Page MenuHomePhabricator
Create Task
Maniphest T279056

OAuth 2 extension problem, included in the Wikibase 1.35 docker-compose
Closed, DeclinedPublic
Actions

Description

Hi,

I'm trying to use the OAuth 2 extension included in the Wikibase 1.35 (docker-compose bundle, found here : github.com/wmde/wikibase-docker).

First, I've tried OAuth2, just with this url in my browser :"myWikiUrl"/w/rest.php/oauth2/resource/profile

And I've got this error :

"Notice: Key file "file://" permissions are not correct, recommend changing to 600 or 660 instead of 755 in /var/www/html/extensions/OAuth/vendor/league/oauth2-server/src/CryptKey.php on line 63 "

So, I've generated private and public keys, with :

openssl genrsa -out private.key 2048

openssl rsa -in private.key -pubout -out public.key

Then, I've added those parameters : $wgOAuth2PrivateKey and $wgOAuth2PublicKey , to the end of my LocalSettings.php file, and I've set them to my generated keys paths.

I "chmod 660", the keys and "chown" them to www-data:www-data .

The "key file" error disappear, but I still get an error.

Si, I've tried to authenticate with PostMan, with an OAuth 2 configuration : "Authorization Code" Grant type, a Callback URL, an Auth URL : "w/rest.php/oauth2/authorize" , an Access Token URL : "w/rest.php/oauth2/access_token", my Cliend ID and my Client Secret, and with the option "Client Authentication send as Basic Auth header".

The authentication was ok, but the access_token returned this error (same error if I used : "myWikiUrl"/w/rest.php/oauth2/resource/profile ) :

<br /> <b>Fatal error</b>: Method MediaWiki\Extensions\OAuth\Entity\AccessTokenEntity::__toString() must not throw an exception, caught ParseError: syntax error, unexpected 'Parser' (T_STRING), expecting function (T_FUNCTION) or const (T_CONST) in <b>/var/www/html/extensions/OAuth/vendor/league/oauth2-server/src/ResponseTypes/BearerTokenResponse.php</b> on line <b>0</b><br />↵

I also follow this guide : https://api.wikimedia.org/wiki/Documentation/Getting_started/Authentication , but I still don't know what is not correct..

Thanks in advance

Related Objects

Event Timeline

AurelienCharot created this task.Apr 1 2021, 12:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 1 2021, 12:51 PM
kerphi subscribed.Apr 9 2021, 9:56 AM

Hello, any ideas about this problem? did someone uses oauth2 into wikibase without troubles?

Reedy removed a project: MediaWiki-extensions-OAuthAuthentication.Apr 9 2021, 4:50 PM
Myst subscribed.Apr 9 2021, 5:11 PM

Hello,

After some tests, I can reproduce the same error message when I try to create an OAuth "2.0" consumer (work correctly with 1.0a).
For me, the issue come from line https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/e9e921dbd4ef948fd260a8560ddd035add543f7a/src/Frontend/SpecialPages/SpecialMWOAuthConsumerRegistration.php#L314

When PHP try to convert the $accessToken (AccessTokenEntity) to string, it throw an exception because AccessTokenEntity don't seem to have an __toString() function.

Relating to phab issue, oauth2-server cast $accessToken to string too : https://github.com/thephpleague/oauth2-server/blob/6fb1cb99bf86d06e269eb3a56f87091a12ec20a2/src/ResponseTypes/BearerTokenResponse.php#L31

Reedy added projects: Platform Engineering, MW-1.35-release.Apr 9 2021, 5:12 PM
Reedy subscribed.

Tagging Platform as this seems to be an issue with OAuth, at least in the 1.35 branch....

Myst added a comment.EditedApr 10 2021, 8:25 AM

After more tests, using the latest version for Gitlab branch REL1_35 (b697ceb) seem to solve the issue.

  • Download zip from Gitlab (REL1_35.zip)
  • Unzip in extensions
  • Rename toe OAuth (remove old folder before)
  • Run "composer update --no-dev" from LocalSettings.php folder (with a correct composer.local.json)
  • Run "php update.php" from maintenance/ folder
  • Re-run "compsoer update --no-dev" from LocalSettings.php folder

Try to create an OAuth 2.0, got the message "Your OAuth 2.0 client has been created." with all the informations.

EDIT:
The only difference between OAuth-REL1_35-b697ceb.tar.gz and REL1_35.zip (b697ceb) in the presence of a folder named "vendor" in the .tar.gz downloaded from Mediawiki website. It's a good practice to embed the "vendor" folder in the extensions release ?
Differences after an "composer update --no-dev" in the extensions/OAuth:
Package operations: 0 installs, 2 updates, 1 removal

  • Removing lcobucci/clock (2.0.0)
  • Updating defuse/php-encryption (v2.2.1 => v2.3.1): Loading from cache
  • Downgrading lcobucci/jwt (4.1.4 => 3.4.5): Loading from cache

After the composer update, everything seem ok (can create an oauth 2.0 consumer).

AurelienCharot added a comment.Apr 10 2021, 5:52 PM

Hi,

With your update instructions, I finally successed an "OAuth2 Authorization" with PostMan.

Thanks a lot !

Reedy closed this task as Declined.Apr 10 2021, 6:14 PM

Marking as declined as seemingly fixed in some patches (bump of oauth2 library maybe?) in the branch

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL