Hi Peff,
On Thu, 14 Jun 2018, Jeff King wrote:
> On Thu, Jun 14, 2018 at 10:13:42AM +0000, brian m. carlson wrote:
>
> > > I know that other git server environments like github support that on
> > > client side by allowing tokens to be used as usernames in a BASIC
> > > authentication flow. We could do the same but I am asking whether
> > > there is also a way to transport tokens in a standard conform
> > > "Authorization: Bearer ..." Header field.
> >
> > There isn't any support for Bearer authentication in Git. For HTTP, we
> > use libcurl, which doesn't provide this natively. While it could in
> > theory be added, it would require some reworking of the auth code.
> >
> > You are, of course, welcome to send a patch.
>
> If it's just a custom Authorization header, we should be able to support
> it with existing curl versions without _too_ much effort.
Indeed. Because it is already implemented:
git -c http.extraheader="Authorization: Bearer ..." ...
To make this a *little* safer, you can use http.<URL>.extraheader.
Ciao,
Dscho
