Extension talk:OAuth2 Client

I would like (to start) to translate this page. Primerily to understand the topic and secondly - of course - to help other people

BUT: How to start? There ist no "Translation-Button"

Who can help? THX a lot!

Goliath

~~~~

I'd like to translate it, too. Maybe you can ask a translate administrator for help? (see Help:Extension:Translate)

Using the https://github.com/wikimedia/mediawiki-oauthclient-php client I see these in the logs

mod_fastcgi.c.487) FastCGI-stderr:PHP Notice:  Undefined property: stdClass::$key in /public_html/vendor/mediawiki/oauthclient/src/Client.php on line 181

mod_fastcgi.c.487) FastCGI-stderr:PHP Notice:  Undefined property: stdClass::$secret in /public_html/vendor/mediawiki/oauthclient/src/Client.php on line 181

Is this something to be concerned about or is the code just missing the at symbol in front of a $return->key and $return->secret?

Reported to correct page.

I am trying to login to my media wiki from my wordpress. I have WPOauthServer runing on my WordPress (Wordpress plugin). I want that my users only login to wordpress and from there they can go to wiki without loging to wiki again. The server is working fine i have tested by sending curl request and post i am able to get the authentication token.

I have abutton on my wordpress with wikis client id and details:

<a href="[https://XXXXXXX.de/oauth/authorize?response_type=code&client_id=XXXXXXXXX https://XXXXXXX.de/oauth/authorize?response_type=code&client_id=XXXX]&state=123">

When i opne the authorization link, i land on:

https://wiki.XXXXXXXXXXXXX.de/wiki/Special:OAuth2Client/callback?code=farkmm4ttuwxnne8a9firwtdikmite788hwpyhzg&state=123 and here i get a "Fatal exception of type "GuzzleHttp\Exception\RequestException" upon digging i found out that this exception is caused in `AbstractProvider.php` in the sendRequest function in the following line `$response = $this->getHttpClient()->send($request);`

    protected function sendRequest(RequestInterface $request)

    {

        try {

var_dump($request);

            $response = $this->getHttpClient()->send($request);

var_dump($response);

        } catch (BadResponseException $e) {

            $response = $e->getResponse();

        }

        return $response;

    }

I think may be there is something wrong with my request, my request is as follows

/var/www/mediawiki/w/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php:629:

object(GuzzleHttp\Psr7\Request)[278]

  private 'method' => string 'POST' (length=4)

  private 'requestTarget' => null

  private 'uri' =>

    object(GuzzleHttp\Psr7\Uri)[279]

      private 'scheme' => string 'https' (length=5)

      private 'userInfo' => string '' (length=0)

      private 'host' => string 'XXXXXXX.de' (length=13)

      private 'port' => null

      private 'path' => string '/oauth/token/' (length=13)

      private 'query' => string '' (length=0)

      private 'fragment' => string '' (length=0)

  private 'headers' =>

    array (size=2)

      'Host' =>

        array (size=1)

          0 => string 'XXXXXXX.de' (length=13)

      'content-type' =>

        array (size=1)

          0 => string 'application/x-www-form-urlencoded' (length=33)

  private 'headerNames' =>

    array (size=2)

      'content-type' => string 'content-type' (length=12)

      'host' => string 'Host' (length=4)

  private 'protocol' => string '1.1' (length=3)

  private 'stream' =>

    object(GuzzleHttp\Psr7\Stream)[287]

      private 'stream' => resource(18, stream)

      private 'size' => null

      private 'seekable' => boolean true

      private 'readable' => boolean true

      private 'writable' => boolean true

      private 'uri' => string 'php://temp' (length=10)

      private 'customMetadata' =>

        array (size=0)

          empty

i was able to solve this problem and also was able to implement SSO from wordrpess to media wiki using this extension. i have posted my solution here https://stackoverflow.com/questions/55455954/single-sign-on-from-wordpress-to-media-wiki/55494293#55494293

I followed your instructions on the stackoverflow link but I receive the same error as you indicate here.

I am redirected with the same exception.

Was there something else that needed to be done - ie. options that need enabling etc. on the plugin?

Maybe you can share your setup for the LocalSettings.php as well.

I finally got it working with these additional steps - editing my LocalSettings.php; xxxx is my website starting with https://

