Last modified: 2014-11-16 00:48:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T74469, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 72469 - OAuth: Authorisation should not fail because you don't have an account on central wiki


Summary:	OAuth: Authorisation should not fail because you don't have an account on cen...

Status:	NEW

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	OAuth (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	High major (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Duplicates:	72791 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-10-24 04:22 UTC by Dan Garry
Modified:	2014-11-16 00:48 UTC (History)
CC List:	4 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Dan Garry 2014-10-24 04:22:54 UTC

Steps to reproduce:
1) Create a totally new account on the English Wikipedia.
2) Go to https://tools.wmflabs.org/oauth-hello-world/
3) Click "Authorize this application"

Expected result: I am able to authorise the application
Actual result: Error "Unified login needed, E008"

The error is caused because the totally new user doesn't have a local account on mediawiki.org. One is created immediately afterwards, but it's that little bit too late. If you refresh the page showing you the error, it works just fine.

Comment 1 Dan Garry 2014-10-24 04:32:30 UTC

Could we just silently create the user's account if they own the global login for their name? That solution is future-proofed as when the SUL finalisation happens there'll be no edge cases.

Comment 2 Dan Garry 2014-10-24 15:36:41 UTC

(In reply to Dan Garry from comment #1)
> Could we just silently create the user's account if they own the global
> login for their name? That solution is future-proofed as when the SUL
> finalisation happens there'll be no edge cases.

To be precise, I meant to silently create their account the very first time they're directed to mediawiki.org to authorise an application.

Comment 3 Chris Steipp 2014-10-24 15:56:56 UTC

(In reply to Dan Garry from comment #2)
> (In reply to Dan Garry from comment #1)
> > Could we just silently create the user's account if they own the global
> > login for their name? That solution is future-proofed as when the SUL
> > finalisation happens there'll be no edge cases.
> 
> To be precise, I meant to silently create their account the very first time
> they're directed to mediawiki.org to authorise an application.

If they go to mediawiki.org to authorize the app, then they will be autocreated and everything will work.

The issue is that authorization works on any wiki, so the app owner can chose to have their zh users authorize on zhwiki... in which case they don't ever touch mw.o / meta, so they never get autocreated.

Trying to force an autocreation on the central wiki as part of the authorization process is probably possible. We had talked about dropping a hidden iframe on the page and just letting the normal create-on-view process work, but that seemed like a giant hack.

Comment 4 Kunal Mehta (Legoktm) 2014-10-31 18:36:56 UTC

*** Bug 72791 has been marked as a duplicate of this bug. ***

Comment 5 Sage Ross 2014-11-16 00:48:01 UTC

A user ran into this with Quarry at the Community Data Science Workshop I was at today, and it was really confusing trying to clear whatever caches were stopping the user from successfully logging in even after visiting another wiki.

Given that OAuth apps are increasingly often the entry point for new users, this bug really hamstrings OAuth.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links