So this is in addendum to my question posed here. Thank you to @dessert who helped a lot with that question.
So I am trying to authenticate a Gitlab user by using their username and password, and not by creating an impersonation token. At the moment, the code that @dessert has created that uses an impersonation token to authenticate a user is as such:
$ curl -d '{"title":"test key","key":"'"$(cat ~/.ssh/id_rsa.pub)"'"}' -H 'Content-Type: application/json' https://gitlab.com/api/v4/user/keys?private_token=<my_access_token>
Mainly focusing on the `private_token=, except with the creation of an impersonation token found here
$ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --data "name=mytoken" --data "expires_at=2017-04-04" --data "scopes[]=api" https://gitlab.example.com/api/v4/users/42/impersonation_tokens
I want to be able to use the username and password of the Gitlab user to authenticate them. I've seen this done with Github, and have done it myself:
$ curl -u "USERNAME:PASSWORD" --data "{\"title\": \"TITLE\", \"key\": \"$(cat ~/.ssh/id_rsa.pub)\"}" https://api.github.com/user/keys
Where USERNAME
and PASSWORD
are authenticating by user-inputted username and password.
I don't need help with reading input of the user; that's not the issue. My issue (to sum up) is to be able to authenticate a Gitlab user through their username and password.
Again, thanks to @dessert for the help, and any other assistance is appreciated!!
A quick edit: I found this forum post for authentication with login and password, and most are saying to use a Personal Access Token. Does this mean I have to get the user to give me their PAT for authentication? Or do I provide my PAT and somehow it does something? (I was a little unclear on this)
Best Answer
So it seems as if this question is not receiving that many answers. I would like to share my answer to this: do not implement this.
I figured this out after finding out that what I actually thought this verification was would download a private repo on Gitlab. HOWEVER, it does not, as it depends on the account of the user that is linked to the repo.
My solution is to warn them that before they continue the script, they add the SSH key to their account. Not a sure-fire way to work always, but it seems to work for me at the moment.
Thanks :)