I use an App Password (AP) for HTTPS login to a BitBucket repository, but it can't be saved and reused from the Windows Credential Manager (WCM). Here's what happens:
git fetch.fetch is successful.git fetch again.I read through the BitBucket credential overview and attempted to follow the auth flow on the CLI:
$ git credential-manager store
protocol=https
username=handle
host=bitbucket.org
password=very_secret
This creates a WCM entry. Next I try to retrieve it:
$ git credential-manager get
protocol=https
username=handle
host=bitbucket.org
Logon failed, use ctrl+c to cancel basic credential prompt.
The blank line also spawns the modal described in steps 2-5 above.
I have also tried toggling git config set credential.modalPrompt and credential.useHttpPath, both to no avail. They do disable the modal and save the full path (instead of just the hostname) as described in the docs, but neither one makes the git credential-manager get retrieve the AP.
I can't verify directly that the password I enter is the ****** that is saved in WCM, but I have edited the WCM entry to put the AP in, and it still doesn't work.
@mminns can you help look into this?
Sorry missed the notification. Will do.
Hi I've not yet been able to reproduce this problem.
Using 2 accounts, 1 with 2FA one and 1 without, in both cases I can clone and fetch a private repo and I'm only prompted once, during the clone, for the username and app password, the fetch uses the stored credentials.
Am I missing something
I'm using v1.12.0 of the GCM
Occasionally the version of Windows comes into play. @michaelblyons what version of Windows are you using? Do you have anti-malware installed? If so, you have added exclusions to the directories where you store you source? Have you excepted git.exe and git-credential-manager.exe from scans?
It is working now if I use the modal. (The CLI-only version will still happily fetch once and require reauth next time.)
On step 4, instead of canceling, I needed to click the "Authorize" button. I _believe_ the button used to do nothing, but it's possible that I never actually clicked it. It now opens a web browser to jump through all the authorization hoops, including 2FA.
After this, subsequent fetches do not require reauth.
Glad it is working for you.