Decode Keycloak JWTs as UTF-8

Prior to this, JWTs from Keycloak was decoded using the platform default
encoding. At least in the Docker container, this is set to a non UTF-8
encoding, which messes with names and potentially more.

RFC 7519 specifies in 7.1 section that the message is "the UTF-8
representation of the JWT Claims Set", so it seems rather silly to not
treat it as such.

Change-Id: I2dceaa48360024eef42b5467e2cec7e57c094267
1 file changed
tree: 30780a80d7d0c6580afa580857e97a847ebecbd0
  1. .settings/
  2. src/
  3. tools/
  4. .bazelignore
  5. .bazelrc
  6. .bazelversion
  7. .gitignore
  8. .travis.yml
  9. bazlets.bzl
  10. BUILD
  11. external_plugin_deps.bzl
  13. LICENSE-scribe

Gerrit OAuth2 authentication provider

Build Status

With this plugin Gerrit can use OAuth2 protocol for authentication. Supported OAuth providers:

See the Wiki what it can do for you.

Prebuilt artifacts

Prebuilt binary artifacts are available on release page. Make sure to pick the right JAR for your Gerrit version.


To build the plugin with Bazel, install Bazel and run the following:

  git clone
  cd oauth && bazel build oauth


Copy the bazel-bin/oauth.jar to $gerrit_site/plugins and re-run init to configure it:

  java -jar gerrit.war init -d <site>
  *** OAuth Authentication Provider
  Use Bitbucket OAuth provider for Gerrit login ? [Y/n]? n
  Use Google OAuth provider for Gerrit login ? [Y/n]?
  Application client id          : <client-id>
  Application client secret      : 
                confirm password : 
  Link to OpenID accounts? [true]: 
  Use GitHub OAuth provider for Gerrit login ? [Y/n]? n

Reporting bugs

Make sure to read the FAQ before reporting issues.


Apache License 2.0