It won't work ever again. What value is a plugin?
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Why don't we include OAuth 2.0 as official Gerrit authentication mechanism ?
--
Quite surprised about that ... but I imagine the pain to support different authentication protocols !
Lots of other systems however support OAuth 2.0, shall we promote it to the Gerrit core ?
On Saturday, May 24, 2014 11:07:51 AM UTC-5, lucamilanesio wrote:Why don't we include OAuth 2.0 as official Gerrit authentication mechanism ?My understanding from Shawn's link is that OAuth 2.0 isn't supported by Google either (long-term). Only Google+ logins are supported.
On Wednesday, May 28, 2014 3:17:04 AM UTC+2, Brad Larson wrote:
On Saturday, May 24, 2014 11:07:51 AM UTC-5, lucamilanesio wrote:Why don't we include OAuth 2.0 as official Gerrit authentication mechanism ?My understanding from Shawn's link is that OAuth 2.0 isn't supported by Google either (long-term). Only Google+ logins are supported.OpenID Connect (which is itself based on OAuth 2.0) is just out the door (spec published in late February), and Google+ Sign-in is built on top of OpenID Connect.I doubt they'll remove support for OpenID Connect any time soon.
[github]
url = https://github.com
clientId = yourGitHubClientId
clientSecret = yourGitHubOAuthSecretFromGitHubWebUI
--
You received this message because you are subscribed to a topic in the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/repo-discuss/Hjn-6BV3KBU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to repo-discuss...@googlegroups.com.
I've uploaded a GitHub OAuth 2.0 authentication provider for Gerrit at: https://gerrit-review.googlesource.com/#/c/57570/
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
Jokes apart ... we do need a decision on how to proceed on that change :-)
Do we like the approach? If the answer is NO we should go back on a black canvas and design something different, possibly completely different.
Thread URL? ...
so that I can follow-up on that one ;-)
Hi David, Luca,We were using Google Open ID to authenticate with Gerrit. As Google OpenID will not be available from 20th April 2015, we planned to use GitHub Plugin for OAuth2 Authentication. If we need to use GitHub authentication, do we need to create account for all the users or we can use our existing Google accounts via GitHub Authentication. Please let me know the options available and steps/links if any.
Hi David,
Thanks for the optionsI am planning to try Google OAuth Plugin.I tried to download and build the Gerrit OAuth provider, but with the files I am not sure which build method to use or how to build.Please share the details patching Gerrit
and building Google OAuth Plugin
Should I create ad-hoc build projects on ci.gerritforge.com?
David,I cherry picked 65700 changeset and try to build gerrit-oauth-provider plugin, it throws below errorTraceback (most recent call last):File "<dir>/gerrit/.buckd/tmp/buck_run.6SGER4L4Lj/buck128045575087475671.py", line 1145, in <module>main()File "<dir>/gerrit/.buckd/tmp/buck_run.6SGER4L4Lj/buck128045575087475671.py", line 565, in mainbuildFileProcessor.process(build_file.rstrip())File "<dir>/gerrit/.buckd/tmp/buck_run.6SGER4L4Lj/buck128045575087475671.py", line 464, in processbuild_env['BUILD_FILE_SYMBOL_TABLE'])File "<dir>/gerrit/./plugins/gerrit-oauth-provider/BUCK", line 26, in <module>local_license = True,TypeError: maven_jar() got an unexpected keyword argument 'local_license'BUILD FAILED: Parse error for BUCK file ./plugins/gerrit-oauth-provider/BUCK: End of input at line 1 column 1
Hi Luca,I am able to build the plugin, but it is not working with Gerrit-2.10. I created a package and plugin using patch code [1].I initialized Gerrit using new package, copied the plugin to plugin folder and started the gerrit with below configauth.type =OAUTH[plugin "gerrit-oauth-provider-google-oauth"]client-id = IDclient-secret = IDcallback = http://HOST/oauthWhen I try to sign in with existing user, it shows "forbidden".
David said , we need to link OAuth Google identity manually with the existing accounts. Do we have details of changes needed.
Hi David,I have built gerrit package and plugin with details shared.But when I tried to login into gerrit using OAUTH, it says server error.
