Extension talk:GoogleLogin

About this board

Couldn't login by this extension when restricting read for loggued in users

1
196.224.248.26 (talkcontribs)

When $wgGroupPermissions['*']['read'] = false; is enabled the google Login extension is not working

Reply to "Couldn't login by this extension when restricting read for loggued in users"

Couldn't login by the GoogleLogin extension

3
196.224.227.21 (talkcontribs)

Message : The public suffix array file does not exist at the expecte dlocation: /public_html/extensions/GoogleLogin/includes/AllowedDomains/../../publicSuffixArray.php. Have you forgotten to run the updatePublicSuffixArray.php maintenance script to create it?

196.224.227.21 (talkcontribs)

I tried to execute the file updatePublicSuffixArray.php but this doesn't make change

196.224.227.21 (talkcontribs)

Wikimedia version 1.37.1, GoogleLogin version 1.37 PHP version 7.4.29

Reply to "Couldn't login by the GoogleLogin extension"

Managing of allowed domains on wiki is not working

1
Kghbln (talkcontribs)
Reply to "Managing of allowed domains on wiki is not working"
Djkcel (talkcontribs)

Hello,

Does this work with Mediawiki 1.37? I upgraded to 1.37 and it broke, saying:

/wiki/index.php/Special:UserLogin ParseError: syntax error, unexpected 'I,' expecting variable (T_VARIABLE)

I am using latest version of the plugin and PHP 7.4.

Djkcel (talkcontribs)

Never mind, I just saw the thread below and that fixed it. I changed the line

public function expiresAfter(int|\DateInterval|null $time);

to

public function expiresAfter($time);


all good!

Reply to "Mediawiki 1.37 Support"

ParseError due to the use of union type in a single line in a dependency

2
Beautiful Pomegrenate (talkcontribs)

Hello, I'm a newbie. Sorry for any formatting or bad behavior.

I faced the same issue as described here: Topic:Wf2n897r3c3apos6

Since MediaWiki 1.36 stable doesn't support PHP8, the version released for MediaWiki 1.36 shouldn't either, so if you want to make GoogleLogin's latest release work with MediaWiki 1.36, just make this change:

In <wiki-root>/extensions/GoogleLogin/vendor/psr/cache/src/CacheItemInterface.php,

Change the declaration of public function expiresAfter(...); to public function expiresAfter($time); . That's all. It seems to be working good so far for me. Can we patch the included dependency (psr-cache, which now says that it requires PHP >= 8.0 on some package describing website) to make the same change, just for these MediaWiki releases?

174.34.232.98 (talkcontribs)
Reply to "ParseError due to the use of union type in a single line in a dependency"

Some issues with new installation - identification & password login default

4
Nicholaskeown (talkcontribs)

Hi. Thanks for all of your great work with this plugin. I want to share my experience while it is still fresh in my memory and on the back of installing a similar plugin on Wordpress as I think it may be beneficial.

Issues encountered:

Default login still works when clicking "Login with Google":

To reproduce: Enter username and password in login form & click "Login with Google". Expected: Redirect to Google for auth. Actual: logged in using local credentials. Use case: Form saved login details auto-populated but do not wish to login with those credentials or as that user.

Google Auth requires Google+ API:

My recent experience with a Wordpress plugin did not require this and used the email address only for the purpose of identifying a unique user. Is this required due to a limitation in Mediawiki authentication?

"The supplied credentials are not associated with any user on this wiki":

Even though my email address matches my Google email, I am not recognised after authenticating with Google. This suggests that the email address is not the unique identifier or there is some other error I am unaware of? There is nothing that I can see in the documentation to indicate what constitutes identification of a mediawiki user utilising the returned data from Google oauth/API.

Thank you.

Florianschmidtwelzow (talkcontribs)

You're right. The GoogleLoign extension requires the user to have a Google+ account. This is mainly used for account-creation, where the display name of the Google+ account is used as the username of the MediaWiki user. However, I also use the email address from the Google+ response for the login process, which means, that this will also fail, if the user does not have a Google+ account, even if we can get the email from the id_token only. I'm unsure how to proceed here, now, as a change seems to be somewhat a breaking change, that's why I opened task T198439 to track this issue :)

Florianschmidtwelzow (talkcontribs)

Ok, the task I mentioned above is resolved now, which removes the need of the profile scope (which should also remove a user to need a Google+ account).

