The settings in 10-WSOAuth.php end as follows: $wgOAuthAuthProvider = "mediawiki";
$wgOAuthClientId = "[token]"; $wgOAuthClientSecret = "[secret]"; $wgOAuthRedirectUri = " http://annotation.wmcloud.org/w/index.php?title=Special:PluggableAuthLogin";; $wgOAuthUri = "https://meta.wikimedia.org/w/index.php?title=Special:OAuth";; and the OAuth settings on meta are as follows: OAuth "callback URL" https://annotation.wmcloud.org/w/index.php?title=Special:PluggableAuthLoginAllow consumer to specify a callback in requests and use "callback" URL above as a required prefix.NoApplicable grantsUser identity verification only, no ability to read pages or act on a user's behalf. I can see that meta states the callback URL with https and the settings without. Changing it in the settings doesn't seem to make a difference. I don't know if I can change it on Meta, or if I need to make a new application, but it doesn't look like the right solution anyway. A bit unsure. Thanks! Denny On Fri, Apr 23, 2021 at 2:50 PM Denny Vrandečić <[email protected]> wrote: > Hi Bryan, > > thank you for your patient explanations! They are very appreciated. Thank > you also for approving my request for an OAuth application! > > I still get an error message "Unable to initiate communication with OAuth > provider", and I am trying different things, but so far a bit out of ideas. > > The relevant log lines seem to be this, but I don't see anything useful > here: > > [session] SessionBackend "6s7gpol141hugu9g6q7m7ddi2r0vi51o" data dirty due > to dirty(): > PluggableAuthPrimaryAuthenticationProvider->continuePrimaryAuthentication/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty > > [authentication] Login failed in primary authentication by > PluggableAuthPrimaryAuthenticationProvider > > [session] SessionBackend "6s7gpol141hugu9g6q7m7ddi2r0vi51o" data dirty due > to dirty(): > AuthManagerSpecialPage->handleFormSubmit/AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->continueAuthentication/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty > > [session] SessionBackend "6s7gpol141hugu9g6q7m7ddi2r0vi51o" save: > dataDirty=1 metaDirty=0 forcePersist=0 > > [authevents] Login attempt > > > My guess is that somewhere one of the URLs for callbacks are wrong, I'll > try that next, but in case I am barking up the wrong tree, I would > appreciate hints! Thanks, > > Denny > > On Fri, Apr 23, 2021 at 9:03 AM Bryan Davis <[email protected]> wrote: > >> On Thu, Apr 22, 2021 at 3:46 PM Alex Monk <[email protected]> wrote: >> > >> > The Wikimania wiki is part of the production cluster so gets privileged >> access to the production CentralAuth database. I'm not sure if the prod >> wikis can act as an identity provider for other sites to consume >> > >> > On Thu, 22 Apr 2021 at 19:27, Denny Vrandečić <[email protected]> >> wrote: >> >> >> >> I would love to do the same! Can you point me to your configuration? >> >> >> >> On Wed, Apr 21, 2021 at 9:03 PM billinghurst < >> [email protected]> wrote: >> >>> >> >>> Hi Denny, >> >>> >> >>> As a spam defence for Wikimania, we disallowed local account >> generation, and just leverage WMF's SULs, similarly did the same for >> wikidata-test to great effect. The one thing that we did was to change the >> login link to point to somewhere they could create an account. [1] Great >> success, though not 100% effective against manual spammers, or those that >> trawl. >> >> I believe that the `wsoauth` role in MediaWiki-Vagrant can do what >> Denny is looking for. That role provisions >> <https://www.mediawiki.org/wiki/Extension:WSOAuth> and configures it >> to use a shared OAuth grant which works for local testing at a >> "http://dev.wiki.local.wmftest.net"; host >> (< >> https://meta.wikimedia.org/wiki/Special:OAuthManageConsumers/20c96d141c4ac5bea4fadd6824f6ebda >> >). >> Beyond using `vagrant roles enable wsoauth`, a Cloud VPS hosted >> MediaWiki-Vagrant wiki would need to apply for a new OAuth grant that >> contains the callback URL of the hosted wiki >> (<https://<something>.wmcloud.org/...>) and then add the OAuth key and >> secret values for the new grant to the local MediaWiki-Vagrant's hiera >> configuration. This might look something like: >> >> $ vagrant role enable wsoauth >> $ vagrant hiera role::wsoauth::oauth_key "the key for the new grant" >> $ vagrant hiera role::wsoauth::oauth_secret "the secret for the new >> grant" >> $ vagrant provision >> >> Bryan >> -- >> Bryan Davis Technical Engagement Wikimedia Foundation >> Principal Software Engineer Boise, ID USA >> [[m:User:BDavis_(WMF)]] irc: bd808 >> >> _______________________________________________ >> Wikimedia Cloud Services mailing list >> [email protected] (formerly [email protected]) >> https://lists.wikimedia.org/mailman/listinfo/cloud >> >
_______________________________________________ Wikimedia Cloud Services mailing list [email protected] (formerly [email protected]) https://lists.wikimedia.org/mailman/listinfo/cloud
