Most extensions which add a user right should also add or extend a grant
Open, In Progress, MediumPublic
Actions

Description

OAuth and bot passwords (and maybe other things, now that grants are in core) rely on $wgGrantPermissions to expose access to privileged functionality, but most extensions don't support it. Any extensions that defines a user right which can in some way influence use of the API should also create a grant for that right, or add it to some existing grant.

Related Objects
Search...

Status	Assigned	Task
In Progress	Hokwelum	T142308 Most extensions which add a user right should also add or extend a grant
Resolved	MarcoAurelio	T142306 Adding globalblock-exempt to Grants in GlobalBlocking extension for OAuth use
Resolved	• demon	T134027 Improper default settings for grants
Resolved	aude	T124269 Add wikibase rights to $wgGrantPermissions
Resolved	• MusikAnimal	T126756 Bots cannot access abusefilter API endpoint under new authentication system
Resolved	• MusikAnimal	T145349 Add massmessage permission to highvolume grant
Resolved	Anomie	T150231 FlaggedRevs permissions should be available in grants
Declined	None	T205781 Add oathauth-enable to basics grant
Resolved	JJMC89	T201904 Add "pagequality" right to User rights when logged in via OAuth
Resolved	JJMC89	T207915 Add createpagemainns right to a grant
Resolved	Daimona	T161816 Cannot grant a user ability to view log entries of private filters
Declined	None	T241110 vipsscaler-test should be included in a grant
Invalid	None	T241111 viewuserlang should be included in a grant
Resolved	JJMC89	T241112 urlshortener-create-url should be included in a grant
Open	Shubham656jain	T241113 upwizcampaigns and mass-upload should be included in a grant
Resolved	Urbanecm	T241114 tboverride and tboverride-account should be included in a grant
Resolved	Diwanshu885	T241115 transcode-reset and transcode-status should be included in a grant
Resolved	DannyS712	T241116 nuke should be included in a grant
Declined	None	T241117 gwtoolset should be included in a grant
Resolved	JJMC89	T241118 skipcaptcha should be added to basic grant in extension.json, not DefaultSettings
Resolved	JJMC89	T241119 override-antispoof should be included in a grant
Declined	JJMC89	T302758 IPInfo rights should be included in a grant
Resolved	JJMC89	T362188 pagetriage-copyvio should be included in a grant

Event Timeline

Tgr created this task.Aug 6 2016, 8:36 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 6 2016, 8:36 PM

Tgr added a subtask: T142306: Adding globalblock-exempt to Grants in GlobalBlocking extension for OAuth use.Aug 6 2016, 8:36 PM

Tgr closed subtask T142306: Adding globalblock-exempt to Grants in GlobalBlocking extension for OAuth use as Resolved.Aug 7 2016, 12:23 AM

Udo_T subscribed.Aug 8 2016, 2:08 PM

Tgr added subtasks: T134027: Improper default settings for grants, T124269: Add wikibase rights to $wgGrantPermissions, T126756: Bots cannot access abusefilter API endpoint under new authentication system.Sep 9 2016, 2:07 AM

• MusikAnimal added a subtask: T145349: Add massmessage permission to highvolume grant.Sep 12 2016, 2:53 AM

What's the difference between a grant and a user group?

User groups are assigned to users. Grants are assigned to tools. When a tool acts through a user account, it will only have those rights which are available both through the user's groups and the tool's grants.

Legoktm closed subtask T145349: Add massmessage permission to highvolume grant as Resolved.Sep 12 2016, 9:31 AM

Tgr mentioned this in T150526: BotPasswords: grant all rights.Nov 22 2016, 10:42 PM

Tgr added a subtask: T150231: FlaggedRevs permissions should be available in grants.Nov 22 2016, 10:45 PM

Anomie closed subtask T150231: FlaggedRevs permissions should be available in grants as Resolved.Nov 23 2016, 9:52 PM

MarcoAurelio awarded a token.Feb 4 2017, 10:00 AM

MarcoAurelio subscribed.

Tgr moved this task from Uncategorized to Tool User wants on the MediaWiki-extensions-OAuth board.Mar 7 2017, 3:23 AM

Tgr moved this task from Tool User wants to Tool developer wants on the MediaWiki-extensions-OAuth board.Mar 7 2017, 3:30 AM

Tgr triaged this task as Medium priority.Mar 7 2017, 3:38 AM

Tgr added a project: good first task.Mar 7 2017, 4:00 AM

Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMar 7 2017, 4:00 AM

Tgr mentioned this in T170603: API Edit Requires a Captcha, but on Wiki edit does not.Jul 13 2017, 6:11 PM

Liuxinyu970226 subscribed.Oct 12 2017, 4:35 AM

JJMC89 added a subtask: T201904: Add "pagequality" right to User rights when logged in via OAuth.Oct 19 2018, 5:12 AM

