Google Account sign in broken under Gerrit
13 views
Skip to first unread message
Shawn Pearce
Mar 10, 2009, 10:57:12 AM3/10/09
to repo-discuss
We just found an issue.
Clicking "Sign-in with Google Accounts" at review.source.android.com is busted. It comes up with " The page you requested is invalid.".
This appears to be true for all Gerrit installations using OpenID authentication.
I'm looking into it. More details as soon as I know more.
Clicking "Sign-in with Google Accounts" at review.source.android.com is busted. It comes up with " The page you requested is invalid.".
This appears to be true for all Gerrit installations using OpenID authentication.
I'm looking into it. More details as soon as I know more.
Shawn Pearce
Mar 10, 2009, 11:32:37 AM3/10/09
to repo-discuss
If you know your identity URL for your Google Account for a particular Gerrit instance, you can paste it into the OpenID input box in the sign-in dialog. Unfortunately, this is the value of the "external_id" field in the account_external_ids table, and for Google Accounts, its not exactly user friendly. Its also account, hostname and port number specific.
E.g., the token looks like:
https://www.google.com/accounts/o8/id?id=AItO...mbQ
Currently the only thing I can say is, ask your Gerrit administrator to pull this value out of their database for you, and paste it into the input box. But I really, really, don't want to be doing that for r.s.a.c.
I'm guessing that Google Accounts OpenID provider did a code push this morning, and it broke the login process. I've already filed a high priority issue with them. Waiting to hear more.
Shawn Pearce
Mar 10, 2009, 11:55:30 AM3/10/09
to repo-discuss
On Tue, Mar 10, 2009 at 08:32, Shawn Pearce <s...@google.com> wrote:
On Tue, Mar 10, 2009 at 07:57, Shawn Pearce <s...@google.com> wrote:We just found an issue.
Clicking "Sign-in with Google Accounts" at review.source.android.com is busted. It comes up with " The page you requested is invalid.".
This appears to be true for all Gerrit installations using OpenID authentication.
I'm looking into it. More details as soon as I know more.
Ah. Hmph.
The Relying Party implementation Gerrit is using is apparently not following the draft 2.0 standard.
The standard says something about changing the user's identity from the identity pasted into the box to some other magic string under conditions that aren't really that clear in the specification. Google Accounts is now requiring that all Relying Parties follow this standard. Gerrit doesn't. So Gerrit can't use the login service.
review.source.android.com is effectively offline until further notice. Basically, you can't use Google Accounts to login to a Gerrit instance until Gerrit's code is somehow fixed. And I'm unclear on what I need to change.
:-(
Shawn Pearce
Mar 10, 2009, 6:31:34 PM3/10/09
to repo-discuss
On Tue, Mar 10, 2009 at 08:55, Shawn Pearce <s...@google.com> wrote:
review.source.android.com is effectively offline until further notice. Basically, you can't use Google Accounts to login to a Gerrit instance until Gerrit's code is somehow fixed.
Change https://review.source.android.com/9120 may provide the solution.
I switched OpenID libraries, from dyuproject to openid4java.
gerrit.war went from 8.7 MB to 17 MB.
I'm double checking all of the licenses on openid4java. They claim Apache License 2.0, but I haven't checked their massive list of dependencies.
Shawn Pearce
Mar 10, 2009, 7:05:09 PM3/10/09
to repo-discuss
On Tue, Mar 10, 2009 at 15:31, Shawn Pearce <s...@google.com> wrote:
I'm double checking all of the licenses on openid4java. They claim Apache License 2.0, but I haven't checked their massive list of dependencies.
When it rains, it pours.
Despite openid4java claiming Apache License on their own code, they suck in an LGPL 2.1 library (jug-1.1.jar) for which only the binary is available. The original site (http://www.doomdark.org/doomdark/proj/jug/) that supposedly should be hosting the source code is now one of those "Everything you need, when you need it" spam search engine domain sitters.
Shawn Pearce
Mar 10, 2009, 8:10:32 PM3/10/09
to repo-discuss
On Tue, Mar 10, 2009 at 16:05, Shawn Pearce <s...@google.com> wrote:
On Tue, Mar 10, 2009 at 15:31, Shawn Pearce <s...@google.com> wrote:
I'm double checking all of the licenses on openid4java. They claim Apache License 2.0, but I haven't checked their massive list of dependencies.
OK, change in provider submitted.
I finished checking all of the dependencies. The only nasty one was jug-1.1.jar, which turns out to be unnecessary for our needs, so I told Maven to drop it. Everything else was either Apache License 2.0, or ICU4J[1], whose license is a reformulation of a BSD style license.
[1] http://gerrit.googlecode.com/svn/documentation/2.0/licenses.html#icu4j
Reply all
Reply to author
Forward
0 new messages