Task #1625: Gerrit: Install and configure gerrit-oauth-plugin to enable GitHub- and Google-OAuth2 providers - Infrastructure - The Document Foundation Redmine

Custom queries

EasyHacks

Task #1625

closed

Gerrit: Install and configure gerrit-oauth-plugin to enable GitHub- and Google-OAuth2 providers

Added by David Ostrovsky about 9 years ago. Updated almost 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Christian Lohmaier

Category:

Target version:

Team - Q4/2015

Start date:

Due date:

% Done:

Tags:

URL:

Description

Gerrit-oauth-provider plugin: [1] allows users to use their GitHub, Google and Bitbucket identity.
Support for this plugin was added already in Gerrit 2.10.4. It's trivial to set up and running: [2]
and is used in production by dozens big Gerrit sites, e.g.: [3].

OpenID authentication is not affected, as this plugin suports Hybrid-OpenID+OAuth2 mode.
This is needed, because popular OpenID providers in FLOSS communities, like
Launchpad and Fedoraproject don't offer OAuth2 authentication scheme (yet).

[1] https://github.com/davido/gerrit-oauth-provider
[2] https://github.com/davido/gerrit-oauth-provider/wiki/Getting-Started
[3] http://review.cyanogenmod.org/login/%23%2Fq%2Fstatus%3Aopen

Related issues

Blocks Infrastructure - Task #1587: Bump Gerrit version to 2.11.7

Closed

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by David Ostrovsky about 9 years ago

Guys,

do we have TDF accounts on google.com and github.com?

When logged in with those accounts, we need to create new
applications there and request OAuth2 credential. We would
need it to enable OAuth2 plugin on our Gerrit instance. We
would want to ceate two applications. Every application
contains callback URL that must be used. The callback URLs
would be:

Application: "TDF Gerrit Code Review", callback = https://gerrit.libreoffice.org/oauth
Application: "TDF Gerrit Code Review Staging", callback = https://gerrit-test.libreoffice.org/oauth

I can help with creating and configuring the applications on Google and GitHub.
I've also setup the plugin with both Google and GitHub OAuth provider on my
Gerrit instance for you to play:

https://review.idaia.de

I've also verified that the old Google OpenID accounts are linked correctly to new
OAuth2 providers (Google OpenID auth scheme was dropped early this year):

mysql> select account_id, registered_on, full_name, preferred_email from accounts;
~~----------~~---------------------+-------------------+---------------------------+

account_id

registered_on

full_name

preferred_email

~~----------~~---------------------+-------------------+---------------------------+

2015-11-21 11:11:57

Joe Dow

john.doe@gmail.com

After connecting with OAuth2 with the same account, the OAuth2 identity is linked to the existing account that was created using Google OpenID:

mysql> select * from account_external_ids;
~~----------~~---------------------------------+----------+----------------------------------------------------------------------------------+ | account_id | email_address | password | external_id |
~~----------~~---------------------------------+----------+----------------------------------------------------------------------------------+ | 4 | john.doe@gmail.com | NULL | 1031623528736452451234 |
~~----------~~---------------------------------+----------+----------------------------------------------------------------------------------+

Changes in gerrit configuration site (gerrit.config):

[auth]
type = OPENID
trustedOpenID=^.*$

[plugin "gerrit-oauth-provider-google-oauth"]
client-id = <client-id>
client-secret = <client-secret>
link-to-existing-openid-accounts = true

[plugin "gerrit-oauth-provider-github-oauth"]
client-id = <client-id>
client-secret = <client-secret>

Plugin binary (can be fetched from master branch):

https://gerrit-ci.gerritforge.com/view/Plugins-master/job/plugin-gerrit-oauth-provider-gh-master/lastSuccessfulBuild/artifact/buck-out/gen/plugins/gerrit-oauth-provider/gerrit-oauth-provider.jar

Actions

Copy link

Updated by David Ostrovsky about 9 years ago

Subject changed from Gerrit: Install and configure gerrit-oauth-plugin to enable GitHub-, Google- and Bitbucket-OAuth2 providers to Gerrit: Install and configure gerrit-oauth-plugin to enable GitHub- and Google-OAuth2 providers

Actions

Copy link

Updated by Florian Effenberger about 9 years ago

Cloph has credentials and knows how to set it up I assume - can you poke
him?

Actions

Copy link

Updated by Thorsten Behrens almost 9 years ago

Assignee set to Christian Lohmaier

Cloph - any chance to quickly do that?

Actions

Copy link

Updated by Florian Effenberger almost 9 years ago

My fault, I thought Cloph had access to the respective Google account already, which he hadn't
Just given him the credentials so he can have a look - sorry for the delay here!

Actions

Copy link