OAuth2 authentication provider for Gerrit Code Review. Please upload changes for review to: https://gerrit-review.googlesource.com/#/admin/projects/plugins/oauth
Hi, we are working on switching from google-oauth to dex-auth and it looks like the dex plugin doesn't do any token verification. I would be happy to add support for it. I'm inclined to use java-jwt to verify the JWT token using a JWKS URL. It would also be possible to hit dex/userInfo endpoint to validate the token but would put a significant load on our Dex instance. Do you have any thoughts on this? Thanks!
rohanj1
commented
3 weeks ago
Hi, we are working on switching from google-oauth to dex-auth and it looks like the dex plugin doesn't do any token verification. I would be happy to add support for it. I'm inclined to use java-jwt to verify the JWT token using a JWKS URL. It would also be possible to hit dex/userInfo endpoint to validate the token but would put a significant load on our Dex instance. Do you have any thoughts on this? Thanks!