[00:18:19] [[Tech]]; 2800:200:F5C0:112E:F487:9E83:2BA4:A9CC; /* 54 */ new section; https://meta.wikimedia.org/w/index.php?diff=19814818&oldid=19814415&rcid=14893619 [00:21:18] [[Tech]]; Hasley; Reverted changes by [[Special:Contributions/2800:200:F5C0:112E:F487:9E83:2BA4:A9CC|2800:200:F5C0:112E:F487:9E83:2BA4:A9CC]] ([[User talk:2800:200:F5C0:112E:F487:9E83:2BA4:A9CC|talk]]) to last version by Platonides; https://meta.wikimedia.org/w/index.php?diff=19814823&oldid=19814818&rcid=14893626 [07:01:58] Here's a rather concrete example that I've run into, personally. I have Toolforge access, have been somewhat active on Wikitech and MediaWiki, and yet, I can't send in requests for OAuth setup requests for tools I set up because I don't make a habit of making very many edits on the meta wiki because it's not directly relevant to projects I'm involved with. How does that make sense? [07:19:46] DSquirrelGM: that's T213760 [07:19:47] T213760: Rethink autoconfirmed requirement for OAuth - https://phabricator.wikimedia.org/T213760 [07:25:28] also, I'm not about to go do a number of "trash edits" in some remote corner of that wiki, for obvious reasons [07:48:51] AFAIK you can just edit your userpage [07:50:16] it's already "done" though - that's the thing [12:52:54] [[Tech]]; 2.58.47.147; [none]; https://meta.wikimedia.org/w/index.php?diff=19816136&oldid=19814823&rcid=14895779 [12:53:39] [[Tech]]; Hasley; Reverted changes by [[Special:Contributions/2.58.47.147|2.58.47.147]] ([[User talk:2.58.47.147|talk]]) to last version by Hasley; https://meta.wikimedia.org/w/index.php?diff=19816138&oldid=19816136&rcid=14895782 [17:11:12] Hello, I have problems with ContentTranslation on test.wikipedia.org [17:11:30] I get "Automatic translation failed!" message [17:11:50] Also on Discord server of Serbian Wikipedia some users reported that they can't access to srwiki [17:12:09] <_joe_> Zoranzoki21: known, it should be fixed within minutes, hopefully [17:12:22] <_joe_> (the issues connecting, not the errors on automatic translation) [17:12:57] Yes, automatic translation problems are because of connecting issues surely [17:13:44] All works now, thanks for information! [17:18:50] <_joe_> Zoranzoki21: uh no, they should not, actually [17:19:17] <_joe_> or well, the js there might tell you that [17:19:48] I don't have problems with translating now [17:19:51] :) [17:37:05] hello wikimedia-tech, the host text-lb.esams.wikimedia.org had some important packet loss via IPv6 ~30 minutes ago, now it's back to normal. [17:38:08] Also there is a reddit thread https://old.reddit.com/r/wikipedia/comments/f5bsuw/is_wikipedia_down/ [17:38:52] there was a known issue, mitigations are now in place, thank you for reporting [17:41:50] thanks for the reddit link [17:42:00] you're welcome [19:30:34] tgr|away: thanks for the update on the oauth2 bug. I'm going to try it against wikisource which is on wmf.19 [19:30:42] maybe it will work, at least it will be logged [19:30:56] will report on phabricator [19:33:44] ok well this is interesting. now in response to oauth2 authorize on wikisource.org, I get application connection error -- Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method) [19:34:47] I assume that oauth consumers are not restricted to one wmf site only, right? I didn't specify anything like that in the proposal... [19:35:07] well I put * [19:36:18] ok but oddly, wikisource.org is not in the list in the dropdown on the propose form [19:36:36] * should work on all wikis [19:36:40] I can try en.wikisource.org which is also on wmf.19 [19:36:46] ok [19:38:02] tgr: same result for both 1721811992778729723a2c6493e33831 and c44c83dce6755cad8a53101840cb2c57 [19:38:13] if wikisource.org is not in the dropdown list, that's a bug (although a fairly low-priority one and it's an issue with WikiMap, not the OAuth extension itself) [19:38:22] but shouldn't affect * working [19:38:23] on both wikisource.org and en.wikisource.org [19:38:31] tgr: yeah fair enough, I thought of that too but wasn't sure [19:38:38] same result as in you get client auth failed? [19:38:51] tgr: yes, same client auth failed message [19:39:30] btw I'm using oauth2 cause I want to authenticate from a client-side js app and my understanding is the only way to do that is with oauth2 non-confidental consumer [19:42:45] that would imply you are hitting a code path that had a bug in wmf.18 but was fixed in wmf.19 [19:43:11] ok cool [19:43:12] but I don't see anything like that, the two main changes are T244415 and T244187 and neither seems relevant [19:43:13] T244187: MW OAuth2 doesn't seem to work - https://phabricator.wikimedia.org/T244187 [19:43:13] T244415: Can't use access token generated with owner-only consumer key with OAuth 2.0 - https://phabricator.wikimedia.org/T244415 [19:43:46] tgr: regardless, how can I understand better why that error is happening? [19:44:08] I am not confident enough in my own understanding of oauth2 to be sure I'm doing it right (although I'm using a library for it that seems to be tested) [19:46:25] Hello, I have problems with publishing translation on srwiki [19:47:01] the oauth2 library we are using is apparently not great at indicating why a request has been rejected, even internally :/ [19:47:40] tgr: can you point me to the github code so I can see what ways it gets there in general? [19:47:46] It won't publish translation [19:47:57] Just shows "publishing..." [19:48:37] it's the oauth extension I guess [19:48:57] https://github.com/thephpleague/oauth2-server/search?q=invalidClient&unscoped_q=invalidClient [19:49:02] thanks [19:52:39] tgr: so for oauth2/authorize and response_type=code, I assume that's AuthCodeGrant? [19:53:36] I think that depends on how your consumer is defined [19:53:51] ok [19:54:17] I don't see where the i18n strings are [19:55:05] ah well there is https://github.com/wikimedia/mediawiki-extensions-OAuth/ [19:55:10] i18n happens in the MW wrapper [19:56:27] there are a couple of layers between that and the library but it always traces back to one of the invalidClient calls [19:57:57] yes I see [19:57:57] which are for fairly different things and none of them seem to log or otherwise explain what's going on [19:57:57] I'm trying to figure out how/where it determines which grant type it is [19:57:57] I guess we could just log stack traces on the MediaWiki side... [19:57:57] do you know where that code is? [19:58:50] ok, that's also in mw wrapper apparently [19:58:53] I'm just going to use that repo [20:01:10] https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/de04297fdaf8c30e84dd32166335219827a50e78/src/Rest/Handler/Authorize.php#L204 [20:04:29] looks like response_type=code leads to AuthorizationCodeAuthorization which uses AuthCodeGrant [20:05:21] I wonder if the issue is my asking for scope basic + editpage [20:05:24] I can try leaving scope blank [20:08:04] ok, but AuthCodeGrant only throws invalidClient when redirect_uri is empty, which it isn't in my test code [20:08:23] so it must be AbstractGrant code path [20:37:19] tgr: so I only see two plausible code paths here, one is in getClientEntityOrFail, the other is in validateRedirectUri [20:37:34] in AbstractGrant.php [20:38:18] hmm, I'll try trimming the trailing slash off redirect_uri, actualy [20:39:22] cool, that fixed it, haha [20:39:59] I thought the redirect_uri just had to contain the registered one as a prefix, though [20:59:57] I'm going to add some notes to the phabricator ticket [21:13:38] basically, it looks like I need to use the state parameter [21:14:19] in order to recover state, rather than using a uri prefix [23:20:40] tgr: so I think I've now established that the correct way to handle the oauth2 issue I'm having is to always use the same callback uri and redirect to where I want via saved info stored with the state param [23:20:57] so basically, there's a bug in the sense that you can even request an oauth 2.0 consumer that allows a callback uri prefix [23:29:15] 10 years later, maybe r/wikipedia could switch to the "new" logo... [23:29:39] haha