This repository was archived by the owner on Sep 30, 2024. It is now read-only.
gitserver: Add oauth2 username to GitHub clone url#45137
Merged
pjlast merged 8 commits intoDec 6, 2022
Conversation
Contributor
|
Codenotify: Notifying subscribers in CODENOTIFY files for diff e14b9c8...70877e0.
|
ryanslade
approved these changes
Dec 5, 2022
2 tasks
mrnugget
reviewed
Dec 5, 2022
| u.User = url.UserPassword("x-access-token", cfg.Token) | ||
| } else { | ||
| u.User = url.User(cfg.Token) | ||
| u.User = url.UserPassword("oauth2", cfg.Token) |
Contributor
There was a problem hiding this comment.
What if someone uses the legacy token? Does that still work?
Contributor
Author
There was a problem hiding this comment.
In the description of the PR:
I also confirmed that, with this change, the classic PATs still work.
:)
mrnugget
approved these changes
Dec 5, 2022
ryanslade
reviewed
Dec 6, 2022
|
|
||
| > NOTE: Fine-grained personal access token suport is still experimental. Some functionality may not yet work. | ||
|
|
||
| To sync repositories using fine-grained personal access tokens read-only access on the Content permission is required for repositories. |
Contributor
There was a problem hiding this comment.
Suggested change
| To sync repositories using fine-grained personal access tokens read-only access on the Content permission is required for repositories. | |
| To sync repositories using fine-grained personal access tokens read-only access on the `Content` permission is required for repositories. |
ryanslade
reviewed
Dec 6, 2022
|
|
||
| To sync repositories using fine-grained personal access tokens read-only access on the Content permission is required for repositories. | ||
|
|
||
| It should also be noted that fine-grained personal access tokens work a bit different than normal personal access tokens. For example, a classic personal access token can access all repositories of the owner, as well as repositories of organizations that the owner belongs to. However, for fine-grained personal access tokens, access is restricted to the owner of the token. If access to a GitHub organization's repositories is required, the GitHub organization has to be the owner of the fine-grained personal access token. |
Contributor
There was a problem hiding this comment.
Suggested change
| It should also be noted that fine-grained personal access tokens work a bit different than normal personal access tokens. For example, a classic personal access token can access all repositories of the owner, as well as repositories of organizations that the owner belongs to. However, for fine-grained personal access tokens, access is restricted to the owner of the token. If access to a GitHub organization's repositories is required, the GitHub organization has to be the owner of the fine-grained personal access token. | |
| It should also be noted that fine-grained personal access tokens work a bit differently than normal personal access tokens. For example, a classic personal access token can access all repositories of the owner, as well as repositories of organizations that the owner belongs to. However, for fine-grained personal access tokens, access is restricted to the owner of the token. If access to a GitHub organization's repositories is required, the GitHub organization has to be the owner of the fine-grained personal access token. |
Contributor
There was a problem hiding this comment.
Pretty sure it's differently :)
(EDIT: @ryanslade I fixed it)
Contributor
There was a problem hiding this comment.
It also looked wrong to me but spell-checker didn't kick in, so I assumed I made a mistake. It showed the red line under it only when I went back to edit it... weird.
mrnugget
reviewed
Dec 6, 2022
|
|
||
| ### Fine-grained personal access tokens | ||
|
|
||
| > NOTE: Fine-grained personal access token suport is still experimental. Some functionality may not yet work. |
Contributor
There was a problem hiding this comment.
We do have an experimental badge in use in docs. Use that please too.
|
|
||
| To sync repositories using fine-grained personal access tokens read-only access on the Content permission is required for repositories. | ||
|
|
||
| It should also be noted that fine-grained personal access tokens work a bit different than normal personal access tokens. For example, a classic personal access token can access all repositories of the owner, as well as repositories of organizations that the owner belongs to. However, for fine-grained personal access tokens, access is restricted to the owner of the token. If access to a GitHub organization's repositories is required, the GitHub organization has to be the owner of the fine-grained personal access token. |
Contributor
There was a problem hiding this comment.
Pretty sure it's differently :)
(EDIT: @ryanslade I fixed it)
kopancek
approved these changes
Dec 6, 2022
kopancek
reviewed
Dec 6, 2022
| - An issue causing certain kinds of queries to behave inconsistently in Code Insights. [#44917](https://github.com/sourcegraph/sourcegraph/pull/44917) | ||
| - When the setting `batchChanges.enforceForks` is enabled, Batch Changes will now prefix the name of the fork repo it creates with the original repo's namespace name in order to prevent repo name collisions. [#43681](https://github.com/sourcegraph/sourcegraph/pull/43681), [#44458](https://github.com/sourcegraph/sourcegraph/pull/44458), [#44548](https://github.com/sourcegraph/sourcegraph/pull/44548), [#44924](https://github.com/sourcegraph/sourcegraph/pull/44924) | ||
| - Code Insights: fixed an issue where certain queries matching sequential whitespace characters would overcount. [#44969](https://github.com/sourcegraph/sourcegraph/pull/44969) | ||
| - GitHub fine-grained Personal Access Tokens can now clone repositories correctly. [#45137](https://github.com/sourcegraph/sourcegraph/pull/45137) |
Contributor
There was a problem hiding this comment.
This is confusing. We say in changelog that they can clone repositories and we say in the docs that they are not yet supported. Which one is it then? :)
Contributor
Author
There was a problem hiding this comment.
I mean, they can clone repositories but they aren't supported 😄
Contributor
Author
There was a problem hiding this comment.
Maybe I'll add "but are not yet officially supported"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #45136
Based on this Stackoverflow thread: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token/66156992#66156992 it seems that GitHub fine-grained Personal Access Tokens don't work without the
oauth2username. This PR adds the username when generating the GitHub clone URL.This is how other code hosts work as well, for example the clone URL for GitLab uses the
oauth2username as well: https://sourcegraph.com/github.com/sourcegraph/sourcegraph@ce477a4ad027d3dfcf74d4246d7f4c4a0eec3876/-/blob/internal/repos/clone_url.go?L216&subtree=trueI also confirmed that, with this change, the classic PATs still work.
Test plan
Tested repository cloning with both classic PATs and fine-grained PATs after the
oauth2username was added.