Page MenuHomePhabricator

Get OAuth working in beta
Closed, ResolvedPublic

Description

Production is currently using mediawiki.org as the central oauth wiki (grants are kept centrally, on a single wiki, so a user can grant a connected app access to all wikis at once, instead of having to authorize each individually).

Since beta doesn't have a mediawikiwiki, developers can register OAuth applications in beta.

Eventually production is planning to use metawiki, but until then, it would be nice to make the exception for labs.


Version: unspecified
Severity: normal

Details

Reference
bz59141

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:37 AM
bzimport set Reference to bz59141.
csteipp created this task.Dec 30 2013, 9:10 PM

Change 104666 had a related patch set uploaded by CSteipp:
Central OAuth wiki for Labs (metawiki)

https://gerrit.wikimedia.org/r/104666

Change 104666 abandoned by Hashar:
Central OAuth wiki for Labs (metawiki)

Reason:
I guess this change is no more needed.

https://gerrit.wikimedia.org/r/104666

Chris, is this issue still valid?

It would be nice to eventually get OAuth working in beta.

Right now deployment.wikimedia.beta.wmflabs.org is the central wiki, but because we have $wgMWOAuthSecureTokenTransfer=true, the OAuth pages redirect to https, which doesn't work in beta. So it's still not possible for anyone to register new applications in beta, which was the overall purpose of my original report.

I updated the title to reflect that.

While the SSL is being sorted out, we could set on beta wgMWOAuthSecureTokenTransfer = false and fill a bug as a reminder to reenable it.

Yeah, we can do that. I'll also make sure we reset all secrets after we upgrade.

Change 126185 had a related patch set uploaded by CSteipp:
Temporarily allow insecure token trasfer for OAuth

https://gerrit.wikimedia.org/r/126185

Change 126185 merged by jenkins-bot:
Temporarily allow insecure token trasfer for OAuth

https://gerrit.wikimedia.org/r/126185

Reminder to reenable secure token transfer is bug 65421. In the meantime, OAuth is working on labs (I'm testing phabricator against it).