github-oauth-plugin [JENKINS-51657] Allow restricting authentication to organizations

Includes a new config option to list which organizations a user should be a part of before they can authenticate. When left blank, all organizations can authenticate, keeping the previous behavior.

Mar 23 '19 18:03 michaelbeaumont

👍 This looks like it will provide the functionality i'm looking for, any chance of a review and a merge / release for this upgrade for the Project Maintainers? or ETA at least?

Mar 27 '19 11:03 lashford

Thanks @michaelbeaumont for working on this -- it would be very helpful for me.

I built this plugin and installed it in my Jenkins instance. It worked properly when I initially configured it, but when I then restarted Jenkins while a single authorized organization was set, I was shown the "Your GitHub account is not authorized to log into Jenkins." message. The only way I was able ot get back in was to manually disable security by editing /var/lib/jenkins/config.xml and restarting. There's very little logging in this plugin, so I wasn't able to figure out what is going on.

Apr 04 '19 15:04 schmave

Hmm, we've been using it in production for the last 2 weeks without restart issues. Do you have the right scopes requested? Namely "read:user" or "user"?

https://github.com/jenkinsci/github-oauth-plugin/blob/cd8b38ae6e1fcf3f07e7ef57126c71b7690675d4/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java#L221

Apr 05 '19 07:04 michaelbeaumont

This is my setting for scopes: read:org,user:email,read:user.

Apr 05 '19 14:04 schmave

BUMP

Jan 17 '20 04:01 delitescere

Wow, this has been sitting for a while. Are there any maintainers left to review this PR?

Jan 26 '21 13:01 scarolan

Has this been implemented by now perhaps 🤔 ? Either way, closing this.

Apr 25 '23 20:04 michaelbeaumont