1. 技术文章
  2. git, oauth2 token and GIT_ASKPASS

git, oauth2 token and GIT_ASKPASS

非 Y 不嫁゛ 提交于 2020-01-05 10:05:14

问题


I'm using Bitbucket and would like to get an automatic pull/push/clone working without using my plane password. I made some progress with generating Oauth2 access tokens for that purpose. My script looks like this:

consumer_key=XXXXXXXXXXXXXXXXXX
consumer_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

oauth2_return_str=$(curl -X POST https://bitbucket.org/site/oauth2/access_token -u "${consumer_key}:${consumer_secret}" -d grant_type=client_credentials 2>/dev/null)
oauth2_token=$(echo $oauth2_return_str | awk '{print $2}' | sed 's|[",]||g')

echo $oauth2_token

There is a clone one liner possible:

git clone "https://x-token-auth:$(curl -k -X POST https://bitbucket.org/site/oauth2/access_token -u "XXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -d grant_type=client_credentials | awk '{print $2}' | sed 's|[",]||g')@bitbucket.org/USER/REPO.git"

Anyway instead of rewriting the config file every hour (the tokens are valid just one hour) I found out that GIT_ASKPASS seems appropriate for that purpose:

GIT_ASKPASS
    If this environment variable is set, then git commands which need to
    acquire passwords or passphrases (e.g. for HTTP or IMAP authentication)             
    will call this program with a suitable prompt as command line argument 
    and read the password from its STDOUT. See also the core.askpass option 
    in git-config(1).

For completeness:

core.askPass
    Some commands (e.g. svn and http interfaces) that interactively ask for
    a password can be told to use an external program given via the value of 
    this variable. Can be overridden by the GIT_ASKPASS environment 
    variable. If not set, fall back to the value of the SSH_ASKPASS 
    environment variable or, failing that, a simple password prompt. The 
    external program shall be given a suitable prompt as command-line 
    argument and write the password on its STDOUT.

So I wrote a test script:

GIT_ASKPASS=gen-token.bat
GIT_CURL_VERBOSE=1

git clone "https://x-token-auth@bitbucket.org/USER/REPO.git"

BUT it is still prompting me with the password dialogue. If I then enter a generated token everything works as expected. What am I doing wrong?

EDIT: Ok git seems a little picky about the environment variables. I cahnged the test script to

GIT_ASKPASS=gen-token.bat git clone "https://x-token-auth@bitbucket.org/USER/REPO.git"

and it then worked. git config --global core.askPass /path-to/gen-token.sh makes the sript available globally.

来源:https://stackoverflow.com/questions/35640723/git-oauth2-token-and-git-askpass

标签
git
oauth
bitbucket
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!