Wireshark-dev: Re: [Wireshark-dev] Google deprecating OpenID 2.0

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Tue, 24 Feb 2015 18:15:07 +0000

On 24 February 2015 at 17:41, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
On 2/24/15 1:34 AM, Graham Bloice wrote:
>
>
> On 23 February 2015 at 23:51, Gerald Combs <gerald@xxxxxxxxxxxxx
> <mailto:gerald@xxxxxxxxxxxxx>> wrote:
>
>     On 2/22/15 6:01 AM, Graham Bloice wrote:
>     > See https://developers.google.com/accounts/docs/OpenID
>     >
>     > Does this affect our use of Gerrit if we use a Google account to
>     > authenticate?
>
>     Yes. In case anyone missed the other responses you need to stop
>     authenticating using your Google account and switch to another account
>     before April 20. I've added a notice to the login page.
>
>     In the near term we need to find a list of stable OpenID 2.0 providers
>     that we can recommend on the login page. In the long term we need to
>     find a more stable way of authenticating to Gerrit.
>
>
> And is there any possibility of Gerrit supporting Open ID 2.0 Connect
> which is what Google+ supports and seems to be the future for Open ID?
> The Gerrit issues tracker is very confusing on this.

I'm not sure. The closest thing I've seen so far was a change to add
GitHub OAuth support but it was abandoned:

https://gerrit-review.googlesource.com/#/c/57570/

The following discussions provide a bit more background:

https://groups.google.com/forum/#!topic/repo-discuss/Hjn-6BV3KBU
https://groups.google.com/forum/#!topic/repo-discuss/nrtxry9SNLg


From those threads it seems that the GitHub OAuth 2.0 patch was abandoned as it wasn't "pluggable", and that they are going to come back with a pluggable version.

It also seems that they will have to support OAuth 2.0 in general (which Google+ can be configured to work as), as that's where everyone is heading according to the list in one thread.


--
Graham Bloice