Project

General

Profile

Actions
Copy link

Task #2715

closed

gerrit-oauth-provider plugin is using depreacted Google+ userinfo endpoint

Added by David Ostrovsky over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Guilhem Moulin
Category:
Gerrit
Target version:
-
Start date:
Due date:
2019-03-07
% Done:

0%

Tags:
URL:

Description

Google is shutting down Google+ service on March 7, see this announcement: [1]

gerrit-oauth-provider plugin is using deprecated endpoint, unfortunately.

The fix is here: [2]. Built artifact is here: [3]: oauth.jar.

Note, though, that the plugin name hosted on googlesource.com is:
"oauth" and not "gerrit-oauth-provider", so that the configuration section
in <gerrit_site>/etc/gerrit.config shoud be adjusted correspondingly:

Old:
[plugin gerrit-oauth-provider-google-oauth"]
[...]

New:
[plugin oauth-google-oauth"]
[...]

for all authentication providers (GitHub, Google, etc).

[1] https://developers.google.com/+/web/signin
[2] https://gerrit-review.googlesource.com/c/plugins/oauth/+/212441
[3] https://gerrit-ci.gerritforge.com/view/Plugins-stable-2.13/job/plugin-oauth-stable-2.13/4

Actions
Copy link
 #1

Updated by Guilhem Moulin about 6 years ago

  • Due date set to 2019-03-07
  • Status changed from New to In Progress

David Ostrovsky wrote:

Google is shutting down Google+ service on March 7, see this announcement: [1]

Thanks for the poke.

gerrit-oauth-provider plugin is using deprecated endpoint, unfortunately.

The fix is here: [2]. Built artifact is here: [3]: oauth.jar.

That version (1977f6fbaa) doesn't seem to work. We're using gerrit-oauth-provider v2.13.6 (5ed3825), which has diverged quite a bit meanwhile (even when only looking at src/main/java):

https://github.com/davido/gerrit-oauth-provider/compare/8dc8405...5ed3825

Not sure which of these changes is the culprit, perhaps 6663ea4? Anyway, with oauth 1977f6fbaa the gerrit server yields an error after redirection from the OAuth2 server:

java.lang.NullPointerException
        at com.google.gerrit.server.account.AccountManager.getAccountExternalId(AccountManager.java:138)
        at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:111)
        at com.google.gerrit.httpd.auth.openid.OAuthSessionOverOpenID.authenticateAndRedirect(OAuthSessionOverOpenID.java:192)
        at com.google.gerrit.httpd.auth.openid.OAuthSessionOverOpenID.login(OAuthSessionOverOpenID.java:105)
        at com.google.gerrit.httpd.auth.openid.OAuthWebFilterOverOpenID.doFilter(OAuthWebFilterOverOpenID.java:79)
    […]

However, after rebasing 1977f6f on top of 5ed3825 I was able to make it work (only the version on the stage instance, https://vm178.documentfoundation.org, is upgraded right now).

Actions
Copy link
 #2

Updated by Guilhem Moulin about 6 years ago

  • Status changed from In Progress to Closed

Same change applied to the production instance. Closing.

Actions
Copy link

Also available in: Atom PDF