Page MenuHomePhabricator
Create Task
Maniphest T286769

OAuth extension reporting "Error: An error occurred in the OAuth protocol: Invalid consumer key" even if the consumer key is valid
Open, Needs TriagePublic
Actions

Description

Hi, I have a MediaWiki wiki on a shared server with Apache mod_cgi. I've recently migrated it on another server and, while on the other server everything worked fine, using OAuth with the OAuth ruby gem always and with no reason returns the error "Error: An error occurred in the OAuth protocol: Invalid consumer key".

I've tried to create and update the consumer keys and I've even tried to reinstall the wiki, but even if I always use the correct consumer key, the error comes back every time.

The same code that returns this error, works fine (obviously with a different key) on Wikimedia Commons, so I think this is not a problem on my side.

$test_oauth_consumer = OAuth::Consumer.new(ENV["TEST_CONSUMER_KEY"], ENV["TEST_CONSUMER_SECRET"], :site => "https://wikitest.ferdinando.me", :request_token_path => "/w/index.php?title=Special:OAuth/initiate", :authorize_path => "/wiki/Special:OAuth/authorize", :access_token_path => "/wiki/Special:OAuth/token",)
oauth_consumer = $test_oauth_consumer
request_token = oauth_consumer.get_request_token(:oauth_callback => "oob") # Error: Si è verificato un errore nel protocollo OAuth: Invalid consumer key

I'm running the last version of Extension:OAuth on MediaWiki 1.36.1 with PHP 7.3.29, with the same configuration of the working server. Any ideas?

Related Objects

Event Timeline

Ferdi2005 created this task.Jul 16 2021, 10:32 AM
Ferdi2005 renamed this task from OAuth extension reporting "Si è verificato un errore nel protocollo OAuth: Invalid consumer key" even if the consumer key is valid to OAuth extension reporting "Error: An error occurred in the OAuth protocol: Invalid consumer key" even if the consumer key is valid.Jul 17 2021, 9:35 PM
Ferdi2005 updated the task description. (Show Details)
valerio.bozzolan subscribed.Jul 19 2021, 4:17 PM
Ferdi2005 added a comment.Jul 19 2021, 4:34 PM

Ok, I've discovered the cause of the Invalid consumer key error: Apache mod_cgi stripped the Authorization header.
It was easily fixed with this line in .htaccess or in the virtual host configuration
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Now the wiki is reporting another error: Invalid signature.
I'm not willing to investigate this other issue, so I've moved the wiki on another server and there it's working.
Further help to learn and eliminate the root cause of the issue would be appreciated.

valerio.bozzolan updated the task description. (Show Details)Jul 20 2021, 8:00 AM
Tgr subscribed.Jul 28 2021, 4:00 PM

The error is almost certainly on the client side (or somewhere inbetween, such as redirects). Unfortunately, there is no way currently to debug it, short of using a step-by-step debugger and checking at which point signature verification fails. The task about making the server's error messages more useful is T245477: OAuth server should provide clear and useful feedback about client errors.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL