OAuth2 support for Git-over-HTTP communication

CFOAuthService now implements also the extension point
OAuthLoginProvider. If an UAA access token is passed to the
service the UAA /check_token endpoint is called to verify
the token. If instead of an access token a password is passed
to the service it tries to obtain a fresh access token by
sending the user credentials to the UAA ("Resource Owner
Password Credentials Grant", see RFC6749 section 4.3).

The plugin supports both ordinary users and clients,
which are some sort of technical users provided by UAA.
Both can obtain access tokens for communication with a
resource server, i.e. Gerrit, but the attributes of
these tokens are different and must therefore be
evaluated differently.

This patch depends on

Change-Id: I6ba255dde92563ef6ebad9481683d89a151bea61
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
5 files changed
tree: 386d4a7978f3a05dc51af83b3a9528c812015811
  1. .buckconfig
  2. .gitignore
  3. BUCK
  5. LICENSE-scribe
  6. README.md
  8. lib/
  9. src/

Cloud Foundry UAA OAuth 2.0 Authentication Provider

With this plugin Gerrit can use OAuth2 protocol to authenticate users accessing Gerrit's Web UI with a CloudFoundry User Account and Authentication (UAA) server. The Sign In link will redirect the user to the UAA login screen.

For Git-over-HTTP communication users still need to generate and use an HTTP password.


Apache License 2.0