gerrit-oauth-provider
gerrit-oauth-provider copied to clipboard
davido
OAuth2 authentication provider for Gerrit Code Review. Please upload changes for review to: https://gerrit-review.googlesource.com/#/admin/projects/plugins/oauth
Hi, we are working on switching from google-oauth to dex-auth and it looks like the [dex plugin doesn't do any token verification](https://gerrit.googlesource.com/plugins/oauth/+/refs/heads/master/src/main/java/com/googlesource/gerrit/plugins/oauth/DexOAuthService.java#89). I would be happy to add support for...
The plugin is hardcoded to use the commercial URLs: https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/main/java/com/github/scribejava/apis/microsoftazureactivedirectory/BaseMicrosoftAzureActiveDirectoryApi.java#L11 https://gerrit.googlesource.com/plugins/oauth/+/refs/heads/master/src/main/java/com/googlesource/gerrit/plugins/oauth/AzureActiveDirectoryService.java#58 https://gerrit.googlesource.com/plugins/oauth/+/refs/heads/master/src/main/java/com/googlesource/gerrit/plugins/oauth/AzureActiveDirectoryService.java#60
The username is used as the external ID on Gerrit: https://gerrit.googlesource.com/plugins/oauth/+/refs/heads/master/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakOAuthService.java#125 This is fundamentally broken: users must be able to freely change their usernames without breaking OAuth (I will not...
