Parent tasks requires a jwt library.
Description
Description
Details
Details
Project | Branch | Lines +/- | Subject | |
---|---|---|---|---|
mediawiki/vendor | master | +1 K -1 | Add firebase/php-jwt for ContentTranslation |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T111534 Allow external users access to cxserver | |||
Resolved | santhosh | T101398 cxserver: rate limiting | |||
Resolved | • Nikerabbit | T108692 Error: mw.Api error: token-impossible | |||
Resolved | • Nikerabbit | T97113 MT Api - provide an identification mechanism to allow requests only from a valid MW context | |||
Resolved | • Nikerabbit | T106762 Security review for firebase/php-jwt |
Event Timeline
Comment Actions
We're already using an earlier version of php-jwt in Ex:OAuth. I just reviewed the latest version (fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1 on github), and it looks fine as well, although disappointing it still doesn't support EC signatures.
In production, you shouldn't set JWT::$leeway to more than a few seconds, if at all.
Comment Actions
Change 226616 had a related patch set uploaded (by Nikerabbit):
Add firebase/php-jwt for ContentTranslation