To the other things:

> Default login still works when clicking "Login with Google":

This is part of the auto-configuration of GoogleLogin. When you enter the username and password, these credentials takes precendence over the GoogleLogin button click. Now when I think about it, that doesn't really makes sense, as the button click on the GoogleLogin button should take precedence in this case. I'll change the behaviour of the auto-configuration :) However, for now, you can change that yourself by manually adding the GoogleLogin auth provider to the authmanager config, just by adding the following code to your LocalSettings.php:

$wgAuthManagerAutoConfig['primaryauth'] += [ 'GoogleLogin\\Auth\\GooglePrimaryAuthenticationProvider' => [
	'class' => 'GoogleLogin\\Auth\\GooglePrimaryAuthenticationProvider',
	'sort' => 1
] ];

See task T199999

> "The supplied credentials are not associated with any user on this wiki":

Currently, GoogleLogin matches the userId of a MediaWiki account with the Google account ID instead of using the e-mail address. I created task T200000 so we can think about matching users by e-mail, too :) Let's see, what's the feedback there is :)

CThompson520 (talkcontribs)

This was the key for me - on the patch page there were the following notes:

* The E-Mail address returned from Google needs to be the E-Mail in the MediaWiki account to match

* The E-Mail address returned from Google must not be assigned to multiple MediaWiki accounts

* The MediaWiki account e-mail address needs to be verified

The 3rd one was what was getting me - once I authenticated emails, it worked. You can do this manually directly against the database like this:

UPDATE mw_user SET user_email_authenticated = '20210907204043' WHERE user_email_authenticated IS NULL;

The "mw_" before user is just the value set in $wgDBprefix. That varchar value that is being updated is just the date in "YmdHis" format, so you could set it to the time you were running the query. Backup your database first, and potentially just try a single user account to start with!

Reply to "Some issues with new installation - identification & password login default"

The supplied credentials are not associated with any user on this wiki. (1.33)

3
125.236.194.84 (talkcontribs)

Hi Florian,

These are my wiki specs below:

Product Version
MediaWiki] 1.33.0
7.2.19-0ubuntu0.18.04.2 (apache2handler)
5.7.27-0ubuntu0.18.04.1

And I'm trying to enable Authoritative Mode for Google Login as described here. This is what I currently have in my LocalSettings.php:

$wgGLSecret = '-';
$wgGLAppId = '-';
$wgGLAllowedDomains = array( 'url.com' );
$wgGLAllowedDomainsStrict = 'true';
$wgWhitelistRead = array( 'Special:GoogleLoginReturn' );
$wgGLAuthoritativeMode = 'true';
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgUserrightsInterwikiDelimiter = "%";
$wgInvalidUsernameCharacters = "%";$wgShowExceptionDetails = 'true';

But when I try and log in with Google, it simply states the supplied creds are not associated with any user - which I expect but am I wrong in thinking that because I have authoritative mode enabled - it should then automatically create the new account since its not linked with a local mediawiki account?


Keen to hear your thoughts.

Florianschmidtwelzow (talkcontribs)

Hi,

are you using the REL1_33 release branch of Google Login? If so, this version does not support the authoritative mode. You would need to download a new copy of GoogleLogin using the latest development version "master" in order to get this feature :-)

Best, Florian

CThompson520 (talkcontribs)

This was the key for me - on the patch page there were the following notes:

* The E-Mail address returned from Google needs to be the E-Mail in the MediaWiki account to match

* The E-Mail address returned from Google must not be assigned to multiple MediaWiki accounts

* The MediaWiki account e-mail address needs to be verified

The 3rd one was what was getting me - once I authenticated emails, it worked. You can do this manually directly against the database like this:

UPDATE mw_user SET user_email_authenticated = '20210907204043' WHERE user_email_authenticated IS NULL;

The "mw_" before user is just the value set in $wgDBprefix. That varchar value that is being updated is just the date in "YmdHis" format, so you could set it to the time you were running the query. Backup your database first, and potentially just try a single user account to start with!

Reply to "The supplied credentials are not associated with any user on this wiki. (1.33)"

Internal Error when trying to log in with Google Account

1
Summary by LC Henry

Resolved by updating to PHP8

LC Henry (talkcontribs)

I am getting the following error when I try to login with a google account. Not quite sure what went wrong. Googling doesn't seem to have given me any good answers.


Internal Error

[4b497c88a9e2a00cf549c682] /index.php?title=Special:UserLogin&returnto=Main+Page ParseError: syntax error, unexpected '|', expecting variable (T_VARIABLE) Backtrace: from /var/www/mediawiki/extensions/GoogleLogin/vendor/psr/cache/src/CacheItemInterface.php(104)

