How to access GIT remote repositories with 2-factor authentication

Public Git repository providers, e.g. GitHub and BitBucket, offer 2-factor authentication to improve protection of user accounts. However, enabling 2FA complicates cloning, pulling and pushing to repositories of the account, if they are accessed over HTTPs.

For public repositories, authentication is required to push to them, while cloning and pulling should work without authentication.

For private repositories, cloning, pulling and pushing require authentication.

 

How to access repositories from IDE after enabling 2FA

If you use SSH to access your repositories, nothing changes after enabling 2FA.

If you use HTTPs access, after 2-factor authentication is enabled you will need to configure an Access token (BitBucket calls it app password) and use it to authenticate. When prompted for credentials, either enter token as username and leave the password field empty or use the token instead of your password.

For GitHub, you can pre-configure the token to be used.

NB: You can't use "Token - empty password" pair if you specify a username in a remote's URL (e.g. https://username@github.com/username/repo.git ). If you use such URL, you need to use "Login - Token" pair, i.e. your username as login and token instead of your password.

 

Explanation

JetBrains IDE's git integration relies on command line git client. The command line is used to clone, pull and push. Command line git does not support 2-factor authentication, thus it is required to use access token instead. For more details refer to GitHub 2FA help

When you specify token as your user name, the OAuth mechanism is used to authenticate, and the token is used as a username in the URL. Thus the repository URL should not include username prefix. If you include a username into the URL, OAuth will not work because the token will be overwritten. With such URLs, the token should be used as the user password.

 

64 out of 256 found this helpful

Article is closed for comments.

Have more questions?

Submit a request