Discovery OAuth: Validate discovery config and add tests
Refactor the DiscoveryOAuthService to improve robustness and
maintainability.
* Validation:
- Add validateRootUrl to ensure the configured root-url is valid and
uses http/https.
- Add validateDiscoveryDocument to verify that the provider's
response contains all required OIDC endpoints (issuer, auth,
token, and userinfo) and that they are absolute URLs.
- Automatically trim trailing slashes from the root-url to prevent
double-slashes in the final discovery path.
- Add null-safety checks in DiscoveryApi.
* Performance:
- Use Guava's CharStreams for more efficient stream-to-string
conversion, replacing manual BufferedReader loops.
* Testing:
- Add DiscoveryApiTest for unit testing the ScribeJava API bridge.
- Add DiscoveryOAuthServiceTest with high coverage, including
mocking the discovery process and testing various failure modes
(malformed URLs, missing JSON fields, and HTTP errors).
Feature: https://github.com/davido/gerrit-oauth-provider/issues/134
Change-Id: I961c0a0e13511c4134e24a98c36e83aa12ea5c3c
With this plugin Gerrit can use OAuth2 protocol for authentication. Supported OAuth providers:
See the Wiki what it can do for you.
Prebuilt binary artifacts are available on release page. Make sure to pick the right JAR for your Gerrit version.
To build the plugin with Bazel, install Bazel and run the following:
git clone https://gerrit.googlesource.com/plugins/oauth cd oauth && bazel build oauth
Copy the bazel-bin/oauth.jar to $gerrit_site/plugins and re-run init to configure it:
java -jar gerrit.war init -d <site>
[...]
*** OAuth Authentication Provider
***
Use Bitbucket OAuth provider for Gerrit login ? [Y/n]? n
Use Google OAuth provider for Gerrit login ? [Y/n]?
Application client id : <client-id>
Application client secret :
confirm password :
Link to OpenID accounts? [true]:
Use GitHub OAuth provider for Gerrit login ? [Y/n]? n
Make sure to read the FAQ before reporting issues.
Apache License 2.0