  1. 0 /var/www/mediawiki/vendor/composer/ClassLoader.php(322): Composer\Autoload\includeFile()
  2. 1 [internal function]: Composer\Autoload\ClassLoader->loadClass()
  3. 2 /var/www/mediawiki/extensions/GoogleLogin/vendor/google/auth/src/Cache/Item.php(25): spl_autoload_call()
  4. 3 /var/www/mediawiki/vendor/composer/ClassLoader.php(444): include(string)
  5. 4 /var/www/mediawiki/vendor/composer/ClassLoader.php(322): Composer\Autoload\includeFile()
  6. 5 [internal function]: Composer\Autoload\ClassLoader->loadClass()
  7. 6 /var/www/mediawiki/extensions/GoogleLogin/vendor/google/auth/src/Cache/MemoryCacheItemPool.php(54): spl_autoload_call()
  8. 7 /var/www/mediawiki/extensions/GoogleLogin/vendor/google/auth/src/Cache/MemoryCacheItemPool.php(43): Google\Auth\Cache\MemoryCacheItemPool->getItems()
  9. 8 /var/www/mediawiki/extensions/GoogleLogin/vendor/google/apiclient/src/AccessToken/Verify.php(184): Google\Auth\Cache\MemoryCacheItemPool->getItem()
  10. 9 /var/www/mediawiki/extensions/GoogleLogin/vendor/google/apiclient/src/AccessToken/Verify.php(100): Google\AccessToken\Verify->getFederatedSignOnCerts()
  11. 10 /var/www/mediawiki/extensions/GoogleLogin/vendor/google/apiclient/src/Client.php(793): Google\AccessToken\Verify->verifyIdToken()
  12. 11 /var/www/mediawiki/extensions/GoogleLogin/includes/Auth/GooglePrimaryAuthenticationProvider.php(414): Google\Client->verifyIdToken()
  13. 12 /var/www/mediawiki/extensions/GoogleLogin/includes/Auth/GooglePrimaryAuthenticationProvider.php(55): GoogleLogin\Auth\GooglePrimaryAuthenticationProvider->getVerifiedToken()
  14. 13 /var/www/mediawiki/includes/auth/AuthManager.php(559): GoogleLogin\Auth\GooglePrimaryAuthenticationProvider->continuePrimaryAuthentication()
  15. 14 /var/www/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(374): MediaWiki\Auth\AuthManager->continueAuthentication()
  16. 15 /var/www/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(502): AuthManagerSpecialPage->performAuthenticationStep()
  17. 16 /var/www/mediawiki/includes/htmlform/HTMLForm.php(715): AuthManagerSpecialPage->handleFormSubmit()
  18. 17 /var/www/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(435): HTMLForm->trySubmit()
  19. 18 /var/www/mediawiki/includes/specialpage/LoginSignupSpecialPage.php(320): AuthManagerSpecialPage->trySubmit()
  20. 19 /var/www/mediawiki/includes/specialpage/SpecialPage.php(646): LoginSignupSpecialPage->execute()
  21. 20 /var/www/mediawiki/includes/specialpage/SpecialPageFactory.php(1386): SpecialPage->run()
  22. 21 /var/www/mediawiki/includes/MediaWiki.php(309): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
  23. 22 /var/www/mediawiki/includes/MediaWiki.php(913): MediaWiki->performRequest()
  24. 23 /var/www/mediawiki/includes/MediaWiki.php(546): MediaWiki->main()
  25. 24 /var/www/mediawiki/index.php(52): MediaWiki->run()
  26. 25 /var/www/mediawiki/index.php(45): wfIndexMain()
  27. 26 {main}


My config:

wfLoadExtension( 'GoogleLogin' );

$wgGLSecret = '*****';

$wgGLAppId = '*****.apps.googleusercontent.com';

$wgWhitelistRead = array( 'Special:GoogleLoginReturn' );

$wgGLAllowedDomains = array( '*****.com' );

$wgShowExceptionDetails = true;

$wgInvalidUsernameCharacters = '#€';

$wgGroupPermissions['*']['autocreateaccount'] = true;

Invalid Request - Missing required Parameter: client_id

2
157.130.31.226 (talkcontribs)

Hi - I just installed this extension, ran update on my db, and added the configuration as follows:

<?php
$wgGLSecret = 'MYSECRET';
$wgGLAppId = 'MY CLIENT ID';
$wgGLAllowedDomains = array('mydomain.com');
$wgGLReplaceMWLogin = true;
$wgGLForceKeepLogin = true;
$wgWhitelistRead = array( 'Special:GoogleLogin' );
require_once("$IP/extensions/GoogleLogin/GoogleLogin.php");

And when I click the "Log in with Google" button on the new log in form, I see this from google:

400. That’s an error.

Error: invalid_request

Missing required parameter: client_id

Learn more

Request Details
scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
response_type=code
access_type=online
redirect_uri=http://mydomain.com/index.php?title=Special:GoogleLogin
approval_prompt=auto
client_id=
That’s all we know.

Any ideas?

Florianschmidtwelzow (talkcontribs)

Hi,

please move the configuration under the require_once line, otherwise your configuration in LocalSettings.php will be overwritten by the default configuration :)

Best, Florian

Reply to "Invalid Request - Missing required Parameter: client_id"

Inserting a domain through the interface inserts a row with a blank domain

1
CharlesCivi (talkcontribs)

When I add a new allowed domain through the interface, it inserts a row with a blank domain name, instead of the one I just added.

I then have to go into the DB and update the record with the new domain.

Reply to "Inserting a domain through the interface inserts a row with a blank domain"
Return to "GoogleLogin" page.