Skip to content

auth: add per-owner account mapping to fix multi-account token selection#13130

Closed
galamdring wants to merge 1 commit into
cli:trunkfrom
galamdring:per-owner-account-selection
Closed

auth: add per-owner account mapping to fix multi-account token selection#13130
galamdring wants to merge 1 commit into
cli:trunkfrom
galamdring:per-owner-account-selection

Conversation

@galamdring

Copy link
Copy Markdown

Summary

Fixes #12885.

The root cause identified in #12885 is that token retrieval doesn't use the account name as a filter — TokenFromKeyring looks up by service only (gh:github.com), so macOS Keychain returns an arbitrary entry when multiple accounts share the same host. TokenFromKeyringForUser already does the right thing, but isn't always called with the right user.

Rather than fixing the lookup in isolation, this PR approaches the problem from the usage side: automatically select the correct authenticated user based on who owns the current repo, so the right token is retrieved without any manual switching.

What this adds

gh auth set-user --owner <owner> <username> — stores an owner→user mapping in hosts.yml:

$ gh auth set-user --owner repo_one user_one
$ gh auth set-user --owner repo_two user_two

Automatic token selection — when running any gh command inside a repo, the owner is resolved from the git remote and used to look up the mapped user before falling back to the globally active user. This happens in httpClientFunc in the factory, covering every API call with no per-command changes.

Design notes

  • No signature changes to tokenGetter or AddAuthTokenHeader
  • Falls back gracefully to the globally active user when no mapping exists
  • The owners key is new and ignored by older gh versions (unrecognized keys are not an error in the config library)
  • Blast radius: internal/config/config.go, internal/gh/gh.go,pkg/cmd/factory/default.go, new pkg/cmd/auth/setuser/ package, one line in pkg/cmd/auth/auth.go

Testing

New table-driven tests cover UserForOwner/SetOwnerUser round-trip, ActiveToken owner mapping (keyring and insecure storage), fallback when no mapping exists, and gh auth set-user flag parsing and run logic.

All existing tests pass.

When multiple GitHub accounts are configured for the same host, gh always
uses the globally active account's token regardless of which org or user
owns the current repo. This causes commands to silently authenticate as
the wrong user.

This change adds an owner-to-user mapping stored in hosts.yml, and
automatically selects the correct token based on the repo owner resolved
from git remotes at HTTP client construction time. A new command
'gh auth set-user --owner <owner> <username>' manages the mappings.

Fixes cli#12885
@galamdring galamdring requested a review from a team as a code owner April 9, 2026 19:38
@galamdring galamdring requested a review from BagToad April 9, 2026 19:38
@github-actions

github-actions Bot commented Apr 9, 2026

Copy link
Copy Markdown

Thanks for your pull request! Unfortunately, it doesn't meet the minimum requirements for review:

  • None of the referenced issues have the help wanted label

Please update your PR to address the above. Requirements:

  1. Include a detailed description of what this PR does
  2. Link to an issue with the help wanted label (use Fixes #123 or Closes #123 if it resolves the issue)

This PR will be automatically closed in 7 days if these requirements are not met.

@github-actions github-actions Bot added external pull request originating outside of the CLI core team needs-triage needs to be reviewed labels Apr 9, 2026
@BagToad BagToad closed this Apr 9, 2026
@galamdring

Copy link
Copy Markdown
Author

@BagToad This is a real pain point with this tool, there have been many issues opened about it, and it would be greatly appreciated if you would reconsider closing this PR.

Everything is in place to handle multiple accounts properly, and the only thing that needed to be added was a way to connect the appropriate user to orgs, and it avoids the global switch every time the user switches contexts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

external pull request originating outside of the CLI core team needs-triage needs to be reviewed unmet-requirements

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Keychain lookup ignores account field, breaks multi-account setups

2 participants