Page MenuHomePhabricator

OAuth error not rendered properly
Closed, ResolvedPublicBUG REPORT


Rendered unparsed.

OAuth token already used, <a class="external" href="">E009</a>

Screen Shot 2019-12-15 at 12.05.21 AM.png (588×882 px, 118 KB)

Steps to reproduce
  1. Open (Wikimedia Developer Support Forum)
  2. Click on "Log in" button. ( If you've never visited there, click "Sign up" button instead)
  3. Click "allow" button on the dialog that appears
  4. If the authorization succeed you'll be taken back to as a logged-in user.
  5. Now click "back" button on your browser.
    • This will return us back to the OAuth authorization dialog.
    • And also attempt to reuse the request token we have already utilized (by logging in step 3).
  6. Click "allow" button on the dialog we return to.
  7. Observe the malformed error message as shown above.
  8. Write code and fix it.... to render properly??

Event Timeline

Ammarpad changed the subtype of this task from "Task" to "Bug Report".
Ammarpad renamed this task from OAuth errors not rendered properly to OAuth error not rendered properly.Jan 4 2020, 10:38 AM
Ammarpad updated the task description. (Show Details)
Ammarpad moved this task from Proposed tasks to Imported in GCI Site on the Google-Code-in-2019 board.

Hello! I've claimed your task on GCI, but I got a problem with registering a new OAuth consumer for testing in I just don't have required permissions (my account is not confirmed).
I've read that Bureaucrats can manually confirm a user account. Can you do this for me, please?

taavi added a subscriber: taavi.

Hi @Crutishnyk, Ammarpad is not a bureaucrat, but you can add an request to You will also get automatically confirmed status when you have 5 edits on meta.

Thanks Urbanecm and Majavah for your quick feedback!

Maybe we should give mwoauthproposeconsumer to new users on beta metawiki?

You can use the app without approval, as long as you are using it with the same user that made the request. We don't usually approve test apps for that reason.

Ok @Tgr. But I'm getting an error when trying to log in:

[126d6183699af53627223395] 2020-01-07 16:33:37: Fatal exception of type "MediaWiki\OAuthClient\Exception"

Maybe this is a bug, what do you think?

I installed these extensions:

  • OAuth
  • OAuthAuthentication
  • ImportUsers
  • MediaWikiAuth

Hi @Crutishnyk, did you follow the instructions at (especially the composer install --no-dev part)

In T240774#5782646, @Majavah wrote:

Hi @Crutishnyk, did you follow the instructions at (especially the composer install --no-dev part)


Hard to tell without seeing that exception. If you have installed MediaWiki manually, you might want to set up something like Manual:MonologSpi.php#Minimal_example.

Great, just making sure as most of the extensions require that. Could you try with $wgShowExceptionDetails = true; in LocalSettings if you get a more specific error?

Oh yes, here are more detailed information:

[26e2baf2659989fa590ccd45] /index.php/Special:OAuthLogin/finish?oauth_verifier=21971f87123579a7dc862a1865265926&oauth_token=d2266cf5cdf906afb2509e54de4cd65e MediaWiki\OAuthClient\Exception from line 206 of C:\xampp\htdocs\mediawiki.loc\extensions\OAuth\vendor\mediawiki\oauthclient\src\Client.php: JWT didn't validate


#0 C:\xampp\htdocs\mediawiki.loc\extensions\OAuthAuthentication\handlers\OAuth1Handler.php(47): MediaWiki\OAuthClient\Client->identify(MediaWiki\OAuthClient\Token)
#1 C:\xampp\htdocs\mediawiki.loc\extensions\OAuthAuthentication\specials\SpecialOAuthLogin.php(67): MediaWiki\Extensions\OAuthAuthentication\OAuth1Handler->identify(MediaWiki\OAuthClient\Token, MediaWiki\OAuthClient\Client)
#2 C:\xampp\htdocs\mediawiki.loc\includes\specialpage\SpecialPage.php(575): MediaWiki\Extensions\OAuthAuthentication\SpecialOAuthLogin->execute(string)
#3 C:\xampp\htdocs\mediawiki.loc\includes\specialpage\SpecialPageFactory.php(611): SpecialPage->run(string)
#4 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(296): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
#5 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(900): MediaWiki->performRequest()
#6 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(527): MediaWiki->main()
#7 C:\xampp\htdocs\mediawiki.loc\index.php(44): MediaWiki->run()
#8 {main}

JWT errors usually mean you computer's clock is off.

JWT errors usually mean you computer's clock is off.

What do you mean? My computer's time is correct: 7:22 PM, 7 January, 2020 (I'm living in GMT+2)

Alternatively, an upstream error (which are sometimes grossly mishandled in OAuthClient, see T179030: OAuthClient should check for error before validating JWT).

I thought we had a task about making OAuthClient more user-friendly about handling JWT error, but I can't find it right now.

Thank you for your feedback! Finally, I managed to run OAuth. It wasn't necessary to create a new OAuth consumer on, I just created another local MediaWiki site and configured everything. I'm not really sure about my solution, but it's working ¯\_(ツ)_/¯
Uploading my fix to Gerrit...

Change 562861 had a related patch set uploaded (by Crutishnyk; owner: Crutishnyk):
[mediawiki/extensions/OAuth@master] extensions/OAuth: Fix the render of E009 error link

Change 571072 had a related patch set uploaded (by Florianschmidtwelzow; owner: Florianschmidtwelzow):
[mediawiki/core@master] HTMLForm: Allow status object to have raw parameters

Change 562861 abandoned by Anomie:
extensions/OAuth: Fix the render of E009 and E004 error links

In favor of I152ec51f317799572bf6791e110cd72c42da82a0

Change 571072 merged by jenkins-bot:
[mediawiki/core@master] HTMLForm: Allow status object to have raw parameters