Comment 36 for bug 881019
Revision history for this message
| Monty Taylor (mordred) wrote Re: [Bug 881019] Re: Lp login is broken after account merge | #36 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
On 05/27/2012 10:43 PM, William Grant wrote:
> On 28/05/12 12:27, James E. Blair wrote:
>> With respect to the OpenStack Gerrit, it's not that the consumer is
>> buggy, it's that since we're trying to _integrate_ with Launchpad, we
>> need to know the _Launchpad_ user of the person who is authenticating to
>> us. It's not enough to just know be given an opaque identifier, we need
>> to know the Launchpad user ID of that person so that we know what groups
>> they are a member of, etc. If we just wanted to use an opaque OpenID
>> provider, we could have used any number of other ones. The value in
>> using Launchpad's OpenID provider is that we can integrate our tools and
>> processes with Launchpad.
>>
>> William, a while ago you suggested an API call that would allow us to
>> query all of the identifiers for a given Launchpad account? I believe
>> we can work around the problem if that's added. Do you still think that
>> would be feasible?
>
> After discussion with Summit developers this morning, I'm adding an API
> to go the other way: given an OpenID identifier, you'll be able to
> easily ask for the corresponding Launchpad account. That's bug #1005330.
>
> Can you alter the gerrit login process enough to use that API? Adding a
> second API for account -> identifiers would work for you, and is doable,
> but it doesn't make a huge amount of sense so it would be nice to avoid it.
We can update our use sync script to use this, but I don't know that the
mapping in that direction will immediately solve the problem. Just so
you have the full context, the way it works is that we have a script
will pulls user information from launchpad api (with an additional curl
call given the launchpad user id to their user page to find their openid
id) We do that because the web is not the only way a person logs in to
gerrit - we also have ssh-based interactions because of git pushes and
pulls. That means we need discreet user accounts so that there will be a
place to attach an ssh key (which we also grab from launchpad if there
is one for ease of use for our users)
Now, I suppose we could have an additional script which looks through
our database for the list of openids and then does the reverse calls to
launchpad to map those to launchpad user ids, and then tries to do the
merging on our side. Just so that you are aware, I expect that to run
about 3k API calls per 15 minutes against launchpad.
Andrew has taken over the sync script though, so I'm including him here
just to make sure I'm not mis-representing things.
Thanks!
Monty