Git-credential-manager-for-windows: Support for U2F tokens

Created on 7 Dec 2015  路  11Comments  路  Source: microsoft/Git-Credential-Manager-for-Windows

It'd be great if besides standard 2FA the Credential Manager also supported U2F just like login to GitHub/Google in Chrome. Instead of prompting for the Appcode the user would just touch the token to authenticate.

See also: https://github.com/blog/2071-github-supports-universal-2nd-factor-authentication

azure-devops bitbucket enhancement github help-wanted user-experience

Most helpful comment

Hello, I tried to authenticate to GitHub with Visual Studio 2019, and it asks for my OTP code instead of my FIDO2 security key.
Should I open a new issue, I'm confused where this was left off. Thank you!
D7mwICpWwAAsTv0

All 11 comments

If you have configured U2F with GitHub, I do not see a reason why the GCM would not work as is.

Have you tested this scenario? What is the outcome?

I did git push just now on a fresh computer and the console looks like this:

Please enter your GitHub credentials for https://github.com/
username: wiktor-k
password:
authcode (app):

The U2F token light does not flash like it does when I do login to GitHub via Chrome. When I touch it nothing happens on console.

If I put the "authcode" (numbers from Google Authenticator) it works but I think it would be nice if the U2F token could be used instead of typing numbers :)

To be clear 2FA (Google Authenticator) works correctly, I'm talking about physical tokens that support U2F FIDO standard.

(On a related not the wording "authcode" could be improved, I had to browse the docs to figure out if that's the token generated on GitHub or number from 2FA application).

(On a related not the wording "authcode" could be improved, I had to browse the docs to figure out if that's the token generated on GitHub or number from 2FA application).

Apologies, that term comes directly from GitHub. Happily change it if there is a better term to use and isn't overly verbose.

The U2F token light does not flash like it does when I do login to GitHub via Chrome. When I touch it nothing happens on console.

Interesting. Seems like a great feature for GitHub to contribute to the project. :wink:

Yep, although it's certainly not only GitHub that's using it: https://en.wikipedia.org/wiki/Universal_2nd_Factor ("Chrome is currently the only browser supporting U2F. Microsoft is working on support for Windows 10 and the Edge browser. Mozilla is integrating it into Firefox.")

It's currently used in browsers but why not during console authentication? :)

Happily change it if there is a better term to use and isn't overly verbose.

Maybe "2FA authcode"? "2FA" would definitely tell me what code is it.

By the way is there a documentation somewhere how GCM detects the need for additional authcode? Is GitHub just special cased? Or maybe I'll just browse the code...

By the way is there a documentation somewhere how GCM detects the need for additional authcode? Is GitHub just special cased? Or maybe I'll just browse the code...

Best documentation is the code. Essentially, GitHub and VisualStudio.com are special cased.

https://github.com/Microsoft/Git-Credential-Manager-for-Windows/blob/master/Cli-CredentialHelper/Program.cs#L494

I see, thanks for help!

Is this a wontfix or has this feature been added?

Is this a wontfix or has this feature been added?

Both. A range of devices have had supported added via updates to the Azure Directory Authentication Library [ADAL]. Outside of ADAL improvements, or improvements provided by GitHub and/or Atlassian, there's not much the GCM can do directly.

Neat, thanks! Come to think of it, I tend to recall that GCM asked me for my Fido key sometime ago. Cool.

Hello, I tried to authenticate to GitHub with Visual Studio 2019, and it asks for my OTP code instead of my FIDO2 security key.
Should I open a new issue, I'm confused where this was left off. Thank you!
D7mwICpWwAAsTv0

I'm confused where this was left off.

I guess it's "PRs welcome" based on this comment:

Interesting. Seems like a great feature for GitHub to contribute to the project.

Yubico has a suite of "host libraries" that allow interacting with U2F tokens from native executables: https://developers.yubico.com/Software_Projects/FIDO_U2F/U2F_Host_Libraries/

Was this page helpful?
0 / 5 - 0 ratings

Related issues

pfmoore picture pfmoore  路  57Comments

pentop picture pentop  路  38Comments

eamodio picture eamodio  路  43Comments

vicpon picture vicpon  路  40Comments

thedavidscherer picture thedavidscherer  路  21Comments