1. In addition to setting the secret and ID I had to fill in the the configuration parameters with these settings - these are from my site.
2. $wgOAuth2Client['configuration']['authorize_endpoint']     = 'xxxx/oauth/authorize'; // Authorization URL
3. $wgOAuth2Client['configuration']['access_token_endpoint']  = 'xxxx/oauth/token'; // Token URL
4. $wgOAuth2Client['configuration']['api_endpoint']           = 'xxxx/oauth/me?access_token=';
5. $wgOAuth2Client['configuration']['redirect_uri']           = 'xxxx/mediawiki/index.php?title=Special:OAuth2Client/redirect&returnto=Special%3AUserLogin';          
6. $wgOAuth2Client['configuration']['username'] = 'user_login'; // JSON path to username
7. $wgOAuth2Client['configuration']['email'] = 'user_email'; // JSON path to email
8. $wgOAuth2Client['configuration']['scopes'] = 'openid email profile'; //Permissions
9. $wgWhitelistRead = array("Special:OAuth2Client");  

Then I also had to make one code change in .../mediawiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php

protected function fetchResourceOwnerDetails(AccessToken $token)

    {

        $url = $this->getResourceOwnerDetailsUrl($token);

        // Added this line so we can build the url request properly otherwise it didn't append the token to the api_endpoint

        $url = $url . $token;

        $request = $this->getAuthenticatedRequest(self::METHOD_GET, $url, $token);

        return $this->getResponse($request);

    }

After that the plugin worked as expected.

Note on installation of the mediawiki extension I got these composer warnings - I believe they can be safely ignored...

Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.

Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.

Package satooshi/php-coveralls is abandoned, you should avoid using it. Use php-coveralls/php-coveralls instead.

Also I found this link useful in understanding how to use the wordpress plugin: https://wp-oauth.com/docs/how-to/setup-wp-oauth-server-for-single-sign-on-with-wordpress/

And I found you can just add the OAUTH plugin to wordpress from your site's WP admin page - just click the Add Plugins button - or search for "oath" by WP Oauth Server There is no need to get it from their WP OATH website where you can only find the paid version.

I followed your step on the stackoverflow link but I received a new error report when I tried to login my mediawiki(version:1.37).

---

[1905f47f4bb1c705f8784b14] /wiki/Special:OAuth2Client/callback?code=vuwwxrmdpcelvccip6vpebetb5jkjnyybhb3qb8m&state=ZnnN0VgGVbf7JeMBJUS2SUukTHG3rD6q&iframe=break League\OAuth2\Client\Provider\Exception\IdentityProviderException: invalid_request

Backtrace:

from /var/www/wiki-testing/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/GenericProvider.php(216)

#0 /var/www/wiki-testing/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php(649): League\OAuth2\Client\Provider\GenericProvider->checkResponse()

#1 /var/www/wiki-testing/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php(801): League\OAuth2\Client\Provider\AbstractProvider->getResponse()

#2 /var/www/wiki-testing/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php(781): League\OAuth2\Client\Provider\AbstractProvider->fetchResourceOwnerDetails()

#3 /var/www/wiki-testing/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(118): League\OAuth2\Client\Provider\AbstractProvider->getResourceOwner()

#4 /var/www/wiki-testing/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(66): SpecialOAuth2Client->_handleCallback()

#5 /var/www/wiki-testing/includes/specialpage/SpecialPage.php(647): SpecialOAuth2Client->execute()

#6 /var/www/wiki-testing/includes/specialpage/SpecialPageFactory.php(1366): SpecialPage->run()

#7 /var/www/wiki-testing/includes/MediaWiki.php(314): MediaWiki\SpecialPage\SpecialPageFactory->executePath()

#8 /var/www/wiki-testing/includes/MediaWiki.php(930): MediaWiki->performRequest()

#9 /var/www/wiki-testing/includes/MediaWiki.php(564): MediaWiki->main()

#10 /var/www/wiki-testing/index.php(53): MediaWiki->run()

#11 /var/www/wiki-testing/index.php(46): wfIndexMain()

#12 {main}

---

Is this error cause by new version? I have no idea about it.

What exactly is an "api_endpoint"? This language is not used in the oAuth2 specification.

When using outh the users are auto-logged out after some minutes. Clicking the Log in link logs them back in without further ado ...

Any suggestions, whats going on here?

Can this install manually? I have no SSH access and cannot install Composer.

and others?

No, and it will never be.