Git for Windows keeps forgetting that it's signed in as soon as my default browser clears its cache

[astrohart]

So, I am aware that there is a new Git for Windows feature to use your browser to sign in to GitHub from a 3rd-party app (such as Visual Studio 2019). I think it sucks.

This is all well and fine, but my browser is Chrome and Chrome likes to sign itself out of my Google account at random (as does IE) and I end up having to click the "Git for Windows sign in with your web browser" 2-3 times per day. It's really annoying and interrupts my train of thought when I am trying to do my work and submit check ins and am "in the zone." as it were.

I much prefer how Git for Windows used to work, where it would prompt for your credentials itself and then remember them forever. I think that is much preferable to the current set up for ease-of-use purposes.

[dscho]

Brian, while I appreciate that you took time to write up your grievance, I do not particularly like the tone. It sounds as if you assume that somebody changed Git for Windows just to annoy you. That somebody spent time to make your life miserable.

I would like to invite you understand that this is Open Source, and you benefit from a tremendous amount of work, mostly by volunteers in their free time. There would be more respectful ways to appreciate this work, e.g. by contributing your time to improve Git for Windows.

As far as this "feature to use your browser to sign in to GitHub" goes, I am not sure I really understand. Do you mean Git Credential Manager Core? If so, you can easily turn it off when (re-)installing:

And since this is not a bug report, but more an airing of a grievance, I'll convert this to a discussion.

[derrickstolee]

If this is new behavior related to the change from Git Credential Manager to Git Credential Manager Core, then perhaps we should move the discussion to the GCM Core discussions page.

GCM core should be storing the credentials itself, so perhaps when Chrome signs itself out it also invalidates those tokens? It would be good to watch Windows Credential Manager application to see if your credentials are being removed locally or revoked remotely.

[mjcheetham]

There's a couple of things going on here..

Firstly, since GitHub removed the ability to use username/password (and 2FA code) authentication against their API, we are no longer able to use a username/password/2FA code from a prompt and generate a Personal Access Token (PAT) via the authorizations API endpoint. Both versions of GCM have used this mechanism to authenticate against GitHub - they don't directly store your username/password but instead use them to create a PAT, which is what is stored in the Windows Credential Manager store.

The OAuth/web-based sign-in is now a requirement(*) for authentication with GitHub - this was a GitHub decision, not the Git, Git for Windows, or Git Credential Manager projects. GCM Core, in response to these GitHub authentication changes, has had to implement the OAuth/web-based flow. This new authentication flow actually works in a similar way to the previous mechanism, once you authenticate via the web browser, GitHub returns to GCM an OAuth token, which is stored in the Windows Credential Manager store, just like the old PAT was.

You can read more about these authentication changes in this document.

Secondly, it sounds like there is a possibly a bug in how we're storing the OAuth token. You should not be prompted until that OAuth token expires or is revoked. If you could please open an issue over at the GCM Core project, making sure to include trace log output by setting the GCM_TRACE environment variable to 1.

(*) You can also still manually generate a PAT from the web UI, and manually create an entry in the Windows Credential Manager store, which GCM (and GCM Core) will both read and use. Instructions here.