Page MenuHomePhabricator
Create Task
Maniphest T124942

OAuth authorization with a just-created account sometimes fails with 'mwoauthdatastore-access-token-not-found'
Closed, ResolvedPublic
Actions

Description

On dashboard.wikiedu.org, we have a signup flow for users who do not already have Wikipedia accounts, which uses 'returntoquery' to send a user to the account creation page and then immediately redirect them to an auth page for the dashboard once they've created their account. Here are the entry points for this flow:

en.wiki: https://dashboard.wikiedu.org/users/auth/mediawiki_signup
test.wiki: https://dashboard-testing.wikiedu.org/users/auth/mediawiki_signup

This usually works, but seems occasionally fail with 'mwoauthdatastore-access-token-not-found'. @Tgr suggests that this might be caused by master-slave lag.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Fall back to master DB for access token lookupmediawiki/extensions/OAuthmaster+21 -8
Customize query in gerrit

Event Timeline

Ragesoss created this task.Jan 27 2016, 6:37 PM
Ragesoss raised the priority of this task from to Needs Triage.
Ragesoss updated the task description. (Show Details)
Ragesoss added a project: MediaWiki-extensions-OAuth.
Ragesoss added subscribers: Ragesoss, Tgr.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptJan 27 2016, 6:37 PM
gerritbot subscribed.Jan 27 2016, 8:01 PM

Change 266800 had a related patch set uploaded (by Gergő Tisza):
Fall back to master DB for access token lookup

https://gerrit.wikimedia.org/r/266800

gerritbot added a project: Patch-For-Review.Jan 27 2016, 8:01 PM
aaron subscribed.EditedJan 28 2016, 4:10 AM

Seems like this should already be covered by ChronologyProtector, unless there was a >10sec lag spike and timeout. Though I don't see many log entries under

+channel:DBPerformance +message:"Waiting" +url:*OAuth*
Ragesoss added subscribers: Abit, awight.Feb 17 2016, 8:04 PM

@awight @Abit This bug will affect the all instances of the dashboard, creating a confusing situation for newcomers who try to create their account at the same time they join a course. It's hit-or-miss; often you can create an account and sign up in one smooth flow, but a significant fraction of the time, you'll instead get stopped by an OAuth error message.

Tgr added a comment.EditedFeb 18 2016, 7:07 PM

@aaron: ChronologyProtector uses IP+user agent to persist the master position, but the OAuth request that fails is sent by the WikiEdu server, if I understand the bug report correctly, so the IP/agent won't match that of the authorization request.

Ragesoss added a comment.Jul 6 2016, 12:11 AM

What's the status with that patch? Is waiting for more review, or is it not the right fix? Users run into this problem all the time at Wiki Ed events.

Tgr added a subscriber: Anomie.Jul 6 2016, 12:40 AM

IMO it is ready to merge. @Anomie asked for some code quality improvements but I can do those in a follow-up.

gerritbot added a comment.Jul 6 2016, 3:55 PM

Change 266800 merged by jenkins-bot:
Fall back to master DB for access token lookup

https://gerrit.wikimedia.org/r/266800

ReleaseTaggerBot added a project: MW-1.28-release (WMF-deploy-2016-07-12_(1.28.0-wmf.10)).Jul 6 2016, 4:00 PM
Tgr added a comment.Sep 6 2016, 10:30 PM

@Ragesoss any impression on whether this is resolved?

Ragesoss added a comment.Sep 6 2016, 10:41 PM

@Tgr I think this one is resolved. I haven't heard of this error coming up lately (unlike the E008 error). I'll keep an eye out for reports of it, though. These next few weeks are when a few thousand users will go through the account creation and OAuth login flow via dashboard.wikiedu.org.

Tgr closed this task as Resolved.Sep 7 2016, 11:48 PM
Tgr claimed this task.

Thanks! Please reopen if you run into it again.

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits