Page MenuHomePhabricator
Create Task
Maniphest T251865

OAuth2 authorizing gives an infinite loop between 2 urls
Closed, ResolvedPublic
Actions

Description

I'm trying to use OAuth 2 via the OAuth extension. First time, I got the "Do you want to give this app access to your account" screen, however, the second time I tried to do that (had a bug somewhere in auth logic) it started redirecting between these two urls:

I'm using consumer cd6061338c4d1ac30aa6d50953ee0738 on beta meta as suggested by the docs.

In case it's helpful, I was using the code at P11189 with Laravel Socialite.

Details

SubjectRepoBranchLines +/-
Fix infinite redirect loop for some OAuth 2 client approvalsmediawiki/extensions/OAuthmaster+3 -1
Customize query in gerrit

Related Objects

Event Timeline

taavi created this task.May 5 2020, 10:07 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 5 2020, 10:07 AM
Tgr added a project: Platform Engineering.May 5 2020, 10:34 AM
taavi added a comment.EditedMay 5 2020, 12:05 PM

This only seems to happen if you are using OAuth2 and there already is a row in oauth_accepted_consumer for the consumer/user pair (ie. you haven't accepted this consumer before starting this authorization flow).

daniel moved this task from Inbox to Triage Meeting Inbox on the Platform Engineering board.May 8 2020, 9:48 AM
eprodromou triaged this task as Medium priority.May 12 2020, 8:27 PM
eprodromou edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Engineering.
eprodromou subscribed.

Looks good.

eprodromou moved this task from Inbox to Later on the Platform Team Workboards (Clinic Duty Team) board.May 12 2020, 8:27 PM
taavi updated the task description. (Show Details)May 13 2020, 2:10 PM
Zbyszko subscribed.Jun 2 2020, 2:14 PM
WDoranWMF added subscribers: AMooney, WDoranWMF.Jun 12 2020, 12:17 PM

@AMooney @eprodromou should this increase in priority?

AMooney added a comment.Jun 15 2020, 12:55 PM

@Majavah would a Medium priority be appropriate for this task?

taavi added a comment.Jun 15 2020, 2:03 PM
In T251865#6223815, @AMooney wrote:

@Majavah would a Medium priority be appropriate for this task?

I think it's fine.

Tgr subscribed.Jun 15 2020, 2:20 PM

This completely breaks OAuth 2 for apps with a "User identity verification only" grant (maybe others too, I'm not sure). That seems borderline Unbreak now! to me.

AMooney raised the priority of this task from Medium to High.Jun 16 2020, 3:02 PM
eprodromou added a comment.Jun 17 2020, 2:29 PM

"High" seems like the right priority here.

gerritbot added a comment.Jun 18 2020, 12:39 AM

Change 606298 had a related patch set uploaded (by BPirkle; owner: BPirkle):
[mediawiki/extensions/OAuth@master] Fix infinite redirect loop for some OAuth 2 client approvals

https://gerrit.wikimedia.org/r/606298

gerritbot added a project: Patch-For-Review.Jun 18 2020, 12:39 AM
BPirkle claimed this task.Jun 18 2020, 2:01 PM
BPirkle moved this task from Later to Doing(WIP:5) on the Platform Team Workboards (Clinic Duty Team) board.
gerritbot added a comment.Jun 20 2020, 9:29 PM

Change 606298 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Fix infinite redirect loop for some OAuth 2 client approvals

https://gerrit.wikimedia.org/r/606298

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.38; 2020-06-23).Jun 20 2020, 10:00 PM
Maintenance_bot removed a project: Patch-For-Review.Jun 20 2020, 10:10 PM
Tgr added a comment.Jun 21 2020, 4:34 PM

@Majavah can you re-test?

taavi closed this task as Resolved.Jun 21 2020, 5:19 PM
In T251865#6242756, @Tgr wrote:

@Majavah can you re-test?

Appears to be working on the beta cluster, thanks everyone!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits