Git-credential-manager-for-windows: BitBucket can store but not read App Password credentials

Created on 29 Sep 2017  路  6Comments  路  Source: microsoft/Git-Credential-Manager-for-Windows

I use an App Password (AP) for HTTPS login to a BitBucket repository, but it can't be saved and reused from the Windows Credential Manager (WCM). Here's what happens:

  1. I type git fetch.
  2. I get the modal password entry.
  3. I type my handle and AP.
  4. The modal tells me I need 2FA. This is a little silly because APs are not supposed to need 2FA, but even so, there is not any box to put 2FA into anyway.
  5. I cancel the modal and fall back to the basic credential prompt.
  6. I enter my handle and AP.
  7. fetch is successful.
  8. I open WCM and verify that an entry has been created.
  9. I type git fetch again.
  10. The credentials from WCM are not used (or rejected for some reason), and the process restarts from step 2.

I read through the BitBucket credential overview and attempted to follow the auth flow on the CLI:

$ git credential-manager store
protocol=https
username=handle
host=bitbucket.org
password=very_secret

This creates a WCM entry. Next I try to retrieve it:

$ git credential-manager get
protocol=https
username=handle
host=bitbucket.org

Logon failed, use ctrl+c to cancel basic credential prompt.

The blank line also spawns the modal described in steps 2-5 above.

I have also tried toggling git config set credential.modalPrompt and credential.useHttpPath, both to no avail. They do disable the modal and save the full path (instead of just the hostname) as described in the docs, but neither one makes the git credential-manager get retrieve the AP.

I can't verify directly that the password I enter is the ****** that is saved in WCM, but I have edited the WCM entry to put the AP in, and it still doesn't work.

All 6 comments

@mminns can you help look into this?

Sorry missed the notification. Will do.

Hi I've not yet been able to reproduce this problem.

Using 2 accounts, 1 with 2FA one and 1 without, in both cases I can clone and fetch a private repo and I'm only prompted once, during the clone, for the username and app password, the fetch uses the stored credentials.

Am I missing something

I'm using v1.12.0 of the GCM

Occasionally the version of Windows comes into play. @michaelblyons what version of Windows are you using? Do you have anti-malware installed? If so, you have added exclusions to the directories where you store you source? Have you excepted git.exe and git-credential-manager.exe from scans?

It is working now if I use the modal. (The CLI-only version will still happily fetch once and require reauth next time.)

On step 4, instead of canceling, I needed to click the "Authorize" button. I _believe_ the button used to do nothing, but it's possible that I never actually clicked it. It now opens a web browser to jump through all the authorization hoops, including 2FA.

After this, subsequent fetches do not require reauth.

Glad it is working for you.

Was this page helpful?
0 / 5 - 0 ratings