Package com.google.gerrit.server.auth.oauth

Class OAuthRealm

    • Method Detail

      • allowsEdit

        public boolean allowsEdit​(AccountFieldName field)
        Description copied from interface: Realm
        Can the end-user modify this field of their own account?

      • authenticate

        public AuthRequest authenticate​(AuthRequest who)
                         throws AccountException
        Authenticates with the OAuthLoginProvider specified in the authentication request.

        AccountManager calls this method without password if authenticity of the user has already been established. In that case we can skip the authentication request to the OAuthLoginService.

        Parameters:
        who - the authentication request.
        Returns:
        the authentication request with resolved email address and display name in case the authenticity of the user could be established; otherwise who is returned unchanged.
        Throws:
        AccountException - if the authentication request with the OAuth2 server failed or no OAuthLoginProvider was available to handle the request.

      • lookup

        public Account.Id lookup​(String accountName)
        Description copied from interface: Realm
        Locate an account whose local username is the given account name.

        Generally this only works for local realms, such as one backed by an LDAP directory, or where there is an EmailExpander configured that knows how to convert the accountName into an email address, and then locate the user by that email address.

      • accountBelongsToRealm

        public boolean accountBelongsToRealm​(Collection<ExternalId> externalIds)
        Returns:
        true if the account is backed by the realm, false otherwise.