Page MenuHomePhabricator
Create Task
Maniphest T290299

Replace token store in MW OAuth WCQS proxy with JWT
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

As a WCQS maintainer I want to simplify MW OAuth Proxy for WCQS so it won't require a cache of tokens so that they aren't invalidated before their expiry.

Currently - all the user tokens (which are returned in cookies) are stored in WM OAuth Proxy memory (on WCQS beta limit is 100), which in high traffic situation will cause a rapid expiry. Additionally - production WCQS will be clustered, so having a session store complicates load balancing (or forces us to implement a distributed cache).To alleviate this, we could use a JWT tokens to be able to validate tokens themselves.

AC:

  • MW OAuth Proxy memory footprint is independent of user traffic

Related Objects
Search...

Event Timeline

Zbyszko created this task.Sep 3 2021, 7:30 AM
Gehel moved this task from Incoming to Current work on the Wikidata-Query-Service board.Sep 6 2021, 12:47 PM
BPirkle added a comment.Sep 9 2021, 6:32 PM

I was not previously familiar with mw-oauth-proxy. Here are some related links for any other subscribers that may have a similar knowledge gap:

I don't pretend to have absorbed all of this, but I did notice this in OAuthProxyService.java:

private OAuth10aService service;

Are you planning to use OAuth 1 (and not OAuth 2)? Or maybe I am misreading this?

MPhamWMF set the point value for this task to 3.Sep 13 2021, 3:37 PM
MPhamWMF moved this task from Incoming to Ready for Dev -- SWE on the Discovery-Search (Current work) board.
Zbyszko added a comment.Oct 1 2021, 6:02 PM

@BPirkle when this code was written, there was a bug (now fixed) that prevented us from using OAuth2. Now we could, but since we consider this a temporary measure (with API gateway being a more solid one in the future, as mentioned here T290300), we probably leave this as it is right now.

Zbyszko updated the task description. (Show Details)Oct 1 2021, 6:12 PM
dcausse assigned this task to EBernhardson.Oct 19 2021, 3:14 PM
dcausse moved this task from Ready for Dev -- SWE to In Progress on the Discovery-Search (Current work) board.
dcausse subscribed.

https://gerrit.wikimedia.org/r/c/wikidata/query/rdf/+/730658

EBernhardson moved this task from In Progress to To Be Deployed on the Discovery-Search (Current work) board.Oct 20 2021, 6:06 PM
EBernhardson closed this task as Resolved.Oct 26 2021, 6:12 PM
EBernhardson moved this task from To Be Deployed to Needs Reporting on the Discovery-Search (Current work) board.Oct 26 2021, 6:20 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL