You are correct: the redirect_uri parameter should be pointing back to
Special:PluggableAuthLogin. From your example below, it should look
something like:

The redirect_url is computed by the code at [0], which discards all query
parameters. As long as you are being redirected to OIDC from, you should be
fine. If you are being redirected from, however,
the title would be stripped off.

PluggableAuth is redirected from Special:UserLogin to
Special:PluggableAuthLogin by creating the URL at [1] using

Title::newFromText( 'Special:PluggableAuthLogin' )->getFullURL()

and then being redirected to it. Could getFullURL() be generating the URL
in "?title=..." form on your server? Perhaps because of [2]? If so, please
let me know. There would have to be a fix to prevent the title query
parameter from being stripped.



> I am using MediaWiki version 1.27.1 with the OpenID Connect
> extension detailed at
> I have configured the extension and when I click on "Log in" I
> am taken to
> returnto=My+Test%3AMain+Page
> There I click on "Log in with PluggableAuth" and I am
> redirected to the OIDC OP as I expect.
> I noticed, however, that when the extension computes the
> redirect_uri parameter that it includes when it redirects the
> browser to the OP it is
> That surprises me. I would have thought that the redirect_uri
> would be to a page where MediaWiki can consume the
> authorization code that is returned by the OP.
> After I authenticate with the OP it redirects the browser back
> to the redirect_uri with an authorization code and the correct
> state but then MediaWiki just returns a '200 OK' and the main
> page of the wiki.
> It naively appears to me that the redirect_uri being sent to
> the OP is not correct, but I do not see a way to configure the
> extension to override it, and I would not know what value to
> use.
> I appreciate any input people have on what I might be doing
> wrong, or how I can further troubleshoot.
> Thanks,
> Scott K
MediaWiki-l mailing list
To unsubscribe, go to:

Reply via email to