JJMC89 closed subtask T201904: Add "pagequality" right to User rights when logged in via OAuth as Resolved.Oct 19 2018, 6:14 PM

JJMC89 added a subtask: T207915: Add createpagemainns right to a grant.Oct 25 2018, 1:29 AM

JJMC89 closed subtask T207915: Add createpagemainns right to a grant as Resolved.Oct 29 2018, 8:19 PM

AfroThundr3007730 subscribed.Nov 26 2018, 12:26 AM

JJMC89 added a subtask: T161816: Cannot grant a user ability to view log entries of private filters.Feb 10 2019, 5:52 PM

Daimona closed subtask T161816: Cannot grant a user ability to view log entries of private filters as Resolved.Feb 10 2019, 6:05 PM

Tgr mentioned this in T244744: Add interface for changing mentor.Feb 18 2020, 10:50 PM

DannyS712 closed subtask T241116: nuke should be included in a grant as Resolved.Mar 8 2020, 8:56 AM

JJMC89 closed subtask T205781: Add oathauth-enable to basics grant as Declined.Mar 21 2020, 7:04 PM

JJMC89 closed subtask T241111: viewuserlang should be included in a grant as Invalid.Mar 21 2020, 7:49 PM

JJMC89 closed subtask T241118: skipcaptcha should be added to basic grant in extension.json, not DefaultSettings as Resolved.Mar 27 2020, 3:39 PM

JJMC89 closed subtask T241119: override-antispoof should be included in a grant as Resolved.

JJMC89 closed subtask T241112: urlshortener-create-url should be included in a grant as Resolved.

JJMC89 changed the status of subtask T241114: tboverride and tboverride-account should be included in a grant from Open to Stalled.Mar 27 2020, 3:49 PM

TerraCodes unsubscribed.Mar 28 2020, 12:09 AM

JJMC89 changed the status of subtask T241114: tboverride and tboverride-account should be included in a grant from Stalled to Open.Apr 16 2020, 7:38 AM

Urbanecm closed subtask T241114: tboverride and tboverride-account should be included in a grant as Resolved.Apr 16 2020, 11:17 AM

JJMC89 mentioned this in T257097: Add mergehistory to a grant.Jul 4 2020, 6:21 AM

Tgr closed subtask T241117: gwtoolset should be included in a grant as Declined.Dec 9 2020, 5:00 AM

Tgr closed subtask T241110: vipsscaler-test should be included in a grant as Declined.Dec 9 2020, 9:12 PM

Ammarpad closed subtask T241115: transcode-reset and transcode-status should be included in a grant as Resolved.Feb 8 2021, 10:02 AM

Niharika changed the status of subtask T302758: IPInfo rights should be included in a grant from Open to Stalled.Mar 11 2022, 3:55 AM

Niharika closed subtask T302758: IPInfo rights should be included in a grant as Declined.Mar 22 2022, 4:35 PM

Collins subscribed.Apr 1 2022, 3:03 PM

JJMC89 created subtask T362188: pagetriage-copyvio should be included in a grant.Apr 9 2024, 6:29 PM

• MusikAnimal closed subtask T362188: pagetriage-copyvio should be included in a grant as Resolved.Apr 9 2024, 8:49 PM

Hokwelum claimed this task.Tue, Jan 27, 4:05 PM

Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptTue, Jan 27, 4:05 PM

Hokwelum changed the task status from Open to In Progress.Mon, Feb 2, 3:30 PM

OWresch-WMF moved this task from Inbox, needs triage to Q3 Kanban Board on the MediaWiki-Platform-Team board.Mon, Feb 2, 3:50 PM

OWresch-WMF edited projects, added MediaWiki-Platform-Team (Q3 Kanban Board); removed MediaWiki-Platform-Team.

OWresch-WMF moved this task from Essential Work to In Progress on the MediaWiki-Platform-Team (Q3 Kanban Board) board.

Hello @Tgr, I have both config set now but I still have the missing key error!

$wgOAuth2PrivateKey = "/Users/hannah/Development/core/my_ssh";
$wgOAuth2PublicKey = "/Users/hannah/Development/core/my_ssh.pub";

Token request failed with HTTP 500: {"error":"server_error","error_description":"The authorization server encountered an unexpected condition which prevented it from fulfilling the request: Key cannot be empty","message":"The authorization server encountered an unexpected condition which prevented it from fulfilling the request: Key cannot be empty"}

That's the UBN from earlier this week (T416456). You'll need to update OAuth and/or MediaWiki core and re-run Composer.

Most extensions which add a user right should also add or extend a grantOpen, In Progress, MediumPublicActions

Description

Related ObjectsSearch...

Event Timeline

Most extensions which add a user right should also add or extend a grant
Open, In Progress, MediumPublic
Actions

Related Objects
Search...