Authentication and shared git repository
-
donmartin76
- Posts: 3
- Joined: Wed May 28, 2025 10:04 pm
Authentication and shared git repository
Hello dear oXygen users and administrators,
I am currently evaluating oXygen Web Author, and I am wildly struggling in understanding the model of authentication. To set the scenario: We want to edit a shared git repository using Web Author; each user should get their own user name/email in the commit messages.
What I have gathered so far is that in principle Web Author clones one single repository server side which is used by all users using the same Web Author server, but uses the individual user's name and email address to attribute the correct user to the commits. Is this correct?
My real struggle is to understand how authentication works: Ideally, I would want to log in to Web Author using an external identity provider, such as Microsoft Entra (or any other OIDC Identity Provider). Then I would expect to be able to map user claims to a user's name and email address for use in the commit messages.
But this does not seem to work like that. Instead, every user which opens the Web Author gets immediate access to the application, but needs to log in/authenticate using their git credentials (we are working with an Azure DevOps git repository, not GitHub/Enterprise nor GitLab). I would in principle be fine with that as well - but in this case, would each individual user get their own server-side git repository clone, or how does this work?
I can't really find any documentation which really makes sense to me - I figure I have some fundamental issue in understanding how this is working, and I would be super happy to be enlightened.
Best regards from Germany,
Martin
I am currently evaluating oXygen Web Author, and I am wildly struggling in understanding the model of authentication. To set the scenario: We want to edit a shared git repository using Web Author; each user should get their own user name/email in the commit messages.
What I have gathered so far is that in principle Web Author clones one single repository server side which is used by all users using the same Web Author server, but uses the individual user's name and email address to attribute the correct user to the commits. Is this correct?
My real struggle is to understand how authentication works: Ideally, I would want to log in to Web Author using an external identity provider, such as Microsoft Entra (or any other OIDC Identity Provider). Then I would expect to be able to map user claims to a user's name and email address for use in the commit messages.
But this does not seem to work like that. Instead, every user which opens the Web Author gets immediate access to the application, but needs to log in/authenticate using their git credentials (we are working with an Azure DevOps git repository, not GitHub/Enterprise nor GitLab). I would in principle be fine with that as well - but in this case, would each individual user get their own server-side git repository clone, or how does this work?
I can't really find any documentation which really makes sense to me - I figure I have some fundamental issue in understanding how this is working, and I would be super happy to be enlightened.
Best regards from Germany,
Martin
-
donmartin76
- Posts: 3
- Joined: Wed May 28, 2025 10:04 pm
Re: Authentication and shared git repository
What I found out so far, after tinkering around some more: Indeed it seems that, if you are asking for the same repository as different users, you all share the same cloned instance of that git repository inside the Web Author server's data storage. If you use different branches, Web Author seems to queue the requests and do a "git checkout" (branch switch) internally every time somebody needs a different branch from the one which was used the last time.But this does not seem to work like that. Instead, every user which opens the Web Author gets immediate access to the application, but needs to log in/authenticate using their git credentials (we are working with an Azure DevOps git repository, not GitHub/Enterprise nor GitLab). I would in principle be fine with that as well - but in this case, would each individual user get their own server-side git repository clone, or how does this work?
In consequence, for us, as our repository is several gigabytes large, this means that everybody needs to work on the same branch essentially; otherwise things get far too slow (10-20 seconds each request which needs to do the branch switch).
Did I understand this correctly? And this means it's actually the git credentials and the repository URL which decides on whether you have access to the data or not. I think we can work with that - but it's kind of not intuitive at first. Are there other ways of doing this, or is this the "canonical" way of handling things?
Happy for some feedback - still feeling kind of lost here
-
cosminef
- Site Admin
- Posts: 241
- Joined: Wed Aug 30, 2023 2:33 pm
Re: Authentication and shared git repository
Hello,
Thank you for reaching out.
In your case, if you are working with Azure DevOps git repository, it would be helpful to use the generic Git connector [1] [2] that is available by default in Web Author. Authentication to a Git repository through this connector can be done using a username and password.
Do you consider that the documentation we mentioned addresses your questions?
Best,
Cosmin
[1] https://www.oxygenxml.com/doc/versions/ ... fn_tjn_5jb
[2] https://www.oxygenxml.com/doc/versions/ ... ithub.html
Thank you for reaching out.
In your case, if you are working with Azure DevOps git repository, it would be helpful to use the generic Git connector [1] [2] that is available by default in Web Author. Authentication to a Git repository through this connector can be done using a username and password.
Do you consider that the documentation we mentioned addresses your questions?
Best,
Cosmin
[1] https://www.oxygenxml.com/doc/versions/ ... fn_tjn_5jb
[2] https://www.oxygenxml.com/doc/versions/ ... ithub.html
Cosmin Eftenie
www.oxygenxml.com
www.oxygenxml.com
-
donmartin76
- Posts: 3
- Joined: Wed May 28, 2025 10:04 pm
Re: Authentication and shared git repository
Hello Cosmin,
Thank you for your answer.
The documentation kind of addresses the issues at hand - I think it was more an issue on my side understanding the underlying mechanisms, and that the actual authentication is solely based on the access to the git repository; this threw me off a little. But in the end, I think this works, and we just need to consider our branching strategy so that everybody would work on one single branch typically, otherwise it could be too slow.
For me, as somebody who would need to operate the Web Author solution and not being very familiar with the entire oXygen suite, a page with a little more guidance on how things typically look with respect to data storage and authentication could help - the architecture is very different from what I am used to for other types of applications. Completely offloading the authentication to the git access was a first for me.
Best regards,
Martin
Thank you for your answer.
The documentation kind of addresses the issues at hand - I think it was more an issue on my side understanding the underlying mechanisms, and that the actual authentication is solely based on the access to the git repository; this threw me off a little. But in the end, I think this works, and we just need to consider our branching strategy so that everybody would work on one single branch typically, otherwise it could be too slow.
For me, as somebody who would need to operate the Web Author solution and not being very familiar with the entire oXygen suite, a page with a little more guidance on how things typically look with respect to data storage and authentication could help - the architecture is very different from what I am used to for other types of applications. Completely offloading the authentication to the git access was a first for me.
Best regards,
Martin