Hi Bryan, thank you for your patient explanations! They are very appreciated. Thank you also for approving my request for an OAuth application!
I still get an error message "Unable to initiate communication with OAuth provider", and I am trying different things, but so far a bit out of ideas. The relevant log lines seem to be this, but I don't see anything useful here: [session] SessionBackend "6s7gpol141hugu9g6q7m7ddi2r0vi51o" data dirty due to dirty(): PluggableAuthPrimaryAuthenticationProvider->continuePrimaryAuthentication/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty [authentication] Login failed in primary authentication by PluggableAuthPrimaryAuthenticationProvider [session] SessionBackend "6s7gpol141hugu9g6q7m7ddi2r0vi51o" data dirty due to dirty(): AuthManagerSpecialPage->handleFormSubmit/AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->continueAuthentication/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty [session] SessionBackend "6s7gpol141hugu9g6q7m7ddi2r0vi51o" save: dataDirty=1 metaDirty=0 forcePersist=0 [authevents] Login attempt My guess is that somewhere one of the URLs for callbacks are wrong, I'll try that next, but in case I am barking up the wrong tree, I would appreciate hints! Thanks, Denny On Fri, Apr 23, 2021 at 9:03 AM Bryan Davis <[email protected]> wrote: > On Thu, Apr 22, 2021 at 3:46 PM Alex Monk <[email protected]> wrote: > > > > The Wikimania wiki is part of the production cluster so gets privileged > access to the production CentralAuth database. I'm not sure if the prod > wikis can act as an identity provider for other sites to consume > > > > On Thu, 22 Apr 2021 at 19:27, Denny Vrandečić <[email protected]> > wrote: > >> > >> I would love to do the same! Can you point me to your configuration? > >> > >> On Wed, Apr 21, 2021 at 9:03 PM billinghurst < > [email protected]> wrote: > >>> > >>> Hi Denny, > >>> > >>> As a spam defence for Wikimania, we disallowed local account > generation, and just leverage WMF's SULs, similarly did the same for > wikidata-test to great effect. The one thing that we did was to change the > login link to point to somewhere they could create an account. [1] Great > success, though not 100% effective against manual spammers, or those that > trawl. > > I believe that the `wsoauth` role in MediaWiki-Vagrant can do what > Denny is looking for. That role provisions > <https://www.mediawiki.org/wiki/Extension:WSOAuth> and configures it > to use a shared OAuth grant which works for local testing at a > "http://dev.wiki.local.wmftest.net"; host > (< > https://meta.wikimedia.org/wiki/Special:OAuthManageConsumers/20c96d141c4ac5bea4fadd6824f6ebda > >). > Beyond using `vagrant roles enable wsoauth`, a Cloud VPS hosted > MediaWiki-Vagrant wiki would need to apply for a new OAuth grant that > contains the callback URL of the hosted wiki > (<https://<something>.wmcloud.org/...>) and then add the OAuth key and > secret values for the new grant to the local MediaWiki-Vagrant's hiera > configuration. This might look something like: > > $ vagrant role enable wsoauth > $ vagrant hiera role::wsoauth::oauth_key "the key for the new grant" > $ vagrant hiera role::wsoauth::oauth_secret "the secret for the new > grant" > $ vagrant provision > > Bryan > -- > Bryan Davis Technical Engagement Wikimedia Foundation > Principal Software Engineer Boise, ID USA > [[m:User:BDavis_(WMF)]] irc: bd808 > > _______________________________________________ > Wikimedia Cloud Services mailing list > [email protected] (formerly [email protected]) > https://lists.wikimedia.org/mailman/listinfo/cloud >
_______________________________________________ Wikimedia Cloud Services mailing list [email protected] (formerly [email protected]) https://lists.wikimedia.org/mailman/listinfo/cloud
