Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netrc #1

Open
jayvdb opened this issue Jan 8, 2020 · 3 comments
Open

netrc #1

jayvdb opened this issue Jan 8, 2020 · 3 comments

Comments

@jayvdb
Copy link
Contributor

jayvdb commented Jan 8, 2020

Could this library support storage of tokens in .netrc ? It seems to be possible.
I did a bit of research at fridex/githubcap#9
@dvershinin
Copy link
Owner

It's a bit confusing. I've seen example .netrc contents like this:

machine github.com
    login <put-your-application-token-here>
    password x-oauth-basic

machine github.com
login api
password xxxxxxxx

If we put machine as github.com should that apply to api.github.com?
I don't see any consistency with login/password fields...

If password=x-oauth-basic, OK we use what in login for token vaue. Any other cases should be handled?

@jayvdb
Copy link
Contributor Author

jayvdb commented Jan 11, 2020

https://github.com/actano/chef-netrc/blob/master/templates/default/netrc.erb uses password=x-oauth-basic, and https://github.com/treeder/start/blob/master/start.rb omits that. I suspect that the Python default netrc reader is a bit buggy, and may not support all valid combinations, but using password=x-oauth-basic probably avoids those problems.

There is a bunch of code mentioning this approach, but I have only scanned the results very quickly.

johntron/duo-search@a687c1c suggests some apps are putting the token in the password field, which IMO feels more appropriate as it should be the non-public value.

It seems like requests might have some automatic voodoo for netrc
https://github.com/requests/requests-oauthlib/blob/29ba9afd2f0e5ae4f87ebc4ef4a133c2bbf227b4/tests/test_oauth2_session.py#L501
https://github.com/psf/requests/blob/ff0c325014f817095de35013d385e137b111d6e8/docs/user/authentication.rst#netrc-authentication

@dvershinin
Copy link
Owner

So yeah, it appears that simply sticking login/token to .netrc, will make requests pick that up and automatically add it as basic HTTP authentication headers (which should work, according to GitHub Api docs). That is, without any change to the app which uses Python request s library.

But if someone wants to use token only, then this won't suffice.

Maybe, should disable requests handling of netrc altogether, as in here?
Then handle netrc entirely here.

Because otherwise, there'd be double read/parse of netrc file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jayvdb @dvershinin