sonar-gerrit-plugin icon indicating copy to clipboard operation
sonar-gerrit-plugin copied to clipboard

Published 20 hours ago verified publisher icon tech-advantage

auth scheme

Open gkesavan opened this issue 10 years ago • 4 comments

Thanks for the wonderful plugin.

At the moment it looks like the plugin only supports authentication over http, we have deployed gerrit which authenticates against github's oauth.

Could you please add support for github Oauth as well?

gkesavan avatar Oct 08 '15 03:10 gkesavan

Hi @gkesavan, I’m currently not enough knowledgable about OAuth to guarantee you a quick-and-working implementation in the plugin. However, I’ll take a look and try to add OAuth as soon as I can.

mildis avatar Oct 08 '15 16:10 mildis

Hi again,

Which OAuth plugin are you using ? https://gerrit.googlesource.com/plugins%2Fgithub or https://github.com/davido/gerrit-oauth-provider

Could you also details what use-case do you want to achieve ?

Thanks.

mildis avatar Oct 14 '15 18:10 mildis

github-plugin-2.11

This plugins allows to integrate Gerrit with external set of users configured on GitHub. It relies on the installation of the github-oauth Java library under the $GERRIT_SITE/lib in order filter all the HTTP requests through the GitHub OAuth 2.0 secure authentication.

More info: GitHub application registration

GitHub uses OAuth2 as protocol to allow external apps request authorization to private details in a user’s GitHub account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.

Site owners have to register their application before getting started. For more information see GitHub application registration page. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should never be shared.

The Gerrit OAuth callback <gerrit canonical URL>/oauth needs to be specified in the GitHub application registration to establish mutual trust between the two domains and exchange the authorization codes. The use of HTTPS for Gerrit is strongly recommended for keeping the secrets exchange confidential.

auth.httpHeader is set to GITHUB_USER with this authentication method and auth.type must be set to HTTP.

gkesavan avatar Oct 14 '15 20:10 gkesavan

As far as I can see from the github-plugin sources, it relies on the HTTP password generated from the « HTTP Password » user’s settings page to access REST API. I’ll continue to check if there are any possibilities for Gerrit to allow 3rd party tools to authenticate with GitHub for its internal use.

mildis avatar Oct 17 '15 20:10 mildis