github: store the PAT on 'get' request for SAML SSO

In order to allow a user that requires SAML SSO to be manually enabled
on their newly generated PATs to access org repos, we must store the PAT
as soon as we generate it. This then allows the user the ability to
visit the web UI, enable SSO, and then repeat their Git operation using
the _same PAT_.

Workaround for issue: #133

Author: mjcheetham

src/shared/GitHub/GitHubHostProvider.cs

@@ -89,7 +89,16 @@ public override async Task<ICredential> GenerateCredentialAsync(InputArguments i
             switch (promptResult.AuthenticationMode)
             {
                 case AuthenticationModes.Basic:
-                    return await GeneratePersonalAccessTokenAsync(targetUri, promptResult.BasicCredential);
+                    ICredential patCredential = await GeneratePersonalAccessTokenAsync(targetUri, promptResult.BasicCredential);
+                    // HACK: Store the PAT immediately in case this PAT is not valid for SSO.
+                    // We don't know if this PAT is valid for SAML SSO and if it's not Git will fail
+                    // with a 403 and call neither 'store' or 'erase'. The user is expected to fiddle with
+                    // the PAT permissions manually on the web and then retry the Git operation.
+                    // We must store the PAT now so they can resume/repeat the operation with the same,
+                    // now SSO authorized, PAT.
+                    // See: https://github.com/microsoft/Git-Credential-Manager-Core/issues/133
+                    Context.CredentialStore.AddOrUpdate(GetCredentialKey(input), patCredential);
+                    return patCredential;
 
                 case AuthenticationModes.OAuth:
                     return await GenerateOAuthCredentialAsync(targetUri);