|author||Michael Ochmann <email@example.com>||Tue Oct 20 17:25:54 2015 +0200|
|committer||Michael Ochmann <firstname.lastname@example.org>||Wed Nov 25 13:44:30 2015 +0000|
OAuth2 support for Git-over-HTTP communication CFOAuthService now implements also the extension point OAuthLoginProvider. If an UAA access token is passed to the service the UAA /check_token endpoint is called to verify the token. If instead of an access token a password is passed to the service it tries to obtain a fresh access token by sending the user credentials to the UAA ("Resource Owner Password Credentials Grant", see RFC6749 section 4.3). The plugin supports both ordinary users and clients, which are some sort of technical users provided by UAA. Both can obtain access tokens for communication with a resource server, i.e. Gerrit, but the attributes of these tokens are different and must therefore be evaluated differently. This patch depends on https://gerrit-review.googlesource.com/#/c/71735 Change-Id: I6ba255dde92563ef6ebad9481683d89a151bea61 Signed-off-by: Michael Ochmann <email@example.com>
With this plugin Gerrit can use OAuth2 protocol to authenticate users accessing Gerrit's Web UI with a CloudFoundry User Account and Authentication (UAA) server. The
Sign In link will redirect the user to the UAA login screen.
For Git-over-HTTP communication users still need to generate and use an HTTP password.
Apache License 2.0