1 files changed, 72 insertions, 46 deletions

diff --git a/Documentation/technical/api-credentials.txt b/Documentation/technical/api-credentials.txt
index 21ca6a2553..75368f26ca 100644
--- a/Documentation/technical/api-credentials.txt
+++ b/Documentation/technical/api-credentials.txt
@@ -6,8 +6,52 @@ password credentials from the user (even though credentials in the wider
 world can take many forms, in this document the word "credential" always
 refers to a username and password pair).
 
+This document describes two interfaces: the C API that the credential
+subsystem provides to the rest of Git, and the protocol that Git uses to
+communicate with system-specific "credential helpers". If you are
+writing Git code that wants to look up or prompt for credentials, see
+the section "C API" below. If you want to write your own helper, see
+the section on "Credential Helpers" below.
+
+Typical setup
+-------------
+
+------------
++-----------------------+
+| Git code (C)          |--- to server requiring --->
+|                       |        authentication
+|.......................|
+| C credential API      |--- prompt ---> User
++-----------------------+
+	^      |
+	| pipe |
+	|      v
++-----------------------+
+| Git credential helper |
++-----------------------+
+------------
+
+The Git code (typically a remote-helper) will call the C API to obtain
+credential data like a login/password pair (credential_fill). The
+API will itself call a remote helper (e.g. "git credential-cache" or
+"git credential-store") that may retrieve credential data from a
+store. If the credential helper cannot find the information, the C API
+will prompt the user. Then, the caller of the API takes care of
+contacting the server, and does the actual authentication.
+
+C API
+-----
+
+The credential C API is meant to be called by Git code which needs to
+acquire or store a credential. It is centered around an object
+representing a single credential and provides three basic operations:
+fill (acquire credentials by calling helpers and/or prompting the user),
+approve (mark a credential as successfully used so that it can be stored
+for later use), and reject (mark a credential as unsuccessful so that it
+can be erased from any persistent storage).
+
 Data Structures
----------------
+~~~~~~~~~~~~~~~
 
 `struct credential`::
 
@@ -21,14 +65,17 @@ Data Structures
 The `helpers` member of the struct is a `string_list` of helpers.  Each
 string specifies an external helper which will be run, in order, to
 either acquire or store credentials. See the section on credential
-helpers below.
+helpers below. This list is filled-in by the API functions
+according to the corresponding configuration variables before
+consulting helpers, so there usually is no need for a caller to
+modify the helpers field at all.
 +
 This struct should always be initialized with `CREDENTIAL_INIT` or
 `credential_init`.
 
 
 Functions
----------
+~~~~~~~~~
 
 `credential_init`::
 
@@ -72,7 +119,7 @@ Functions
 	Parse a URL into broken-down credential fields.
 
 Example
--------
+~~~~~~~
 
 The example below shows how the functions of the credential API could be
 used to login to a fictitious "foo" service on a remote host:
@@ -113,7 +160,7 @@ int foo_login(struct foo_connection *f)
 		break;
 	default:
 		/*
-		 * Some other error occured. We don't know if the
+		 * Some other error occurred. We don't know if the
 		 * credential is good or bad, so report nothing to the
 		 * credential subsystem.
 		 */
@@ -130,13 +177,15 @@ int foo_login(struct foo_connection *f)
 Credential Helpers
 ------------------
 
-Credential helpers are programs executed by git to fetch or save
+Credential helpers are programs executed by Git to fetch or save
 credentials from and to long-term storage (where "long-term" is simply
-longer than a single git process; e.g., credentials may be stored
+longer than a single Git process; e.g., credentials may be stored
 in-memory for a few minutes, or indefinitely on disk).
 
-Each helper is specified by a single string. The string is transformed
-by git into a command to be executed using these rules:
+Each helper is specified by a single string in the configuration
+variable `credential.helper` (and others, see linkgit:git-config[1]).
+The string is transformed by Git into a command to be executed using
+these rules:
 
   1. If the helper string begins with "!", it is considered a shell
      snippet, and everything after the "!" becomes the command.
@@ -192,47 +241,17 @@ appended to its command line, which is one of:
 	Remove a matching credential, if any, from the helper's storage.
 
 The details of the credential will be provided on the helper's stdin
-stream. The credential is split into a set of named attributes.
-Attributes are provided to the helper, one per line. Each attribute is
-specified by a key-value pair, separated by an `=` (equals) sign,
-followed by a newline. The key may contain any bytes except `=`,
-newline, or NUL. The value may contain any bytes except newline or NUL.
-In both cases, all bytes are treated as-is (i.e., there is no quoting,
-and one cannot transmit a value with newline or NUL in it). The list of
-attributes is terminated by a blank line or end-of-file.
-
-Git will send the following attributes (but may not send all of
-them for a given credential; for example, a `host` attribute makes no
-sense when dealing with a non-network protocol):
-
-`protocol`::
-
-	The protocol over which the credential will be used (e.g.,
-	`https`).
-
-`host`::
-
-	The remote hostname for a network credential.
-
-`path`::
-
-	The path with which the credential will be used. E.g., for
-	accessing a remote https repository, this will be the
-	repository's path on the server.
-
-`username`::
-
-	The credential's username, if we already have one (e.g., from a
-	URL, from the user, or from a previously run helper).
-
-`password`::
-
-	The credential's password, if we are asking it to be stored.
+stream. The exact format is the same as the input/output format of the
+`git credential` plumbing command (see the section `INPUT/OUTPUT
+FORMAT` in linkgit:git-credential[1] for a detailed specification).
 
 For a `get` operation, the helper should produce a list of attributes
 on stdout in the same format. A helper is free to produce a subset, or
 even no values at all if it has nothing useful to provide. Any provided
-attributes will overwrite those already known about by git.
+attributes will overwrite those already known about by Git.  If a helper
+outputs a `quit` attribute with a value of `true` or `1`, no further
+helpers will be consulted, nor will the user be prompted (if no
+credential has been provided, the operation will then fail).
 
 For a `store` or `erase` operation, the helper's output is ignored.
 If it fails to perform the requested operation, it may complain to
@@ -243,3 +262,10 @@ request.
 If a helper receives any other operation, it should silently ignore the
 request. This leaves room for future operations to be added (older
 helpers will just ignore the new requests).
+
+See also
+--------
+
+linkgit:gitcredentials[7]
+
+linkgit:git-config[1] (See configuration variables `credential.*`)