Page MenuHomePhabricator
Create Task
Maniphest T283555

Invalid access token for new user
Open, LowPublic2 Estimated Story PointsSpike
Actions

Description

Expected behavior

New users created through the API Portal should be able to create and use an owner-only OAuth access token without needing to log in to individual wikis.

Observed behavior

As a new user, created through the API Portal, I can only use an owner-only OAuth access token to access wikis that I have visited and have never in the history of my account, logged in to. For example, this request fails unless I first log in to fr.wikipedia.org:

curl -H "Authorization: Bearer TOKEN_HERE" https://api.wikimedia.org/core/v1/wikipedia/fr/page/Chat/bare

{"error":"rest-read-denied","httpCode":403,"httpReason":"Forbidden"}
Acceptance Criteria
  • Investigate the issue to propose implementation options to resolve this issue
Note

Estimations reflect the timebox we're giving this task

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT284344 Streamline API Portal Onboarding Experience
 OpenSpikeNoneT283555 Invalid access token for new user

Event Timeline

apaskulin created this task.May 25 2021, 12:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 25 2021, 12:11 AM
Ameisenigel moved this task from Backlog to Tech debt on the API-Portal board.May 26 2021, 10:51 AM
sdkim subscribed.May 26 2021, 3:30 PM
sdkim added a project: API Platform.Jun 10 2021, 2:44 PM
RhinosF1 subscribed.Jun 10 2021, 2:44 PM
sdkim changed the subtype of this task from "Task" to "Bug Report".Jun 10 2021, 2:49 PM
sdkim moved this task from Incoming to Must do now on the API Platform board.Jul 21 2021, 6:31 PM
sdkim moved this task from Must do now to Needs Grooming on the API Platform board.Jul 27 2021, 6:25 PM
nnikkhoui subscribed.Aug 16 2021, 5:18 PM

@apaskulin do you know if this is this still an issue? I wasn't able to replicate given the current task description!

nnikkhoui updated the task description. (Show Details)Aug 16 2021, 5:46 PM
hnowlan subscribed.Dec 2 2021, 3:21 PM
sdkim added a project: Spike.Dec 2 2021, 5:10 PM
sdkim updated the task description. (Show Details)
sdkim set the point value for this task to 2.
Restricted Application changed the subtype of this task from "Bug Report" to "Spike". · View Herald TranscriptDec 2 2021, 5:10 PM
sdkim moved this task from Needs Grooming to Must do now on the API Platform board.Dec 2 2021, 5:10 PM
sdkim added a parent task: T284344: Streamline API Portal Onboarding Experience.Dec 3 2021, 5:13 PM
DAbad triaged this task as High priority.Jan 27 2022, 5:18 PM
DAbad closed this task as Invalid.Feb 22 2022, 1:22 PM
DAbad lowered the priority of this task from High to Low.
DAbad moved this task from Must do now to Should do next on the API Platform board.
DAbad subscribed.

It's been a few months. Closing this task. If able to replicate again or notice issue once more we can reopen.

apaskulin reopened this task as Open.Feb 22 2022, 9:12 PM

I tested this again today and was able to reproduce it.

For some background, we had a similar issue with T264637 where users who hadn't logged in to Meta-Wiki weren't seeing their API keys in the Portal. We were able to fix that issue, but since this issue applies to all wikis, I don't know if we'll be able to use the same solution.

Even if it turns out that we aren't able to fix this issue and we need to ask users to log in to whichever wiki they want to access, I'd like to keep this task open to track the documentation change.

apaskulin updated the task description. (Show Details)Feb 22 2022, 9:13 PM
apaskulin moved this task from Should do next to Must do now on the API Platform board.Mar 10 2022, 5:02 PM
VirginiaPoundstone moved this task from Must do now to On Hold / Stalled on the API Platform board.Sep 13 2022, 6:42 PM
VirginiaPoundstone moved this task from On Hold / Stalled to Must do now on the API Platform board.
VirginiaPoundstone moved this task from Must do now to Incoming on the API Platform board.Oct 25 2022, 4:45 PM
VirginiaPoundstone moved this task from Incoming to Backlog on the API Platform board.Nov 14 2022, 9:19 AM
VirginiaPoundstone moved this task from Backlog to Needs Grooming on the API Platform board.Nov 14 2022, 6:55 PM
VirginiaPoundstone moved this task from Needs Grooming to Must do now on the API Platform board.Nov 29 2022, 8:41 PM
VirginiaPoundstone moved this task from Must do now to Needs Grooming on the API Platform board.Nov 29 2022, 8:45 PM
JArguello-WMF moved this task from Needs Grooming to Incoming on the API Platform board.Feb 21 2023, 7:06 PM
VirginiaPoundstone moved this task from Incoming to Needs Grooming on the API Platform board.Mar 8 2023, 7:59 PM
VirginiaPoundstone moved this task from Needs Grooming to Incoming on the API Platform board.
JArguello-WMF removed a project: API Platform.Apr 18 2023, 3:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits