
@hickford hickford force-pushed the expiry-and-oauth-refresh-token branch 3 times, most recently from a2425b9 to a21c066 Compare November 3, 2023 21:48
@hickford hickford changed the title introduce PasswordExpiryUTC and OAuthRefreshToken introduce PasswordExpiry and OAuthRefreshToken Nov 3, 2023
@hickford hickford force-pushed the expiry-and-oauth-refresh-token branch from a21c066 to 2a14b66 Compare November 4, 2023 06:36
@hickford hickford changed the title introduce PasswordExpiry and OAuthRefreshToken Store PasswordExpiry and OAuthRefreshToken Nov 10, 2023
@hickford hickford added the enhancement New feature or request label Nov 10, 2023
@hickford hickford marked this pull request as ready for review November 10, 2023 20:07
@hickford
Copy link
Contributor Author

Windows build ought to be fixed by #1418

@hickford hickford force-pushed the expiry-and-oauth-refresh-token branch 2 times, most recently from 83c3f3a to b59547b Compare February 22, 2024 20:14
ldennington
ldennington requested changes Apr 15, 2024
View reviewed changes
Copy link
Contributor

@ldennington ldennington left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good! Most of my comments are small things - the only major issue that I'd need to see updated before approving is not having expiry implemented for Windows Credential Manager.

src/shared/Core/Credential.cs Outdated Show resolved Hide resolved
src/shared/Core/Credential.cs Outdated Show resolved Hide resolved
src/shared/Core/Credential.cs Outdated Show resolved Hide resolved
src/shared/Core/Credential.cs Outdated Show resolved Hide resolved
src/shared/Core/CredentialCacheStore.cs Outdated Show resolved Hide resolved
src/shared/Core/Interop/Windows/WindowsCredentialManager.cs Outdated Show resolved Hide resolved
src/shared/GitLab/GitLabHostProvider.cs Show resolved Hide resolved
src/shared/GitLab/GitLabHostProvider.cs Outdated Show resolved Hide resolved
src/shared/TestInfrastructure/Objects/TestCredentialStore.cs Outdated Show resolved Hide resolved
src/shared/Core/Interop/Windows/WindowsCredential.cs Outdated Show resolved Hide resolved
@hickford hickford force-pushed the expiry-and-oauth-refresh-token branch 4 times, most recently from 01fcd91 to fdd7759 Compare November 1, 2024 20:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ldennington ldennington Awaiting requested review from ldennington

@mjcheetham mjcheetham Awaiting requested review from mjcheetham

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Store oauth_refresh_token Add basic validation of stored credentials
2 participants
@hickford @ldennington