diff options
Diffstat (limited to 'Documentation/technical/api-credentials.txt')
-rw-r--r-- | Documentation/technical/api-credentials.txt | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/Documentation/technical/api-credentials.txt b/Documentation/technical/api-credentials.txt index 5977b58e57..e44426dd04 100644 --- a/Documentation/technical/api-credentials.txt +++ b/Documentation/technical/api-credentials.txt @@ -7,9 +7,9 @@ world can take many forms, in this document the word "credential" always refers to a username and password pair). This document describes two interfaces: the C API that the credential -subsystem provides to the rest of git, and the protocol that git uses to +subsystem provides to the rest of Git, and the protocol that Git uses to communicate with system-specific "credential helpers". If you are -writing git code that wants to look up or prompt for credentials, see +writing Git code that wants to look up or prompt for credentials, see the section "C API" below. If you want to write your own helper, see the section on "Credential Helpers" below. @@ -18,7 +18,7 @@ Typical setup ------------ +-----------------------+ -| git code (C) |--- to server requiring ---> +| Git code (C) |--- to server requiring ---> | | authentication |.......................| | C credential API |--- prompt ---> User @@ -27,11 +27,11 @@ Typical setup | pipe | | v +-----------------------+ -| git credential helper | +| Git credential helper | +-----------------------+ ------------ -The git code (typically a remote-helper) will call the C API to obtain +The Git code (typically a remote-helper) will call the C API to obtain credential data like a login/password pair (credential_fill). The API will itself call a remote helper (e.g. "git credential-cache" or "git credential-store") that may retrieve credential data from a @@ -42,7 +42,7 @@ contacting the server, and does the actual authentication. C API ----- -The credential C API is meant to be called by git code which needs to +The credential C API is meant to be called by Git code which needs to acquire or store a credential. It is centered around an object representing a single credential and provides three basic operations: fill (acquire credentials by calling helpers and/or prompting the user), @@ -160,7 +160,7 @@ int foo_login(struct foo_connection *f) break; default: /* - * Some other error occured. We don't know if the + * Some other error occurred. We don't know if the * credential is good or bad, so report nothing to the * credential subsystem. */ @@ -177,14 +177,14 @@ int foo_login(struct foo_connection *f) Credential Helpers ------------------ -Credential helpers are programs executed by git to fetch or save +Credential helpers are programs executed by Git to fetch or save credentials from and to long-term storage (where "long-term" is simply -longer than a single git process; e.g., credentials may be stored +longer than a single Git process; e.g., credentials may be stored in-memory for a few minutes, or indefinitely on disk). Each helper is specified by a single string in the configuration variable `credential.helper` (and others, see linkgit:git-config[1]). -The string is transformed by git into a command to be executed using +The string is transformed by Git into a command to be executed using these rules: 1. If the helper string begins with "!", it is considered a shell @@ -248,7 +248,10 @@ FORMAT` in linkgit:git-credential[7] for a detailed specification). For a `get` operation, the helper should produce a list of attributes on stdout in the same format. A helper is free to produce a subset, or even no values at all if it has nothing useful to provide. Any provided -attributes will overwrite those already known about by git. +attributes will overwrite those already known about by Git. If a helper +outputs a `quit` attribute with a value of `true` or `1`, no further +helpers will be consulted, nor will the user be prompted (if no +credential has been provided, the operation will then fail). For a `store` or `erase` operation, the helper's output is ignored. If it fails to perform the requested operation, it may complain to |