Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gerrit OAuth provider: OpenID 2.0 identifier mapping is discontinued #77

Closed
naiquevin opened this issue Jan 11, 2017 · 10 comments
Closed
Labels

Comments

@naiquevin
Copy link

naiquevin commented Jan 11, 2017

Gerrit version: v2.10.2-18-gc6c5e0b-dirty
gerrit-oauth-provider version: v0.3 (patched with PR #65 )

Following errors can be seen in the error log

[2017-01-11 06:43:52,801] WARN  org.eclipse.jetty.servlet.ServletHandler : /oauth
java.lang.NullPointerException
        at com.googlesource.gerrit.plugins.oauth.GoogleOAuthService.lookupClaimedIdentity(GoogleOAuthService.java:154)
        at com.googlesource.gerrit.plugins.oauth.GoogleOAuthService.getUserInfo(GoogleOAuthService.java:123)
        at com.google.gerrit.httpd.auth.oauth.OAuthSession.login(OAuthSession.java:94)
        at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:123)
        at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:70)
        at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:113)
        at com.google.gerrit.httpd.RequireSslFilter.doFilter(RequireSslFilter.java:68)
        at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:64)
        at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:57)
        at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:75)
        at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119)
        at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)
        at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)
        at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)
        at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1636)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
        at org.eclipse.jetty.server.Server.handle(Server.java:461)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:284)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:244)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
        at java.lang.Thread.run(Thread.java:745)
[2017-01-11 06:43:52,802] ERROR com.google.gerrit.pgm.http.jetty.HiddenErrorHandler : Error in GET /oauth?state=xxx&code=xxx&authuser=0&hd=xxx&session_state=xxx&prompt=none
java.lang.NullPointerException
        at com.googlesource.gerrit.plugins.oauth.GoogleOAuthService.lookupClaimedIdentity(GoogleOAuthService.java:154)
        at com.googlesource.gerrit.plugins.oauth.GoogleOAuthService.getUserInfo(GoogleOAuthService.java:123)
        at com.google.gerrit.httpd.auth.oauth.OAuthSession.login(OAuthSession.java:94)
        at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:123)
        at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:70)
        at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:113)
        at com.google.gerrit.httpd.RequireSslFilter.doFilter(RequireSslFilter.java:68)
        at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:64)
        at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:57)
        at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:75)
        at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119)
        at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)
        at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)
        at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)
        at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1636)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
        at org.eclipse.jetty.server.Server.handle(Server.java:461)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:284)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:244)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
        at java.lang.Thread.run(Thread.java:745)

What could be the issue? Is any one else also facing this?

@naiquevin naiquevin changed the title Gerrit OAuth log in with Google has suddenly failing with server error Gerrit OAuth log in with Google is suddenly failing with server error Jan 11, 2017
@davido
Copy link
Owner

davido commented Jan 11, 2017

What is the ine GoogleOAuthService.java:154 in your patched code base?

@davido
Copy link
Owner

davido commented Jan 11, 2017

Oh, I see, then this should fix it:

 if (openidIdElement != null && !openidIdElement.isJsonNull()) {

right?

@davido
Copy link
Owner

davido commented Jan 11, 2017

Ah, I guess I have an idea what is going on here: Google discontinued legacy OpenID support in their OAuth 2 backend.

@davido
Copy link
Owner

davido commented Jan 11, 2017

Check this spec: https://developers.google.com/identity/protocols/OpenID2Migration, particularly, this statement:

  Note: Support for the OpenID 2.0 identifier mapping described above will remain in effect until January 1, 2017.

IOW, i would have to release new version of Google OAuth2 provider and drop legacy OpenID account linking.

@davido davido added the bug label Jan 11, 2017
@davido
Copy link
Owner

davido commented Jan 11, 2017

As workaround, you could probably fix that by disabling now non working configuration option:

  Link to OpenID accounts? [true]: false

@naiquevin
Copy link
Author

@davido Thanks. I will try disabling linking to OpenID accounts.

@naiquevin
Copy link
Author

@davido It worked on settinglinkToExistingOpenIDAccounts to false. Thanks for all the help 👍

@davido
Copy link
Owner

davido commented Jan 11, 2017

Thanks for letting us know ;-)

@davido davido changed the title Gerrit OAuth log in with Google is suddenly failing with server error Gerrit OAuth provider: OpenID 2.0 identifier mapping is discontinued Feb 3, 2017
davido added a commit that referenced this issue Feb 3, 2017
According to Google OAuth2 specification[1]: the support for OpenID 2.0
identifier mapping is discontinued:

Note: Support for the OpenID 2.0 identifier mapping described above will
remain in effect until January 1, 2017.

Reflect this fact in the code and discontinue the exposed option in the
Google OAuth provider for this OpenID identifier mapping.

[1]  https://developers.google.com/identity/protocols/OpenID2Migration

Bug: Issue #77
Change-Id: I0c1806e14c22d385b73c810e39568edd9ff84db0
@davido
Copy link
Owner

davido commented Feb 3, 2017

Fixed with: 98f1be9.

@davido davido closed this as completed Feb 3, 2017
lucamilanesio pushed a commit to GerritCodeReview/plugins_oauth that referenced this issue Feb 9, 2017
According to Google OAuth2 specification[1]: the support for OpenID 2.0
identifier mapping is discontinued:

Note: Support for the OpenID 2.0 identifier mapping described above will
remain in effect until January 1, 2017.

Reflect this fact in the code and discontinue the exposed option in the
Google OAuth provider for this OpenID identifier mapping.

[1]  https://developers.google.com/identity/protocols/OpenID2Migration

Bug: Issue davido/gerrit-oauth-provider#77
Change-Id: I0c1806e14c22d385b73c810e39568edd9ff84db0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants