On Fri, Oct 21, 2016 at 3:38 PM, Strainu <strainu10(a)gmail.com> wrote:
I'm simply trying to make it easy for the users.
In the current
version of the tool, they login with the github account and the rest
happens "magically": the tool retrieves their pull requests and scores
them according to a predefined set of criteria - no need for user
input of any kind. I just want the same workflow for patches submitted
to gerrit and I needed a way to authenticate the users and match the
information I have from the OAuth endpoint with reviews from gerrit.
In that case, I would require them to prove account ownership by sending an
email to the gerrit email address with a verification link.
Or you could require that that email address is present in Github (it does
not have to be the primary address, and this is a good practice anyway as
it will ensure that the clone repo on Github attributes the patch to them
correctly once it gets merged - although in theory the Gerrit owner,
committer and author email address could be three different things, but
that's unlikely to happen) and then verify that somehow. You can probably
just upload a gist with that address and check whether Github attributes it
to them.