isomorphic-git

isomorphic-git

  • API Docs
  • Guide
  • Blog
  • GitHub
  • npm

›Plugins

All Commands

  • Alphabetical Index
  • Error Code Index

Repository

  • init
  • clone
  • commit
  • log
  • config
  • fetch
  • checkout
  • push
  • pull
  • merge
  • walkBeta1
  • verify

Files

  • add
  • remove
  • listFiles
  • status

Branches

  • currentBranch
  • branch
  • deleteBranch
  • listBranches

Tags

  • tag
  • annotatedTag
  • deleteTag
  • listTags

Remotes

  • getRemoteInfo
  • addRemote
  • deleteRemote
  • listRemotes

Plugins

  • credentialManager
  • emitter
  • fs
  • http
  • pgp

Plumbing Commands

  • findRoot
  • expandRef
  • expandOid
  • resetIndex
  • resolveRef
  • writeRef
  • deleteRef
  • readObject
  • writeObject
  • statusMatrix
  • isDescendent
  • indexPack

Misc Commands

  • version

Deprecated Commands

  • utils.auth
  • utils.oauth2
  • sign
Edit

'credentialManager' plugin

You can always use the username, password, token, and oauth2format parameters to authenticate to remote git servers.

But sometimes this is not ideal:

  • You might not know whether a git repo requires authentication before you attempt to clone it, in the case of private repos.
  • In order to support submodules (it doesn't yet, but that feature is planned) we have to recursively clone multiple repos, but those repos might not all use the same username/password. We won't even know what those submodule repo URLs are until we've cloned the first repo, so providing the username and password at the beginning of the clone command is not ideal.

Therefore there is a credentialManager plugin system that allows isomorphic-git to dynamically request credentials on demand.

Here is how to initialize a credentialManager plugin:

// Using require() in Node.js
const git = require('isomorphic-git')
git.plugins.set('credentialManager', credentialManager)

// using ES6 modules
import { plugins } from 'isomorphic-git'
plugins.set('credentialManager', credentialManager)

Note: only one credentialManager plugin can be registered at a time.

This also leads to a better experience for the user. For instance, instead of entering their username/password every time, it can be stored and remembered in a keyring. The username/password combo can be stored for an entire domain name, such as one username/password for gitlab.com and another for github.com so users almost never need to re-enter their credentials once saved. But, if for some reason the saved password doesn't work (such as when they changed their password), instead of failing isomorphic-git could interactively prompt the user for the new password.

Implementing your own credentialManager plugin

A credentialManager plugin must implement the following API:

interface GitCredentialManagerPlugin {
  fill ({ url: string }): Promise<JSON>;
  approved ({ url: string, auth: JSON }): Promise<void>;
  rejected ({ url: string, auth: JSON }): Promise<void>;
}

This API is modeled after the canonical git-credential API, although I've modified the fill|approve|reject to be fill|approved|rejected because it took me forever to figure out that "approve" is not asking for approval, but informing the backend that these credentials were successful. (Similarly 'reject' is not telling the backend to reject the credentials, but informing the backend that those credentials were rejected by the server.)

Here auth can be any combination of username, password, token, and oauth2format. (See authentication for details.) You can also include additional properties that may only be understood by certain remote providers that understand them, such as an ssh_keyfile for the hypothetical SSH remote provider. The only requirement is it be a JSON-serializable value.

If during fill, the credential helper does not have (or chooses not to provide) any auth information for that url, it should return an empty JSON object.

_Note: whether the path is should be considered when searching for matching credentials will be left to credentialManager implementations but to match git's behavior implementations should respect the config value useHttpPath. But let's be honest - that's not the most important detail.

Take a look at the examples below for inspiration:

  • credential-manager-node-cli
  • credential-manager-web
  • GIT Web Terminal
← listRemotesemitter →
isomorphic-git
Docs
Getting StartedAPI Reference
Community
User ShowcaseProject Chat
GitHub
More
In The NewsBlog
Ad