GCM does not prompt for auth on first git call after PATs expire #1705
Comments
|
My understanding is that this is a GCM limitation due to the way that git.exe handles expired PATs. Are there any plans to implement a fix or improvement for the issue, or recommendations for a workaround? |
|
A bit more info: Is there a workaround for needing to retry?
Why do PATs require re-trying the git.exe op? git will fail after the PAT has expired, but GCM doesn't have a way to know that it's expired without trying again. tldr; GCM implementation detail. Will there be a fix that eliminates the need to retry to surface the GCM dialog? Git improvements to credential helper protocol would allow GCM to respond to an initial failure and get a second chance to retry/reauth. Why does GCM default to PATs instead of OAuth? What's the different between PATs and OAuth? Are the any drawbacks to switching to OAuth? The main difference and complication with OAuth is that GCM would now maintain an identity -> resource mapping, whereas before the PAT was directly linked to the URL/resource. There are some edge cases or weird set ups with multiple user accounts or guests in a tenant that can confuse GCM, and haven’t been well tested. cc @mjcheetham |
Version
2.5.1+90d5f897f164a8fe07d2aa3bf7db439b0b4e03ea
Operating system
Windows
OS version or distribution
Windows 11
Git hosting provider(s)
Azure DevOps
Other hosting provider
No response
(Azure DevOps only) What format is your remote URL?
https://{org}.visualstudio.com
Can you access the remote repository directly in the browser?
Yes, I can access the repository
Expected behavior
GCM will prompt for auth on the first git.exe call after my PAT expires.
Actual behavior
GCM will not prompt for auth on the first git.exe call after my PAT expires, I am required to make a second git.exe call for GCM to prompt.
Logs
No response
The text was updated successfully, but these errors were encountered: