Github OAuth Plugin

Skip to end of metadata
Go to start of metadata

Plugin Information

Plugin ID github-oauth Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
Dependencies
0.14
Jul 11, 2013
1.509
github-api (version:1.40)
mailer (version:1.4)
Source Code
Issue Tracking
Maintainer(s)
GitHub
Open Issues
Michael O'Cleirigh (id: mocleiri)
Usage Installations 2013-Apr 1797
2013-May 1889
2013-Jun 1950
2013-Jul 2085
2013-Aug 2163
2013-Sep 2247
2013-Oct 2387
2013-Nov 2324
2013-Dec 2407
2014-Jan 2565
2014-Feb 2713
2014-Mar 2780

Authentication of users is delegated to Github using the OAuth protocol.  Authorization is based on the characteristics of the users Github user data that is retrieved through the Github API (effectively as the authenticated user).

The initial use case supported is that Jenkins is running jobs associated to a single or group of Github organizations. So we will authenticate users against the Github user data base and then authorize those users that are participants in one of the defined organizations with build and read permissions.

We also define a list of usernames that will have full admin rights on Jenkins.

There is also a flag to allow any authenticated user to have read access.

Since version 0.4 there is a way to authorize the use of the github-webhook callback url to receive post commit hooks from Github. This plugin has a checkbox that can allow Github to POST's to be received but you still need to run the Github Plugin to have the message trigger the build.

Setup

  1. Create an application registration here: https://github.com/settings/applications/new
    Define the application URL and callback url and then use the Client ID and Client Secret with the Github Authentication Plugin.
    Make the callback url look like: http://myserver.com:8080/securityRealm/finishLogin
    Important ensure that the securityRealm/finishLogin part is in the url (this is where github redirects the user with the OAUth credential once they have been authorized).
  2. Control user authorization (i.e. who is allowed to see the jobs and build them) using the Github Commiter Authorization Strategy

Further instructions are included in the plugin help.

Restrictions

You have to be a public member of the organization for the authorization to work correctly.

Status

Version 0.15 (Released March 21, 2014)

  • Don't attempt to set email address property for a user upon login (pull request #14)
  • Use hasExplicitlyConfiguredAddress instead of getAddress(which scans all projects and builds to find users's email address) (committed directly)
  • Fix API token usage on Jenkins core 1.551 (pull request #18)

Version 0.14 (Released July 11, 2013)

Version 0.12 (Released June 13, 2012)

  • Removed the GitHub V2 API dependency.

Version 0.10 (Released March 4, 2012)

  • Thanks to virtix for reporting a bug with the plugin not working with github enterprise.
  • Note that you also have to upgrade the github-api plugin to version 1.17

Version 0.9 (Released January 8, 2012)

  • Thanks to Kohsuke Kawaguchi for several commits that allow github organizations to be specified using the matrix-based security.

Version 0.8.1 (Released November 1, 2011)

  • Fix the custom XStream Converter to allow the configurations to be saved correctly.

Version 0.8 (Released November 1, 2011)

  • Use custom XStream Converter to let < 0.7 configurations to still work.

Version 0.7 (Released October 29, 2011)

  • Adds support for Github Enterprise/Firewall installs.

Version 0.6 (Released September 17, 2011)

  • Adds checkbox to the AuthorizationStrategy configuration page to enable the anonymous read permission. (default is false: no anonymous reads).

Version 0.5 (Released September 10, 2011)

  • Fixes a problem where all users of the plugin would see a stack trace instead of Jenkins. The regex for detecting the github-webhook url was reworked to support that text appearing anywhere in the request URI.

Version 0.4 (Released September 9, 2011)

  • Thanks to vkravets for testing and contributing a patch to fix the regex so that it actually works for the github-wehook.

Version 0.3 (Released September 8, 2011)

  • Adds support for github-plugin's /github-webhook which can be enabled to allow anonymous READ access to this url. This permits a post commit hook in Github to notify Jenkins to build the related projects.

Version 0.2 (Released July 25, 2011)

  • Fixes serialization issue that prevented plugin from working after Jenkins was restarted.

Version 0.1 (Released July 16, 2011)

Labels

Edit
plugin-user plugin-user Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Add Comment