Issue 34: OpenID Not grabbing email
Status:  WontFix
Owner:
Closed:  Sep 2009

Blocked on:
issue 4
Reported by code-rev...@gtempaccount.com, Sep 24, 2009
Reported by Brad Larson <bklarson@gmail.com> on Thu Jan 22 12:33:37 PST 2009
Source: JIRA GERRIT-34
Affected Version: 2.0
Environment: Linux

I have reset my gerrit2 database a few times, and gerrit doesn't want to grab
my email from the OpenID provider.  I'm using a google account for OpenID.
This worked during the first test run a few days ago, but not since then.
After signing in, all that shows up is Anonymous Coward (1000000) instead of
the expected Anonymous Coward (me@email.com).  I'll try a couple more times to
make sure I'm not missing something.  I know it worked once...
Sep 24, 2009
#1 code-rev...@gtempaccount.com
Comment by Brad Larson <bklarson@gmail.com> on Thu Jan 22 12:47:40 PST 2009

I played around with this a bit more... the email does show up if I use a
gmail account, but not if I use a google account tied to a different email
address.  I'm 95% sure that the first time I ran things I used a separate
email address tied to a google account, but I could be wrong.  In any case, it
sounds like this is on the OpenID provider's end?
Sep 24, 2009
#2 code-rev...@gtempaccount.com
Update by Shawn Pearce <sop@google.com> on Thu Jan 22 12:49:19 PST 2009
Blockedon: 4
Sep 24, 2009
#3 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Thu Jan 22 12:49:19 PST 2009

Sounds like GERRIT-4, where someone else was also having trouble with Google
Accounts not sending the email address on sign in.

I've never seen it not send the email, but I'm always working with my
google.com name, or a personal gmail.com name.

You can register your email and have Gerrit send you a verification link if
you go to Settings > Contact Information, but this isn't as good as having
Google actually supply the email.

There's a debugging line in OpenIdLoginServlet, search for "if (false".  You
can enable that block and see the data coming back from Google in stdout when
you sign in.  Gerrit should always be asking for the email address, so they
should always be including it in the reply.

Does the Google Accounts login page tell you that Gerrit wants your email
address, and show you the address associated with your account?
Sep 24, 2009
#4 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Thu Jan 22 12:52:09 PST 2009

Yea, I think you're right, it sounds like the OpenID provider.

Brad, can you email me (sop@google.com) the account name you were *not*
getting the email address through?  I'll follow up with the OpenID provider
people at Google and see if they know what's up.
Sep 24, 2009
#5 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Thu Jan 22 13:12:53 PST 2009

This bug has nothing to do with Gerrit2.  The Google Account OpenID provider
doesn't always return the email address.  It seems to be account-specific.
I've never seen it fail for my own accounts.  Others have noticed it only on
some of their accounts, but not others.

I have opened an issue with Google about the problem, but there's nothing we
can do in Gerrit2 to work around it.  Users can of course register their own
email addresses on the Settings > Contact Information screen.
Sep 24, 2009
#6 code-rev...@gtempaccount.com
Update by Shawn Pearce <sop@google.com> on Thu Jan 22 13:12:53 PST 2009
Status: WontFix
Sep 24, 2009
#7 code-rev...@gtempaccount.com
Comment by Brad Larson <bklarson@gmail.com> on Thu Jan 22 14:22:20 PST 2009

Thanks for looking into this.  I'm relieved to hear the problem isn't on my
end!
Sep 24, 2009
#8 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Thu Jan 22 15:16:52 PST 2009

So the answer from Google appears to be:

"If you click on the 'allow site to remember me' box, Google will never again
send your email address to that site, because it would involve prompting the
user, and the remember me box is about skipping prompts."

I suspect you checked that box, then wiped your database.  So Gerrit2 doesn't
have the per-domain/per-user token that Google Accounts sent for the account,
but Google knows Gerrit has already been given the email, so it won't give out
the email again.

You can uncheck that "allow site to remember me" box by going to
https://www.google.com/accounts/ManageAccount and deleting the entry for your
Gerrit domain.