a prospect recently inquired about how our OAuth integration with GitLab works, and I realized we do not have any information on GIT_ASKPASS is used to retreive the OAuth token for users when they run git operations.

here is my response, which is a good starting point for building out the docs:

When a user steps through the "Login with GitLab" flow, Coder will receive an OAuth token that it stores in the PostgreSQL database (encryption available) on behalf of the user. This OAuth token is then injected by Coder into the user's git operations over HTTPS (and not SSH). This token stores the git config you reference above (email, name, etc.)
We use the GIT_ASKPASS environment variable to query the database & inject the token into the git push commands. This is automatically set across all of the user's workspaces by Coder when the user performs the "Login with GitLab" flow. The steps are:

1. Execute the Login with GitLab flow
2. GIT_ASKPASS is set to /tmp/coder.<random-string>/coder in all of user's workspaces
3. Run git clone / pull / push over HTTPS

To reiterate, this GIT_ASKPASS feature does not execute when git operations are performed over SSH. The SSH key Coder provides for each user is simply a secondary method to authenticate, and is outside the scope of the OAuth integration.