Page MenuHomePhabricator
Create Task
Maniphest T403487

Exploratory testing on PHP 8.3 for MediaWiki authentication stack: OAuth
Closed, ResolvedPublic
Actions

Description

See T402597: Exploratory testing on PHP 8.3 for MediaWiki Platform Team components for context. T384232: QA for SUL3 on testwikis has more info on some checklist items.

OAuth

  • Create and test (e.g. with action=query&meta=userinfo) an owner-only OAuth 1 app
  • Create and test a normal (non-owner-only) OAuth 1 app
  • Same but use RSA-SHA1 rather than HMAC-SHA1
  • Same but do it while not being logged in on Wikipedia (you should be sent to login and then to the authorization dialog)
  • Test OAuth 1 pseduo-OIDC (the identify endpoint)
  • Create and test an owner-only OAuth 2 app
  • Create and test a normal (non-owner-only) OAuth 2 app
  • Same but use a non-confidential client
  • Test using a refresh token
  • Test OAuth 2 OIDC (the profile endpoint)
  • Create an app via api.wikimedia.org

Related Objects
Search...

Event Timeline

Tgr created this task.Sep 2 2025, 2:05 PM
Tgr moved this task from Inbox, needs triage to Next on the MediaWiki-Platform-Team board.Sep 2 2025, 7:09 PM
Tgr claimed this task.Sep 6 2025, 8:40 AM
Tgr updated the task description. (Show Details)Sep 6 2025, 9:23 AM
Tgr updated the task description. (Show Details)Sep 6 2025, 11:57 AM
Tgr updated the task description. (Show Details)Sep 6 2025, 2:12 PM
Tgr updated the task description. (Show Details)Sep 6 2025, 3:29 PM
Tgr updated the task description. (Show Details)Sep 6 2025, 4:00 PM
Tgr updated the task description. (Show Details)Sep 6 2025, 4:09 PM
Tgr updated the task description. (Show Details)Sep 6 2025, 4:12 PM
Tgr updated the task description. (Show Details)Sep 6 2025, 4:14 PM
Tgr updated the task description. (Show Details)Sep 6 2025, 4:30 PM
Tgr updated the task description. (Show Details)Sep 6 2025, 4:36 PM
Tgr closed this task as Resolved.Sep 6 2025, 4:42 PM

Helper scripts used: P82668 oauth1.py, P82669 oauth1-rsa.py, P82670 oauth1-owneronly.py, P82671 oauth2.py, P82672 oauth2-owneronly.py

Tgr mentioned this in T384442: Create OAuth 2 Hello World app.Sep 19 2025, 12:40 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits