This plugin library allows OAuth providers to surface OAuth credentials in Jenkins.
Note
|
By itself, this library has no user visible changes, it is intended only to surface new extension points on top of which OAuth providers may surface their own OAuth2Credentials implementations. |
This extends the standard Credentials library with the following OAuth 2.0 concepts:
-
OAuth2ScopeRequirement
-
Surfaces a list of OAuth scopes that a plugin requires for accessing a provider’s API.
-
-
OAuth2ScopeSpecification<T extends OAuth2ScopeRequirement>
-
Allows administrators to limit the set of OAuth scopes a given OAuth2Credentials provides to plugins
-
-
OAuth2Credentials<T extends OAuth2ScopeRequirement>
-
Provides an OAuth2 access token with the scopes requested via a
T
argument.
-
It is expected that OAuth providers will extend these classes as follows:
-
AcmeRequirement extends OAuth2ScopeRequirement
-
AcmeSpecification extends OAuth2ScopeSpecification<AcmeRequirement>
-
AcmeCredentials extends OAuth2Credentials<AcmeRequirement>
Now plugins that consume "Acme" APIs can filter for credentials that surface sufficient scopes for their API via:
c = CredentialsProvider.lookupCredentials(AcmeCredentials.class, ..., myAcmeRequirements);
When accessing the API, a user would retrieve the OAuth token with:
token = c.getAccessToken(myAcmeRequirements);
To avoid requiring users to type out OAuth scopes as part of their specification, the OAuth2ScopeSpecification supports the discovery of OAuth2ScopeRequirements annotated on installed plugins. If a user annotates:
@RequiresDomain(value = MyAcmeRequirement.class)
public class MyAcmePlugin {}
The DomainRequirementProvider
class will try to discover these and surface all discoverable scopes to the user as specification choices. This plugin provides a DescribableDomainRequirementProvider
for discovering these annotations on any installed Describable
extensions, but DomainRequirementProvider
is an extension point so it can be extended to surface new discovery mechanisms.
Google OAuth plugin for an example of how this looks.
See https://github.com/jenkinsci/oauth-credentials-plugin/releases for any releases after 0.3
.