[2015-03-16 17:06:31,340 +0530] c4934ccb gerrit - AUTH FAILURE FROM 127.0.0.1 user-not-found
[2015-03-16 17:11:22,813 +0530] e49d30da gerrit - AUTH FAILURE FROM 127.0.0.1 user-not-found
[2015-03-16 17:11:45,447 +0530] 44a75c2e gerrit - AUTH FAILURE FROM 127.0.0.1 user-not-found
Hi David,
Please find the logs[2015-03-16 17:06:31,340 +0530] c4934ccb gerrit - AUTH FAILURE FROM 127.0.0.1 user-not-found
[2015-03-16 23:37:36,819] WARN org.eclipse.jetty.servlet.ServletHandler : /oauth
java.io.IOException: Status 403 ({
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration."
}
}
) for request https://www.googleapis.com/plus/v1/people/me/openIdConnect
at com.googlesource.gerrit.plugins.oauth.GoogleOAuthService.getUserInfo(GoogleOAuthService.java:96)
at com.google.gerrit.httpd.auth.oauth.OAuthSession.login(OAuthSession.java:95)
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:119)
at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:70)
at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:113)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:64)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:57)
at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:75)
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119)
at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)
at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)
at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)
at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1636)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:92)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
at org.eclipse.jetty.server.Server.handle(Server.java:461)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:284)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:244)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
at java.lang.Thread.run(Thread.java:745)
[2015-03-16 23:37:36,827] ERROR com.google.gerrit.pgm.http.jetty.HiddenErrorHandler : Error in GET /oauth?state=lD_8nqdKQ-5W7WNrkpFaozBpUCq0Gde23GAjUgoxBgE&code=4/FsXaPao4GF39M-SZSGqoynjN4pmFDXJKrmOgAQ_-yLQ.Mj02Mz7IZskcEnp6UAPFm0Hq0YlHmAI&authuser=0&num_sessions=1&hd=logitech.com&session_state=b5cdfb82cd8827e2d1d69a3117e8ba309393fb29..b7ac&prompt=none
java.io.IOException: Status 403 ({
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration."
}
}
) for request https://www.googleapis.com/plus/v1/people/me/openIdConnect
at com.googlesource.gerrit.plugins.oauth.GoogleOAuthService.getUserInfo(GoogleOAuthService.java:96)
at com.google.gerrit.httpd.auth.oauth.OAuthSession.login(OAuthSession.java:95)
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:119)
at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:70)
at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:113)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:64)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:57)
at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:75)
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119)
at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)
at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)
at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)
at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1636)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:92)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
at org.eclipse.jetty.server.Server.handle(Server.java:461)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:284)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:244)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
at java.lang.Thread.run(Thread.java:745)
Hi David,
Please find error log attached.[2015-03-16 23:37:36,819] WARN org.eclipse.jetty.servlet.ServletHandler : /oauth
java.io.IOException: Status 403 ({
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.",
Hi David,
Thanks for the fix.I have updated the plugin and I am able to Login .I find few other issues,1. After login, I am able to see only anonymous and registered user as my groups. I am not getting any other group and I see admin access is not there for my account..2. I verified the database and find that Google OAUTH entry for my email id has different account id.
Hi David,
I have generated Google Client ID for canonicalWebUrl and I have same issue.
I have updated the account id for OAUTH entry to be same as my account id.
Am Mittwoch, 18. März 2015 06:26:06 UTC+1 schrieb Rangaraj R:I have updated the account id for OAUTH entry to be same as my account id.Sure, but you have beter plans for the next time, then performmanual linking of OAuth2 to OpenID accounts for 10k+ users, havn't you?I uploaded change in Gerrit core: [1] and plugin: [2] with verbose log messages.Re-build and re-deploy Gerrit and plugin and perform these steps:* remove OAuth2 account from account_external_ids table* switch to OPENID auth scheme* start gerrit and login with your Google's account* observe the following log message in error_log:OpenID: openid-realm=http://localhost:8080/* stop gerrit, switch to OAUTH auth scheme, start gerrit, login with Google's account* observe the following log messages in error_log:GoogleOAuthService : OAuth2: canonicalWebUrl=http://localhost:8080/GoogleOAuthService : OAuth2: scope=openid email profileGoogleOAuthService : OAuth2: linkToExistingOpenIDAccounts=trueGoogleOAuthService : OAuth2: authorization URL=[...]scope=openid%20email%20profile&openid.realm=http%3A%2F%2Flocalhost%3A8080%2FGoogleOAuthService : OAuth2: openid_id=https://www.google.com/accounts/o8/id?id=<*********>
Hi David,Gerrit is not starting with (auth type as OPENID) latest patch set. Please find error message attached.