search

davido / gerrit-oauth-provider

OAuth2 authentication provider for Gerrit Code Review. Please upload changes for review to: https://gerrit-review.googlesource.com/#/admin/projects/plugins/oauth
Apache License 2.0
140 stars 84 forks source link

Clarification needed on Google OAuth Client ID alert for Gerrit authentication #151

Closed gs-tedla closed 3 years ago

gs-tedla commented 3 years ago

We are using Gerrit 3.2.0 and "OAuth 2.0 Client IDs" for gmail based authentication in our environment. For the record our gerrit-oauth-provider plugin version is 22f2be2ea8. However we have received an alert from Google with the below content

We are writing to let you know that Google will discontinue support for sign-ins to Google accounts from embedded browser frameworks, starting January 4, 2021. We have detected the use of an embedded browser framework with one or more of your OAuth clients that may be blocked on or after January 4, 2021. Please review your use of Google Account authorization flows in the following Google OAuth client IDs and make any required changes before January 4, 2021

According to this stackoverflow thread it looks like there is no action item needed from our end as we are using the compliant OAuth2.0 Client ID and latest browsers.

Do we need to worry about this w.r.t the usage of Gerrit Oauth plugin or not? please advice

davido commented 3 years ago

I've created this issue: [1] upstream. Let's continue the discussion there.

[1] https://crbug.com/gerrit/13837