Page MenuHomePhabricator

Add support for iss claim in OAuth2 access tokens
Closed, ResolvedPublic

Description

MediaWiki should be setting an issuer claim on the access token JWT it emits - this is generally useful, conforms the protocol and is generally good. Unfortunately, the oauth2-server library we are using does not support it.

Plan:

Event Timeline

Pchelolo renamed this task from Add support for its claim in OAuth2 access tokens to Add support for iss claim in OAuth2 access tokens.Aug 27 2020, 4:26 PM
Pchelolo added a subscriber: Clarakosi.

I guess I'll do the whole thing myself and will ask @Clarakosi to test my code

Change 623430 had a related patch set uploaded (by Ppchelko; owner: Ppchelko):
[mediawiki/vendor@master] Update oauth2-server dependency

https://gerrit.wikimedia.org/r/623430

Change 623434 had a related patch set uploaded (by Ppchelko; owner: Ppchelko):
[mediawiki/extensions/OAuth@master] Emit iss claims for oauth2 access token.

https://gerrit.wikimedia.org/r/623434

Change 623430 merged by jenkins-bot:
[mediawiki/vendor@master] Update oauth2-server dependency

https://gerrit.wikimedia.org/r/623430

Change 623434 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Emit iss claims for oauth2 access token.

https://gerrit.wikimedia.org/r/623434

Pchelolo moved this task from Ready to Deploy to Done on the Platform Team Workboards (Green) board.

Ok, fixes were deployed on meta. I have made a consumer, got a token, decoded a token and tadadadam:

"iss": "https://meta.wikimedia.org",