Details
-
Type:
New Feature
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Not A Defect
-
Component/s: google-login-plugin
-
Labels:
-
Similar Issues:
Description
Currently, it seems that it is not possible to use the Jenkins Remote Access API when authentication with the Google Login Plugin. I believe that allowing such access would be beneficial.
Indeed, to me (no experience in Jenkins plugin development), it seems like implementation for this functionality has already been started but is still commented out and below a TODO marking here.
The way that the GitHub OAuth Plugin handles this case (by allowing username/password to be GitHub username and GitHub token) works very well for us.
Attachments
Activity
Please reopen with details on why the Jenkins API key is insufficient
Ryan Campbell
added a comment - Please reopen with details on why the Jenkins API key is insufficient I'm slightly confused why this was closed, the linked code (https://github.com/jenkinsci/google-login-plugin/blob/master/src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java#L313) shows that API key authentication isn't implemented for the google-login plugin
Ryan Campbell would you mind looking into this again - I'm struggling to use CURL with our jenkins instance and I believe it is down to this issue.
Sam Duke
added a comment - I'm slightly confused why this was closed, the linked code ( https://github.com/jenkinsci/google-login-plugin/blob/master/src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java#L313 ) shows that API key authentication isn't implemented for the google-login plugin
Ryan Campbell would you mind looking into this again - I'm struggling to use CURL with our jenkins instance and I believe it is down to this issue. I have the same issue. After enabling Google login how can we access Jenkins CI API?
As Ryan indicated, in Jenkins it's not the responsibility of individual authentication plugin to provide a separate mechanism for API access. Jenkins core itself takes care of that through the API key mechanism, described further in the link he provided.
Also note that as a practical matter, it is simply not possible for this plugin to allow you to send in your Google user name & password, even if we wanted to. OAuth is a browser based protocol, and for a good reason.
This is already possible by setting an API key for your user.
https://support.cloudbees.com/hc/en-us/articles/115003090592-How-to-re-generate-my-Jenkins-user-token
There isn't a way to authenticate with your Google password via API that I'm aware of anyway. But the above should work fine.