Feature Request: Support authentication to GitHub/GitLab using HTTPS via access tokens

[ppatriarcaISC]

Are there any plans on the roadmap to allow for authentication to GitHub/GitLab using HTTPS? There is a concept of access tokens which can be passed in the HTTPS calls that will allow for authentication. We have a client that 'might' not allow using SSH to access their GitHub account. It would be good to be able to support more than one option.

https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens

[isc-pbarton]

My thoughts - we can distinguish between single-user environments and multiple-user environments. For single-user environments, it should be trivial to allow the developer to set their personal access token as Git credentials. For multiple-user environments, it will be more complicated because access tokens in GitHub are per-user, not per-repository. A couple options are:

• Require creating a new GitHub user for git-source-control whose personal access token is used for all pushes/pulls. Probably a bad idea.
• Require each developer to create their own personal access token and add it through the git-source-control settings UI. Git-source-control could then dynamically switch git credentials based on which IRIS user is running the command.

[ppatriarcaISC]

I think the second option would be more effective because its better auditing on the system side (instead of one service account). But to your point about tokens in our other chat, they can be looked at with the same scrutiny as SSH keys in terms of needing rotations routinely and protecting the contents of the key material/file. The client in question also uses Okta, just to make this a little more complicated :) , so we'll want to factor in how IdPs might play with this. It's all just theory now I know but its stuff to think about.