Page MenuHomePhabricator
Create Task
Maniphest T268617

Create a variation of the CentralAuthTokenSessionProvider based on an Authorization header
Closed, ResolvedPublic
Actions

Description

To allow the auto-login mechanism provided by CentralAuth to properly function with a REST API, it needs to support header-based authentication. A straight forward way to do this is to use an Authorization header in a way similar to how OAuth uses it, e.g. something like Authorization MWCentralAuth <token>.

Note that this new SessionProvider should return true from the safeAgainstCsrf() method, while the old parameter based CentralAuthTokenSessionProvider must return false.

Details

SubjectRepoBranchLines +/-
Create CentralAuthHeaderSessionProvidermediawiki/extensions/CentralAuthmaster+448 -215
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Nov 24 2020, 12:17 PM
gerritbot added a comment.Nov 24 2020, 7:57 PM

Change 643339 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/extensions/CentralAuth@master] WIP: Create CentralAuthHeaderSessionProvider

https://gerrit.wikimedia.org/r/643339

gerritbot added a project: Patch-For-Review.Nov 24 2020, 7:57 PM
daniel claimed this task.Nov 25 2020, 5:27 PM
daniel triaged this task as High priority.
daniel moved this task from Backlog to Doing on the Platform Team Workboards (Green) board.
daniel moved this task from Doing to Waiting for Review on the Platform Team Workboards (Green) board.Dec 2 2020, 5:16 PM
gerritbot added a comment.Dec 7 2020, 2:02 PM

Change 643339 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Create CentralAuthHeaderSessionProvider

https://gerrit.wikimedia.org/r/643339

Maintenance_bot removed a project: Patch-For-Review.Dec 7 2020, 2:10 PM
ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.21; 2020-12-08).Dec 7 2020, 3:00 PM
Pchelolo moved this task from Waiting for Review to Ready to Deploy on the Platform Team Workboards (Green) board.Dec 7 2020, 3:25 PM
Reedy mentioned this in T269680: MediaWiki logging indexing conflict on 'session' for 'session-ip' channel.Dec 10 2020, 5:34 PM
Pchelolo closed this task as Resolved.Dec 14 2020, 5:10 PM
Pchelolo moved this task from Ready to Deploy to Done on the Platform Team Workboards (Green) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL