Google Git
Sign in
gerrit / plugins / cfoauth / d60261d09b22c5cbb02301cf56bf55a408e370f4
commitd60261d09b22c5cbb02301cf56bf55a408e370f4[log] [tgz]
authorMichael Ochmann <michael.ochmann@sap.com>Tue Oct 20 17:25:54 2015 +0200
committerMichael Ochmann <mochmann92@gmail.com>Wed Nov 25 13:44:30 2015 +0000
tree386d4a7978f3a05dc51af83b3a9528c812015811
parente6ce0b4fb0a9848c312b110974225b22d76c4b94 [diff]
OAuth2 support for Git-over-HTTP communication

CFOAuthService now implements also the extension point
OAuthLoginProvider. If an UAA access token is passed to the
service the UAA /check_token endpoint is called to verify
the token. If instead of an access token a password is passed
to the service it tries to obtain a fresh access token by
sending the user credentials to the UAA ("Resource Owner
Password Credentials Grant", see RFC6749 section 4.3).

The plugin supports both ordinary users and clients,
which are some sort of technical users provided by UAA.
Both can obtain access tokens for communication with a
resource server, i.e. Gerrit, but the attributes of
these tokens are different and must therefore be
evaluated differently.

This patch depends on
https://gerrit-review.googlesource.com/#/c/71735

Change-Id: I6ba255dde92563ef6ebad9481683d89a151bea61
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
5 files changed
tree: 386d4a7978f3a05dc51af83b3a9528c812015811
  1. lib/
  2. src/
  3. .buckconfig
  4. .gitignore
  5. BUCK
  6. LICENSE
  7. LICENSE-scribe
  8. README.md
  9. VERSION
README.md

Cloud Foundry UAA OAuth 2.0 Authentication Provider

With this plugin Gerrit can use OAuth2 protocol to authenticate users accessing Gerrit's Web UI with a CloudFoundry User Account and Authentication (UAA) server. The Sign In link will redirect the user to the UAA login screen.

For Git-over-HTTP communication users still need to generate and use an HTTP password.

License

Apache License 2.0