gerrit-oauth-provider icon indicating copy to clipboard operation
gerrit-oauth-provider copied to clipboard

Published 20 hours ago verified publisher icon davido

OAuth for REST API and external tools ?

Open mildis opened this issue 9 years ago • 2 comments

Hi,

Can OAuth be used for external tools authentication ? Currently, we have a tool that connects to gerrit REST API using basic authentication. Is the OAuth authentication able to allow access to the REST API to non-web tools and should the tool authenticate itself over GitHub or Google before it makes calls to Gerrit (something like exchanging a token provided by [GitHub|Google] between the tool and Gerrit).

(Note : this can be tagged « question »)

Thanks.

mildis avatar Oct 13 '15 18:10 mildis

Any answer on this? From my own tests it doesn't seem to be possible, as Gerrit's REST API supports only basic auth (this can however be bypassed in the browser if the GerritAccount cookie is set). It would be great if it was possible to pass an access token through an Authorization header to the REST API. Keycloak, for example, can be configured to fetch access tokens easily: https://github.com/wpic/sample-keycloak-getting-token. Is it something that could be covered by this plugin?

mhuin avatar Jun 04 '19 14:06 mhuin

//CC @lucamilanesio.

davido avatar Jun 04 '19 14:06 davido