Hi,
After extensive discussions with my fellow organizers, we decided to
go with an oauth consumer on wikitech, and I submitted a new consumer.
It would be great if Bryan or another Oauth admin could take a look at
it (we're waaay overdue with that already).
Thank you,
Strainu
2016-10-22 17:06 GMT+03:00 Strainu <strainu10(a)gmail.com>om>:
Thank you all for your suggestions. I'll discuss
with the people who
implemented the original application and decide on the best approach
given the limited resources and time.
Strainu
2016-10-22 3:23 GMT+03:00 Gergo Tisza <gtisza(a)wikimedia.org>rg>:
> On Fri, Oct 21, 2016 at 3:38 PM, Strainu <strainu10(a)gmail.com> wrote:
>
>> I'm simply trying to make it easy for the users. In the current
>> version of the tool, they login with the github account and the rest
>> happens "magically": the tool retrieves their pull requests and scores
>> them according to a predefined set of criteria - no need for user
>> input of any kind. I just want the same workflow for patches submitted
>> to gerrit and I needed a way to authenticate the users and match the
>> information I have from the OAuth endpoint with reviews from gerrit.
>
>
> In that case, I would require them to prove account ownership by sending an
> email to the gerrit email address with a verification link.
>
> Or you could require that that email address is present in Github (it does
> not have to be the primary address, and this is a good practice anyway as
> it will ensure that the clone repo on Github attributes the patch to them
> correctly once it gets merged - although in theory the Gerrit owner,
> committer and author email address could be three different things, but
> that's unlikely to happen) and then verify that somehow. You can probably
> just upload a gist with that address and check whether Github attributes it
> to them.
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l(a)lists.wikimedia.org
>
https://lists.wikimedia.org/mailman/listinfo/wikitech-l