If you cancel the new modal dialog (credential.modalprompt=true), and fall back to the command line, I would expect it to support 2FA. Instead, it never asks for the authcode. It takes the username & password, then fails immediately.
If I use the old behavior (credential.modalprompt=false), then is asks for username, password, and authcode as expected.
This happens with both Git 2.7.x and 2.8.1 with credential manager v1.2.2
Yes, the model was changes to default to credential.modalprompt=true to better support GUI Git clients.
Are you suggesting that the GCM should fallback to CLI querying if the modal dialog is closed? Wouldn't that leave GUI users in a deadlock awaiting stdin?
I would suggest one of three behaviors:
1) If 2FA is enabled on the account – don’t pop up the modal dialog at all
2) If the username & password are entered in the modal dialog, then 2FA fails, fall back to CLI
3) Add a second modal dialog for the authcode if needed for 2FA
Right now, GitHub 2FA users are broken.
From: J Wyman [mailto:[email protected]]
Sent: Monday, April 18, 2016 7:22 AM
To: Microsoft/Git-Credential-Manager-for-Windows [email protected]
Cc: Patrick Lang Patrick.[email protected]
Subject: Re: [Microsoft/Git-Credential-Manager-for-Windows] git-credential-manager v1.2.2 doesn't prompt for GitHub 2FA with credential.modalprompt=true (#186)
Yes, the model was changes to default to credential.modalprompt=true to better support GUI Git clients.
Are you suggesting that the GCM should fallback to CLI querying if the modal dialog is closed? Wouldn't that leave GUI users in a deadlock awaiting stdin?
—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHubhttps://github.com/Microsoft/Git-Credential-Manager-for-Windows/issues/186#issuecomment-211401686
Right now, GitHub 2FA users are broken.
Interesting as it works fine for me.
Any time the GCM does a "fall back to CLI" you're basically asking GUI applications to deadlock. The user will not see the message on stderr, and cannot respond via stdin because those pipes are going nowhere. This leaves the user in a state of not being able to unblock git.exe and therefore, effectively, hung. Not a great experience :panda_face:
Ok - figured the GUI out. There are two typical credential prompts, but one has a different caption. If you get the right username/password, the second one does ask for authcode instead and you can log in.
@haacked another user confused by the "less than stellar" UX for GitHub. Is updating/fixing that still on your radar?
Yes it is. I've just been swamped with new responsibilities lately. :smile: I'm going to try and get to this soon as a side project. :smile:
@whoisj What would you say is the appropriate way to implement this? Our current 2fa dialog uses WPF. So should I add a small WPF application to the project and then shell out to that from GithubAuthcodeModalPrompt?
Or should I reference that WPF project and do some magical incantation to create a WPF window from the Console app (I assume there's a way to do that somehow). Or did you have another approach in mind?
@Haacked the GCM had full rights to display GUI elements. Either solution is fine, honestly which ever is easier for you and your team to implement is the best. Not having a second executable is my preference, but Git is already process spawning happy - so what is one more?
As for launch a wpf window from, well anywhere (of course) stackoverflow.com has the answer: http://stackoverflow.com/questions/4509714/how-to-start-the-wpf-window-from-console-programmatically
As for where to place your code, I'd assume GitHub would want to "own" the GithubAuthentication, GithubAuthority, and GithubTokenScope classes.
@whoisj I saw that as well. But did you see the note?
Note: be sure to add [STAThread] attribute to the Main method.
The Main method of GCM isn't marked that way right now. I don't have a solid enough understanding of the GCM code to know if that's acceptable. What do you think?
Ah, as I dig into this more, I realize my question is dumb. The UI is invoked via a Task.Run command. I just need to make sure that runs on the STAThread.
I have time tonight to make some progress.
:boom:

A lot more to do, but at least I have this showing up at the right time now!
Fantastic! :tada:
PR submitted! #209
@PatrickLang
If you cancel the new modal dialog (credential.modalprompt=true), and fall back to the command line, I would expect it to support 2FA. Instead, it never asks for the authcode. It takes the username & password, then fails immediately.
@whoisj
Are you suggesting that the GCM should fallback to CLI querying if the modal dialog is closed? Wouldn't that leave GUI users in a deadlock awaiting stdin?
But this still holds true. I just observed that if you cancel modal dialog, it does fall back to the cmd and waits for username and password. I guess GUI user wouldn't be happy. Or is there timeout after that git stops waiting and just fails?
I guess GUI user wouldn't be happy. Or is there timeout after that git stops waiting and just fails?
yes, and no. Git will prompt unless it is told not to. You can achieve this by SET GIT_TERMINAL_PROMPT=0.
Ah ok, its not an issue then, thanks.
Most helpful comment
:boom:
A lot more to do, but at least I have this showing up at the right time now!