Git-Credential-Manager-for-Windows

Git-Credential-Manager-for-Windows copied to clipboard

GitHub Enterprise supports creating and using Personal Access Tokens for authentication over HTTPS. It also supports single sign-on, such as with Azure Active Directory.

I believe the plugin for Azure Repos uses single sign-on to create and store a PAT automatically, without the need for any user interaction (except perhaps in a single-sign on dialog, for example, using corporate credentials). It would be great to have the same support for GitHub Enterprise.

The flow envisioned here would be something like the following:

1. Attempt to clone a repo from a GitHub Enterprise URL.
2. No credentials for this URL are persisted locally, and an initial clone attempt without credentials fails but is not visible to the user.
3. We determine that the URL is for a GitHub Enterprise server.
4. A SSO authentication flow begins to get API access to the GitHub Enterprise server. If no 2FA is required, no user interaction is required.
5. A Personal Access Token is created for the user on the GitHub Enterprise server using the API. A copy of the PAT is persisted locally in Credential Manager.
6. The clone succeeds.

Future clones on the same machine would work as follows:

1. Attempt to clone a repo from a GitHub Enterprise URL.
2. We find an entry for this remote URL in Credential Manager and use it for the first attempt.
3. The clone succeeds.