Google Apps OAuth?

[schancel]

I was wondering if this plugin supports google oauth from google apps. If not, would it be something you're interested in having supported?

[igroykt]

Agree. It would be great to see support for google provider.

[schancel]

I was able to get google working with the following information supplied as "Custom:"

OAuth 2.0 authorization endpoint: https://accounts.google.com/o/oauth2/v2/auth

OAuth 2.0 token endpoint: https://www.googleapis.com/oauth2/v4/token

OAuth 2.0 user endpoint: https://www.googleapis.com/oauth2/v3/userinfo

Scope: openid+email+profile

However, there were a few caveats:

1. The username is set to an individuals full name. I was able to login to the same account with both my work email and my personal email (due to the full name being the same): https://github.com/pwielgolaski/teamcity-oauth/blob/753a13f318003e9e143efa9b4d99012fe9228389/src/main/java/jetbrains/buildServer/auth/oauth/OAuthAuthenticationScheme.java#L86

2. Seems unable to keep people from signing up if they're from another domain on google.

3. The rest of the profile info, email, and whatnot aren't obtained.

[schancel]

Using the https://developers.google.com/oauthplayground/ explorer, it seems this is an example payload from google:

{
  "family_name": "Chancellor", 
  "sub": "4324123432432141234231", 
  "picture": "https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg", 
  "locale": "en", 
  "email_verified": true, 
  "given_name": "Shammah", 
  "email": "shammah@XXXXXXX.com", 
  "hd": "XXXXXXX.com", 
  "name": "Shammah Chancellor"
}

It seems to match the spec here: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse

[schancel]

I don't normally develop on Java code, but I'll see if I can't set this compiling and put up a PR. It seems simple enough to update.

[igroykt]

I just added following preset:

installPreset("google", "https://accounts.google.com/o/oauth2/auth", "https://accounts.google.com/o/oauth2/token", "https://www.googleapis.com/oauth2/v2/userinfo");

And adjusted jsp templates. It work too but username of google domain and username of internal database are different so plugin try to register new user and this is not i want. Let say "i have user in internal database and if his email exist in google domain then i have to be able to login as that user" (scope will be only email).

ServerPrincipalFactory.java: final SUser user = userModel.findUserByUsername(userName, PluginConstants.ID_USER_PROPERTY_KEY);

I think problem in string 46 but i have no competition in java. Don't know what is ID_USER_PROPERTY_KEY and what library teamcity use for oauth.

[schancel]

Hmm. Yeah, I am trying to fix this more holistically, let me open a PR. The problem with my solution is that it won't be backwards compatible.

[igroykt]

Wow wow. Behold your horses. Our reactjs programmer working on it. Not java but something close (:

26 мая 2017 г. 1:34 AM пользователь "Shammah Chancellor" < notifications@github.com> написал:

Hmm. Yeah, I am trying to fix this more holistically, let me open a PR. The problem with my solution is that it won't be backwards compatible.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/pwielgolaski/teamcity-oauth/issues/9#issuecomment-304056928, or mute the thread https://github.com/notifications/unsubscribe-auth/AH5xLDLR59tWoxun_fwX1jbUAjF7im5Wks5r9a2HgaJpZM4Ni5tS .

[pwielgolaski]

I added support for google oAuth in https://github.com/pwielgolaski/teamcity-oauth/releases/tag/teamcity-oauth-1.1.2 Close it for now, if some feature is missing or does not work open separate issue