Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 341434

Summary: support openid for login to gerrit
Product: z_Archived Reporter: David Shepherd <david.shepherd>
Component: MylynAssignee: Steffen Pingel <steffen.pingel>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: P3 CC: matthias.sohn, steffen.pingel
Version: unspecifiedKeywords: noteworthy, plan
Target Milestone: 0.9   
Hardware: PC   
OS: Windows 7   
Whiteboard:
Bug Depends on: 357023, 357310, 373699    
Bug Blocks: 328723    
Attachments:
Description Flags
mylyn/context/zip
none
repository dialog
none
authentication dialog
none
screenshot
none
screenshot none

Description David Shepherd CLA 2011-03-30 18:44:28 EDT 
It would be great if the Gerrit Connector supported OpenId as a method of authentication.
Comment 1 Steffen Pingel CLA 2011-03-31 13:59:24 EDT 
Makes sense. Should be a matter of sending credentials to the corresponding Gerrit service.
Comment 2 Steffen Pingel CLA 2011-08-25 07:38:09 EDT 
OpenID protocol description: http://code.google.com/apis/accounts/docs/OpenID.html.
Comment 3 Steffen Pingel CLA 2011-09-07 05:34:29 EDT 
Pushed a review here:

I5bb086b2: support openid for login to gerrit
http://review.mylyn.org/#change,17
Comment 4 Steffen Pingel CLA 2011-09-07 16:05:03 EDT 
OpenID support is now available.
Comment 5 Steffen Pingel CLA 2011-09-07 16:05:18 EDT 
Created attachment 202931 [details]
mylyn/context/zip
Comment 6 Steffen Pingel CLA 2011-09-10 14:33:13 EDT 
Created attachment 203114 [details]
repository dialog
Comment 7 Steffen Pingel CLA 2011-09-10 14:36:40 EDT 
Created attachment 203115 [details]
authentication dialog
Comment 8 David Green CLA 2011-09-16 12:57:57 EDT 
Nice work Steffen, this works really well.  

I have a concern about the login dialog however:  Normally when OpenID login is presented in a browser, the user can verify the authenticity of the login page from the browser address bar, and know if it's secure from the "lock" icon.  I didn't notice any such information provided via the login dialog.  This authenticity feedback is part of what makes OpenID work -- I suspect that users may be reluctant to enter their username and password if they're not sure where the web page originated from.  Did I miss something, or is this an issue that should be addressed?
Comment 9 Steffen Pingel CLA 2011-09-16 13:55:59 EDT 
 I don't know to what extend the Eclipse browser API supports that type of validation but it sounds sensible. Please feel free to file a bug to suggest that as an enhancement.
Comment 10 Steffen Pingel CLA 2012-03-03 09:08:52 EST 
Created attachment 212023 [details]
screenshot
Comment 11 Steffen Pingel CLA 2012-03-03 09:09:56 EST 
Created attachment 212024 [details]
screenshot