Task #2715
closedgerrit-oauth-provider plugin is using depreacted Google+ userinfo endpoint
0%
Description
Google is shutting down Google+ service on March 7, see this announcement: [1]
gerrit-oauth-provider plugin is using deprecated endpoint, unfortunately.
The fix is here: [2]. Built artifact is here: [3]: oauth.jar.
Note, though, that the plugin name hosted on googlesource.com is:
"oauth" and not "gerrit-oauth-provider", so that the configuration section
in <gerrit_site>/etc/gerrit.config shoud be adjusted correspondingly:
Old:
[plugin gerrit-oauth-provider-google-oauth"]
[...]
New:
[plugin oauth-google-oauth"]
[...]
for all authentication providers (GitHub, Google, etc).
[1] https://developers.google.com/+/web/signin
[2] https://gerrit-review.googlesource.com/c/plugins/oauth/+/212441
[3] https://gerrit-ci.gerritforge.com/view/Plugins-stable-2.13/job/plugin-oauth-stable-2.13/4
Updated by Guilhem Moulin about 5 years ago
- Due date set to 2019-03-07
- Status changed from New to In Progress
David Ostrovsky wrote:
Google is shutting down Google+ service on March 7, see this announcement: [1]
Thanks for the poke.
gerrit-oauth-provider plugin is using deprecated endpoint, unfortunately.
The fix is here: [2]. Built artifact is here: [3]: oauth.jar.
That version (1977f6fbaa) doesn't seem to work. We're using gerrit-oauth-provider v2.13.6 (5ed3825), which has diverged quite a bit meanwhile (even when only looking at src/main/java):
https://github.com/davido/gerrit-oauth-provider/compare/8dc8405...5ed3825Not sure which of these changes is the culprit, perhaps 6663ea4? Anyway, with oauth 1977f6fbaa the gerrit server yields an error after redirection from the OAuth2 server:
java.lang.NullPointerException
at com.google.gerrit.server.account.AccountManager.getAccountExternalId(AccountManager.java:138)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:111)
at com.google.gerrit.httpd.auth.openid.OAuthSessionOverOpenID.authenticateAndRedirect(OAuthSessionOverOpenID.java:192)
at com.google.gerrit.httpd.auth.openid.OAuthSessionOverOpenID.login(OAuthSessionOverOpenID.java:105)
at com.google.gerrit.httpd.auth.openid.OAuthWebFilterOverOpenID.doFilter(OAuthWebFilterOverOpenID.java:79)
[…]However, after rebasing 1977f6f on top of 5ed3825 I was able to make it work (only the version on the stage instance, https://vm178.documentfoundation.org, is upgraded right now).
Updated by Guilhem Moulin about 5 years ago
- Status changed from In Progress to Closed
Same change applied to the production instance. Closing.