Page MenuHomePhabricator

Special:OAuth not able to retain log in
Open, Needs TriagePublic

Description

Today using QuickStatements (https://tools.wmflabs.org/quickstatements/#/) and trying to log in by clicking on "Log in" (the link is https://tools.wmflabs.org/quickstatements/api.php?action=oauth_redirect) I frequently obtained the subsequent error:

<br />
<b>Fatal error</b>:  Uncaught Exception: Error retrieving token1: {&amp;quot;error&amp;quot;:&amp;quot;mwoauth-callback-not-oob-or-prefix&amp;quot;,&amp;quot;message&amp;quot;:&amp;quot;oauth_callback must be set, and must be set to \&amp;quot;oob\&amp;quot; (case-sensitive), or the configured callback must be a prefix of the supplied callback.&amp;quot;,&amp;quot;callback&amp;quot;:&amp;quot;api.php&amp;quot;} in /data/project/magnustools/public_html/php/oauth.php:283
Stack trace:
#0 /data/project/quickstatements/public_html/api.php(101): MW_OAuth-&gt;doAuthorizationRedirect('api.php')
#1 {main}
  thrown in <b>/data/project/magnustools/public_html/php/oauth.php</b> on line <b>283</b><br />

In the rare cases when I successfully logged in, frequently QuickStatements behaved like I didn't do it; I reloaded the page and still it seamed that I hadn't logged in; then I reloaded the page and appearently I was logged in, but when I tried to do something, I got the message "Not logged in". It seamed that the platform was unable to retain the log in for more than a few seconds, which substantially prevented me from doing many actions; however, the problem seemed to be not on QuickStatements (otherwise I would have reported it directly to Magnus Manske) but in OAuth (so I post it here).

Event Timeline

Epidosis renamed this task from Error by Special:OAuth to Special:OAuth not able to retain log in.Jun 1 2020, 9:30 PM
Epidosis updated the task description. (Show Details)
Epidosis updated the task description. (Show Details)

I have a hard time making sense of this bug report. What is the page where you should have been logged in but weren't, and how is that related to the OAuth server?

I am seeing this error always on my local instance of quickstatements. The oauth_callback parameter is missing the full prefix and is just api.php. This seems to be a bug in quickstatements.