Change Details

**Project Information ** * Name of tool/project: OAuthRateLimiter * Project home page: https://www.mediawiki.org/wiki/Extension:OAuthRateLimiter * Name of team requesting review: #core_platform_team * Primary contact: @Pchelolo, @Clarakosi * Target date for deployment: * Link to code repository / patchset: **Description of the tool/project: ** Adds rate limit claims to OAuth token **Description of how the tool will be used at WMF:** We are developing an API Portal/Gateway. The work is described by the [[ https://www.mediawiki.org/wiki/Core_Platform_Team/Initiatives/API_Gateway | API Gateway initiative ]]. As part of this project, we plan to use the extension, [[ https://www.mediawiki.org/wiki/Extension:OAuthRateLimiter | OAuthRatelimiter ]], to add ratelimiter information to the OAuth token. **Dependencies** * mediawiki-extensions-OAuth **Has this project been reviewed before?** No **Working test environment** >Please link or describe setup process for setting up a test environment. **Post-deployment** > Name of team responsible for tool/project after deployment and primary contact. //This task is a placeholder. I will update the description when the extension is ready for review//

**Project Information ** * Name of tool/project: OAuthRateLimiter * Project home page: https://www.mediawiki.org/wiki/Extension:OAuthRateLimiter * Name of team requesting review: #platform_engineering * Primary contact: @Pchelolo, @Clarakosi * Target date for deployment: August * Link to code repository / patchset: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuthRateLimiter/+/613282 **Description of the tool/project: ** The extension holds a single database table with a mapping from OAuth client ID to the rate limit tier. The rate limits for different tiers are statically configured in mediawiki-config. The tiers are assigned to the clients via a maintenance script. Dynamic tiers and UI for tier management might be implemented later if needed. The ratelimit claims for the client is supplied to the OAuth extension via a new hook. The OAuth extension adds the claims to the access token JWT as private claims, which is then used by the envoy API Gateway to supply to the ratelimit service. Currently the code depends on the fork of the oauth2-server library, that includes a single [[ https://github.com/thephpleague/oauth2-server/pull/1122 | pull request ]] which adds support for private claims. We're working with upstream to get the pull request accepted in the upstream library, and the need for the fork will eventually disappear. **Description of how the tool will be used at WMF:** We are developing an API Portal/Gateway. The work is described by the [[ https://www.mediawiki.org/wiki/Core_Platform_Team/Initiatives/API_Gateway | API Gateway initiative ]]. As part of this project, we plan to use the extension, [[ https://www.mediawiki.org/wiki/Extension:OAuthRateLimiter | OAuthRatelimiter ]], to add ratelimiter information to the OAuth token. **Dependencies** * mediawiki-extensions-OAuth **Has this project been reviewed before?** No **Working test environment** >Please link or describe setup process for setting up a test environment. **Post-deployment** #platform_engineering will own the extension.

**Project Information ** * Name of tool/project: OAuthRateLimiter * Project home page: https://www.mediawiki.org/wiki/Extension:OAuthRateLimiter * Name of team requesting review: #core_#platform_teamengineering * Primary contact: @Pchelolo, @Clarakosi * Target date for deployment: August * Link to code repository / patchset: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuthRateLimiter/+/613282 **Description of the tool/project: ** Adds rate limit claims to OAuth tokenThe extension holds a single database table with a mapping from OAuth client ID to the rate limit tier. The rate limits for different tiers are statically configured in mediawiki-config. The tiers are assigned to the clients via a maintenance script. Dynamic tiers and UI for tier management might be implemented later if needed. The ratelimit claims for the client is supplied to the OAuth extension via a new hook. The OAuth extension adds the claims to the access token JWT as private claims, which is then used by the envoy API Gateway to supply to the ratelimit service. Currently the code depends on the fork of the oauth2-server library, that includes a single [[ https://github.com/thephpleague/oauth2-server/pull/1122 | pull request ]] which adds support for private claims. We're working with upstream to get the pull request accepted in the upstream library, and the need for the fork will eventually disappear. **Description of how the tool will be used at WMF:** We are developing an API Portal/Gateway. The work is described by the [[ https://www.mediawiki.org/wiki/Core_Platform_Team/Initiatives/API_Gateway | API Gateway initiative ]]. As part of this project, we plan to use the extension, [[ https://www.mediawiki.org/wiki/Extension:OAuthRateLimiter | OAuthRatelimiter ]], to add ratelimiter information to the OAuth token. **Dependencies** * mediawiki-extensions-OAuth **Has this project been reviewed before?** No **Working test environment** >Please link or describe setup process for setting up a test environment. **Post-deployment** > Name of team responsible for tool/project after deployment and primary contact. //This task is a placeholder. I will update the description when the extension is ready for review//#platform_engineering will own the extension.