On 2/24/15 10:15 AM, Graham Bloice wrote:
>
> On 24 February 2015 at 17:41, Gerald Combs <gerald@xxxxxxxxxxxxx
> <mailto:gerald@xxxxxxxxxxxxx>> wrote:
>
> On 2/24/15 1:34 AM, Graham Bloice wrote:
> >
> >
> > On 23 February 2015 at 23:51, Gerald Combs <gerald@xxxxxxxxxxxxx <mailto:gerald@xxxxxxxxxxxxx>
> > <mailto:gerald@xxxxxxxxxxxxx <mailto:gerald@xxxxxxxxxxxxx>>> wrote:
> >
> > On 2/22/15 6:01 AM, Graham Bloice wrote:
> > > See https://developers.google.com/accounts/docs/OpenID
> > >
> > > Does this affect our use of Gerrit if we use a Google account to
> > > authenticate?
> >
> > Yes. In case anyone missed the other responses you need to stop
> > authenticating using your Google account and switch to another
> account
> > before April 20. I've added a notice to the login page.
> >
> > In the near term we need to find a list of stable OpenID 2.0
> providers
> > that we can recommend on the login page. In the long term we
> need to
> > find a more stable way of authenticating to Gerrit.
> >
> >
> > And is there any possibility of Gerrit supporting Open ID 2.0 Connect
> > which is what Google+ supports and seems to be the future for Open ID?
> > The Gerrit issues tracker is very confusing on this.
>
> I'm not sure. The closest thing I've seen so far was a change to add
> GitHub OAuth support but it was abandoned:
>
> https://gerrit-review.googlesource.com/#/c/57570/
>
> The following discussions provide a bit more background:
>
> https://groups.google.com/forum/#!topic/repo-discuss/Hjn-6BV3KBU
> https://groups.google.com/forum/#!topic/repo-discuss/nrtxry9SNLg
>
>
> From those threads it seems that the GitHub OAuth 2.0 patch was
> abandoned as it wasn't "pluggable", and that they are going to come back
> with a pluggable version.
It looks like work has started:
https://gerrit-review.googlesource.com/#/c/65101/
> It also seems that they will have to support OAuth 2.0 in general (which
> Google+ can be configured to work as), as that's where everyone is
> heading according to the list in one thread.
