Page MenuHomePhabricator

MW OAuth2 doesn't seem to work
Closed, ResolvedPublic

Description

Following docs as in:

for this consumer:

I am sending:

https://meta.wikimedia.org/w/rest.php/oauth2/authorize?response_type=code&client_id=75e6d99d5fbb98606b81150f948cf695

and I am getting the following answer:

The authorization server encountered an unexpected condition that prevented it from fulfilling the request.

I have tested my code (based on python requests_oauthlib) vs. other OAuth2 sites and it works.

Comment:
Discussing on IRC, some doubts were raised on this part:
https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/39182b03b05df4814e544516805c6382f651018d/includes/frontend/specialpages/SpecialMWOAuth.php#L104
https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/39182b03b05df4814e544516805c6382f651018d/includes/frontend/specialpages/SpecialMWOAuth.php#L85

Event Timeline

Looking at logstash for 75e6d99d5fbb98606b81150f948cf695 I only really see stuff hitting the special page, not the rest interface...

/srv/mediawiki/php-1.35.0-wmf.16/extensions/OAuth/includes/frontend/specialpages/SpecialMWOAuth.php:729
This endpoint is not allowed for OAuth version 1
#0 /srv/mediawiki/php-1.35.0-wmf.16/extensions/OAuth/includes/frontend/specialpages/SpecialMWOAuth.php(85): MediaWiki\Extensions\OAuth\SpecialMWOAuth->assertOAuthVersion(integer)
#1 /srv/mediawiki/php-1.35.0-wmf.16/includes/specialpage/SpecialPage.php(575): MediaWiki\Extensions\OAuth\SpecialMWOAuth->execute(string)
#2 /srv/mediawiki/php-1.35.0-wmf.16/includes/specialpage/SpecialPageFactory.php(611): SpecialPage->run(string)
#3 /srv/mediawiki/php-1.35.0-wmf.16/includes/MediaWiki.php(298): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
#4 /srv/mediawiki/php-1.35.0-wmf.16/includes/MediaWiki.php(967): MediaWiki->performRequest()
#5 /srv/mediawiki/php-1.35.0-wmf.16/includes/MediaWiki.php(530): MediaWiki->main()
#6 /srv/mediawiki/php-1.35.0-wmf.16/index.php(46): MediaWiki->run()
#7 /srv/mediawiki/w/index.php(3): require(string)
#8 {main}

and

/srv/mediawiki/php-1.35.0-wmf.16/extensions/OAuth/includes/frontend/specialpages/SpecialMWOAuth.php:369
Sorry, something went wrong connecting this application.

<span class="plainlinks mw-mwoautherror-details">Unknown OAuth key, <a class="external" href="https://www.mediawiki.org/wiki/Help:OAuth/Errors#E006">E006</a></span>
#0 /srv/mediawiki/php-1.35.0-wmf.16/extensions/OAuth/includes/frontend/specialpages/SpecialMWOAuth.php(135): MediaWiki\Extensions\OAuth\SpecialMWOAuth->handleAuthorizationForm(NULL, boolean, boolean)
#1 /srv/mediawiki/php-1.35.0-wmf.16/includes/specialpage/SpecialPage.php(575): MediaWiki\Extensions\OAuth\SpecialMWOAuth->execute(string)
#2 /srv/mediawiki/php-1.35.0-wmf.16/includes/specialpage/SpecialPageFactory.php(611): SpecialPage->run(string)
#3 /srv/mediawiki/php-1.35.0-wmf.16/includes/MediaWiki.php(298): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
#4 /srv/mediawiki/php-1.35.0-wmf.16/includes/MediaWiki.php(967): MediaWiki->performRequest()
#5 /srv/mediawiki/php-1.35.0-wmf.16/includes/MediaWiki.php(530): MediaWiki->main()
#6 /srv/mediawiki/php-1.35.0-wmf.16/index.php(46): MediaWiki->run()
#7 /srv/mediawiki/w/index.php(3): require(string)
#8 {main}

I suppose one issue here is that AuthenticationHandler::errorResponse should have some facility for differentiating user and server errors, and log the latter to the exception channel. Currently e.g. Rest\Handler\Authorize::execute has a catch block which just swallows any throwable without logging.

Change 570076 had a related patch set uploaded (by Anomie; owner: Anomie):
[mediawiki/extensions/OAuth@master] Fix 'infinity' expiry for OAuth 2 tokens

https://gerrit.wikimedia.org/r/570076

I suppose one issue here is that AuthenticationHandler::errorResponse should have some facility for differentiating user and server errors, and log the latter to the exception channel. Currently e.g. Rest\Handler\Authorize::execute has a catch block which just swallows any throwable without logging.

Submitted https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OAuth/+/570080 to add some logging there.

Change 570076 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Fix 'infinity' expiry for OAuth 2 tokens

https://gerrit.wikimedia.org/r/570076

Fix should be deployed to Wikimedia sites with 1.35.0-wmf.19

@AMooney, I understand that this ticket is resolved. Should it be in the Done or Waiting for Deployment column instead of the Waiting for Review one?