Parent tasks requires a jwt library.
|mediawiki/vendor : master||Add firebase/php-jwt for ContentTranslation|
|Open||None||T111534 Allow external users access to cxserver|
|Open||None||T101398 cxserver: rate limiting|
|Resolved||Nikerabbit||T108692 Error: mw.Api error: token-impossible|
|Resolved||Nikerabbit||T97113 MT Api - provide an identification mechanism to allow requests only from a valid MW context|
|Resolved||Nikerabbit||T106762 Security review for firebase/php-jwt|
We're already using an earlier version of php-jwt in Ex:OAuth. I just reviewed the latest version (fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1 on github), and it looks fine as well, although disappointing it still doesn't support EC signatures.
In production, you shouldn't set JWT::$leeway to more than a few seconds, if at all.