internal AuthenticationModes GetSupportedAuthenticationModes(Uri targetUri)
{
// Check for an explicit override for supported authentication modes
if (Context.Settings.TryGetSetting(
GitLabConstants.EnvironmentVariables.AuthenticationModes,
Constants.GitConfiguration.Credential.SectionName, GitLabConstants.GitConfiguration.Credential.AuthenticationModes,
out string authModesStr))
{
if (Enum.TryParse(authModesStr, true, out AuthenticationModes authModes) && authModes != AuthenticationModes.None)
{
Context.Trace.WriteLine($"Supported authentication modes override present: {authModes}");
return(authModes);
}
else
{
Context.Trace.WriteLine($"Invalid value for supported authentication modes override setting: '{authModesStr}'");
}
}
// GitLab.com has well-known supported auth modes
if (GitLabConstants.IsGitLabDotCom(targetUri))
{
return(GitLabConstants.DotComAuthenticationModes);
}
// Try to detect what auth modes are available for this non-GitLab.com host.
// Assume that PATs are always available to give at least one option to users!
var modes = AuthenticationModes.Pat;
// If there is a configured OAuth client ID (that isn't GitLab.com's client ID)
// then assume OAuth is possible.
string oauthClientId = GitLabOAuth2Client.GetClientId(Context.Settings);
if (!GitLabConstants.IsGitLabDotComClientId(oauthClientId))
{
modes |= AuthenticationModes.Browser;
}
else
{
// Tell the user that they may wish to configure OAuth for this GitLab instance
Context.Streams.Error.WriteLine(
$"warning: missing OAuth configuration for {targetUri.Host} - see {GitLabConstants.HelpUrls.GitLab} for more information");
}
// Would like to query password_authentication_enabled_for_git, but can't unless logged in https://gitlab.com/gitlab-org/gitlab/-/issues/349463.
// For now assume password auth is always available.
bool supportsBasic = true;
if (supportsBasic)
{
modes |= AuthenticationModes.Basic;
}
return(modes);
}
public async Task <OAuth2TokenResult> GetOAuthTokenViaBrowserAsync(Uri targetUri, IEnumerable <string> scopes)
{
ThrowIfUserInteractionDisabled();
var oauthClient = new GitLabOAuth2Client(HttpClient, Context.Settings, targetUri);
// We require a desktop session to launch the user's default web browser
if (!Context.SessionManager.IsDesktopSession)
{
throw new InvalidOperationException("Browser authentication requires a desktop session");
}
var browserOptions = new OAuth2WebBrowserOptions {
};
var browser = new OAuth2SystemWebBrowser(Context.Environment, browserOptions);
// Write message to the terminal (if any is attached) for some feedback that we're waiting for a web response
Context.Terminal.WriteLine("info: please complete authentication in your browser...");
OAuth2AuthorizationCodeResult authCodeResult =
await oauthClient.GetAuthorizationCodeAsync(scopes, browser, CancellationToken.None);
return(await oauthClient.GetTokenByAuthorizationCodeAsync(authCodeResult, CancellationToken.None));
}
public async Task <OAuth2TokenResult> GetOAuthTokenViaRefresh(Uri targetUri, string refreshToken)
{
var oauthClient = new GitLabOAuth2Client(HttpClient, Context.Settings, targetUri);
return(await oauthClient.GetTokenByRefreshTokenAsync(refreshToken, CancellationToken.None));
}