Page MenuHomePhabricator

Failure to OAuth after login on mobile
Open, NormalPublic

Description

If I log in using this link (https://www.mediawiki.org/w/index.php?title=Special:UserLogin&returnto=Special:OAuth/authorize&returntoquery=oauth_token%3Df97d76d6ec67bde6719952217d5ab80e%26oauth_consumer_key%3Dd5aa23a6b7a6d61e21ba1bb725c212fe) on my iPad mini to log in and authorise the Wikidata Game on toollabs access to my account (Vidar?) I'm taken to this site (screenshot below; https://m.mediawiki.org/wiki/Special:CentralLogin/complete?token=39880826259b573205f3c40ad7ae8570) after logging in, instead of the "Allow-dialog" which is visable on desktop.

Related Objects

Event Timeline

Maniphest changed the visibility from "Public (No Login Required)" to "Custom Policy".Sep 16 2015, 7:17 AM
Maniphest changed the edit policy from "All Users" to "Custom Policy".
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 16 2015, 7:17 AM
Josve05a created this task.Sep 16 2015, 7:17 AM
Josve05a updated the task description. (Show Details)
Josve05a changed Security from None to Other confidential issue.
Josve05a edited subscribers, added: Josve05a; removed: Aklapper.
Josve05a added a subscriber: csteipp.
Josve05a updated the task description. (Show Details)Sep 16 2015, 7:34 AM
Josve05a changed Security from Other confidential issue to None.
Jdlrobson triaged this task as Normal priority.Sep 16 2015, 5:14 PM
Jdlrobson added a subscriber: Jdlrobson.
Jdlrobson renamed this task from Failiure to OAuth after login on mobile to Failure to OAuth after login on mobile.Sep 16 2015, 6:36 PM
Jdlrobson edited projects, added MobileFrontend; removed Readers-Web-Backlog.

@Josve05a: What security are you trying to set on this task? You won't be able to move it out of the NDA restrictions simply by removing the project, but I can change the policies for you if you want.

Josve05a added a comment.EditedSep 16 2015, 8:46 PM

@Josve05a: What security are you trying to set on this task? You won't be able to move it out of the NDA restrictions simply by removing the project, but I can change the policies for you if you want.

I tried first to remove the security, by setting it to 'none' (and at the same time I removed the nda-project). That didn't work, and sine I have no way to change the policy after I created the task, it it stuck as this policy. Just set it as public.

Krenair changed the visibility from "Custom Policy" to "Public (No Login Required)".
Krenair changed the edit policy from "Custom Policy" to "All Users".
Tgr added a subscriber: Tgr.Sep 16 2015, 9:21 PM

The error message is centralauth-error-nologinattempt ("No active login attempt is in progress for your session.").

Tgr added a comment.Sep 16 2015, 9:31 PM

Can't reproduce (either on desktop or on an Android phone):

  • go to https://tools.wmflabs.org/wikidata-game/ in private browsing mode
  • click in the link in "log in here"
  • edit the url from www.mediawiki.org to m.mediawiki.org
  • log in
  • authorization dialog shows up as expected.
Josve05a added a comment.EditedSep 16 2015, 9:35 PM

How I did:

  1. Go to https://tools.wmflabs.org/wikidata-game/
  2. click the link "log in here"
  3. Log in. (You should see the desktop view of the log in screen; i.e. do not change to m.mediawiki manually)
  4. You are now redirected to the mobile site (screenshot above)

To get it to work, I afterwards repeat step 1 and 2 and will be taken to the proper Alow-dialog (on desktop site) without having to log in again.

Tgr added a comment.Sep 16 2015, 9:40 PM

Do you get the same result if you repeat the steps? Also if you repeat them in private browsing mode?

Josve05a added a comment.EditedSep 16 2015, 9:44 PM

No, if I click the "log in here"in the second step, affter having done all 4 steps once already in this session, I'm taken to the desktop "Allow-dialog" directly. So it's the redirecting from the login screen on "desktop-view" to the dialog in "mobile view" which is broken somehow. However, if I start a new session (restart the browser, or enter private mode, or log out from wiki) I can reproducae all the steps once again.

Tgr added a comment.Sep 16 2015, 9:55 PM

Still can't reproduce, your steps work fine for me (in desktop Chrome in private mode). What device and browser are you using? What is the full URL for that error message?

iPad mini (iOS), Safari. Let me get utl:s and screenshots

I've confirmed this on my Android phone. As a logged-out mediawiki.org user (copy of Josve05a's steps):

  1. Go to https://tools.wmflabs.org/wikidata-game/
  2. click the link "log in here"
  3. Log in. (You should see the desktop view of the log in screen; i.e. do not change to m.mediawiki manually)
  4. You are now redirected to the mobile site (screenshot above)

The mobile login form is no different from desktop login form so I expect there is some code that is not being loaded e.g. doesn't have appropriate target set.

The exception is due to the mobile redirect-- you gave your username and password to www.mediawiki.org, but you're trying to complete the login on m.mediawiki.org. If the wikidata-game updates its authorization redirect from,

https://www.mediawiki.org/w/index.php?title=Special:OAuth/authorize&oauth_token=...

to

https://www.mediawiki.org/wiki/Special:OAuth/authorize?oauth_token=...

then it should Just Work.

Who is investigating this issue? It seems pretty bad. I hit this error when trying to log in to the English Wikipedia on my phone the other day.

Tgr added a comment.Sep 12 2016, 6:17 AM

It seems pretty rare. You need to be 1) on mobile 2) logged out on Phabricator or whatever else you are using 3) sent for tool authorization to a wiki where you are not logged in 4) the tool must be using the non-canonical form of the URL; and even then it does not happen deterministically. And it has an obvious workaround (login first, then authorize).

It seems pretty rare.

What does this mean? Do we log this error anywhere? How many times are we raising this error per day?

As far as I know, my English Wikipedia user account and Phabricator are completely distinct. Perhaps the issue I'm hitting is separate from this issue (T112730), T95221, and T119343. If so, I can file a new task if you would prefer that.

And it has an obvious workaround (login first, then authorize).

I experienced this issue when logging in to a MediaWiki wiki. What specifically do you think I should authorize in order to log in to the wiki with a regular user account?

Tgr added a comment.Sep 12 2016, 10:50 PM

Yes, if you experience the same error without any OAuth tool being involved, a separate task would helpful. Might or might not be the same underlying issue, but at a minimum a login will be a lot easier to reproduce and debug than a full authorization flow.

Yes, if you experience the same error without any OAuth tool being involved, a separate task would helpful. Might or might not be the same underlying issue, but at a minimum a login will be a lot easier to reproduce and debug than a full authorization flow.

There's now T145545: "No active login attempt is in progress for your session." when trying to log in on wikisource.org as well.

Jdlrobson moved this task from Needs triage to Triaged on the Mobile board.Jul 25 2017, 5:53 PM
Restricted Application added a subscriber: PokestarFan. · View Herald TranscriptJul 25 2017, 5:53 PM

This stiill appears to be an issue. I'm unable to login to Phabricator on mobile, seeing the same error as in the original post.