You are correct: the redirect_uri parameter should be pointing back to
Special:PluggableAuthLogin. From your example below, it should look
The redirect_url is computed by the code at , which discards all query
parameters. As long as you are being redirected to OIDC from
https://myserver.org/w/index.php/Special:PluggableAuthLogin, you should be
fine. If you are being redirected from
the title would be stripped off.
PluggableAuth is redirected from Special:UserLogin to
Special:PluggableAuthLogin by creating the URL at  using
Title::newFromText( 'Special:PluggableAuthLogin' )->getFullURL()
and then being redirected to it. Could getFullURL() be generating the URL
in "?title=..." form on your server? Perhaps because of ? If so, please
let me know. There would have to be a fix to prevent the title query
parameter from being stripped.
> I am using MediaWiki version 1.27.1 with the OpenID Connect
> extension detailed at
> I have configured the extension and when I click on "Log in" I
> am taken to
> There I click on "Log in with PluggableAuth" and I am
> redirected to the OIDC OP as I expect.
> I noticed, however, that when the extension computes the
> redirect_uri parameter that it includes when it redirects the
> browser to the OP it is
> That surprises me. I would have thought that the redirect_uri
> would be to a page where MediaWiki can consume the
> authorization code that is returned by the OP.
> After I authenticate with the OP it redirects the browser back
> to the redirect_uri with an authorization code and the correct
> state but then MediaWiki just returns a '200 OK' and the main
> page of the wiki.
> It naively appears to me that the redirect_uri being sent to
> the OP is not correct, but I do not see a way to configure the
> extension to override it, and I would not know what value to
> I appreciate any input people have on what I might be doing
> wrong, or how I can further troubleshoot.
> Scott K
MediaWiki-l mailing list
To unsubscribe, go to: