OAuth for REST API and external tools ?

davido / gerrit-oauth-provider

OAuth2 authentication provider for Gerrit Code Review. Please upload changes for review to: https://gerrit-review.googlesource.com/#/admin/projects/plugins/oauth

Apache License 2.0

140 stars 85 forks source link

OAuth for REST API and external tools ? #50

Open mildis opened 9 years ago

mildis commented 9 years ago

Hi,

Can OAuth be used for external tools authentication ? Currently, we have a tool that connects to gerrit REST API using basic authentication. Is the OAuth authentication able to allow access to the REST API to non-web tools and should the tool authenticate itself over GitHub or Google before it makes calls to Gerrit (something like exchanging a token provided by [GitHub|Google] between the tool and Gerrit).

(Note : this can be tagged « question »)

Thanks.

mhuin commented 5 years ago

Any answer on this? From my own tests it doesn't seem to be possible, as Gerrit's REST API supports only basic auth (this can however be bypassed in the browser if the GerritAccount cookie is set). It would be great if it was possible to pass an access token through an Authorization header to the REST API. Keycloak, for example, can be configured to fetch access tokens easily: https://github.com/wpic/sample-keycloak-getting-token. Is it something that could be covered by this plugin?

davido commented 5 years ago

//CC @lucamilanesio.