mw.user.getToken does not support cross domain tokens
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	Jdlrobson
	Dec 30 2013, 10:58 PM

Description

Using a centralauth token it is possible to get a token that is valid on another wiki. This is useful for instance when uploading from English Wikipedia to Wikimedia Commons (MobileFrontend does this)

mw.user.getToken does not support this use case however.

Version: 1.23.0
Severity: enhancement

Details

Reference: bz59149

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:38 AM

• bzimport added a project: MediaWiki-General.

• bzimport set Reference to bz59149.

• bzimport added a subscriber: Unknown Object (MLST).

Jdlrobson created this task.Dec 30 2013, 10:58 PM

Ricordisamoa subscribed.Sep 23 2015, 11:59 PM

Restricted Application added subscribers: Steinsplitter, Aklapper. · View Herald TranscriptSep 23 2015, 11:59 PM

Nemo_bis added a project: OKR-Work.Mar 13 2016, 10:13 AM

DannyS712 added a project: Crosswiki.Dec 16 2019, 9:26 AM

Aklapper removed a subscriber: • wikibugs-l-list.Apr 12 2020, 9:55 AM

This is because the user edit tokens are included in the html response based on the local wiki, and it would be impossible to include the tokens for another domain because there is no access to that User object and you also don't know what other wiki the front-end user will want to make their request to. The solution is to make an api request to get that token (via action=query&meta=tokens) (or CentralAuth's version of mw.ForeignApi will handle it for you automatically in some cases)

mw.user.getToken does not support cross domain tokensClosed, DeclinedPublicActions

Description

Details

Event Timeline

mw.user.getToken does not support cross domain tokens
Closed, DeclinedPublic
Actions