Production is currently using mediawiki.org as the central oauth wiki (grants are kept centrally, on a single wiki, so a user can grant a connected app access to all wikis at once, instead of having to authorize each individually).
Since beta doesn't have a mediawikiwiki, developers can register OAuth applications in beta.
Eventually production is planning to use metawiki, but until then, it would be nice to make the exception for labs.
Version: unspecified
Severity: normal
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • csteipp | T61141 Get OAuth working in beta | |||
| Resolved | hashar | T65538 enable SSL/https support again | |||
| Resolved | Krenair | T50501 beta: Get SSL certificates for *.{projects}.beta.wmflabs.org | |||
| Restricted Task |
Change 104666 had a related patch set uploaded by CSteipp:
Central OAuth wiki for Labs (metawiki)
Change 104666 abandoned by Hashar:
Central OAuth wiki for Labs (metawiki)
Reason:
I guess this change is no more needed.
It would be nice to eventually get OAuth working in beta.
Right now deployment.wikimedia.beta.wmflabs.org is the central wiki, but because we have $wgMWOAuthSecureTokenTransfer=true, the OAuth pages redirect to https, which doesn't work in beta. So it's still not possible for anyone to register new applications in beta, which was the overall purpose of my original report.
I updated the title to reflect that.
While the SSL is being sorted out, we could set on beta wgMWOAuthSecureTokenTransfer = false and fill a bug as a reminder to reenable it.
Change 126185 had a related patch set uploaded by CSteipp:
Temporarily allow insecure token trasfer for OAuth
Change 126185 merged by jenkins-bot:
Temporarily allow insecure token trasfer for OAuth
Reminder to reenable secure token transfer is bug 65421. In the meantime, OAuth is working on labs (I'm testing phabricator against it).