Page MenuHomePhabricator

OAuth authorization fails if account does not exist on the central wiki
Closed, ResolvedPublic


Steps to reproduce:

  • create a new account, make sure it exists (and is logged in) centrally but does not exist locally on the central OAuth wiki. (On WMF wikis this is only possible when the account autocreation script errors out.)
  • try to authorize an OAuth consumer on some non-central wiki

You will get Unified login needed, E008.

See T94885 for reports of this bug.

Event Timeline

Change 316914 had a related patch set uploaded (by Gergő Tisza):
Relax requirement for the user having an account on the central wiki

Is this just stuck waiting for code review? Would love to get the E008 issues wrapped up!

Still waiting for CR. @Anomie do you have time to look at it? It's a fairly simple change.

Per Anomie, someone from Security should take a look at the patch.

Change 316914 merged by jenkins-bot:
Relax requirement of the user having an account on the central wiki

Anomie assigned this task to Tgr.