Talk:OAuth/Owner-only consumers

About this board

Start a new topic
You are not logged in. To receive attribution with your name instead of your IP address, you can log in or create an account.

Obtaining RSA Key?

12 comments • 13:42, 28 December 2023 4 months ago
12
Johnywhy (talkcontribs)

Special:OAuthConsumerRegistration/propose says:

Please provide a public RSA key (in PEM format) if possible; otherwise a (less secure) secret token will have to be used.

  • Where can i obtain a public RSA key?
  • Where do i put the private key?
Reply 08:34, 17 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

If you are not familiar with how to use RSA keys, you are probably better off not using them (just leave the box empty); the security advantages are not that large. The description should probably be improved to say so (even better would be to have a radio box for RSA vs. hash and only show the textbox when the first option is selected).

Reply 11:36, 18 July 2018 5 years ago
Johnywhy (talkcontribs)

"If you are not familiar with how to use RSA keys, you are probably better off not using them"

Let's assume for the moment that i'm intelligent enough to understand it.

Can you answer the questions?

I used PuTTYgen to generate a pair-- can i use that pair?

The site i'm building requires the strongest available security, as the site may be targeted by hackers.

Reply Edited 14:32, 18 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

I don't think PuTTY supports PEM but it's been a long time since I last used it.

Reply 22:37, 18 July 2018 5 years ago
Johnywhy (talkcontribs)
Reply Edited 00:13, 19 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

If it's an RSA key in PEM format, it should work. You can generate other kinds of keys with PuTTY so check your settings.

Reply 08:45, 19 July 2018 5 years ago
Johnywhy (talkcontribs)
Reply Edited 18:29, 19 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

You need to sign the API requests with it. That's not something you want to do by hand; there are bunch of OAuth 1 libraries around. The doc page has an example (using oauthclient-php); the relevant part is starting at $api_req = OAuthRequest::from_consumer_and_token.

Reply 16:20, 20 July 2018 5 years ago
Johnywhy (talkcontribs)

thx, but that's server-side php.

i want to do the API calls in javascript, from the client.

Reply 20:03, 20 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

Well, the idea is the same, you just need a different library. You could use ddo/oauth-1.0a for example.

Reply 10:29, 21 July 2018 5 years ago
Johnywhy (talkcontribs)
Reply 03:04, 22 July 2018 5 years ago
Tgr (WMF) (talkcontribs)
Reply 11:28, 22 July 2018 5 years ago
Reply to "Obtaining RSA Key?"

The path "" does not contain a valid key file

4 comments • 01:26, 30 January 2023 1 year ago
4
Kofl007 (talkcontribs)

We try to generate a owner-only consumer registration, but it fails with the error attached.


Wasnt able to find any documentation about the key file?


[16597c234d997bb55b95091f] /mediawiki/index.php/Special:OAuthConsumerRegistration/propose Lcobucci\JWT\Signer\Key\FileCouldNotBeRead from line 14 of /var/lib/mediawiki-1.35.4/extensions/OAuth/vendor/lcobucci/jwt/src/Signer/Key/FileCouldNotBeRead.php: The path "" does not contain a valid key file

Reply 10:38, 24 November 2021 2 years ago
Kofl007 (talkcontribs)

Fix:


openssl genrsa -out oauth.key 2048

openssl rsa -in oauth.key -pubout -out outh.cert

$wgOAuth2PrivateKey = "/oauth/oauth.key"

$wgOAuth2PublicKey = "/oauth/outh.cert"

Reply 11:54, 24 November 2021 2 years ago
Paulxu20 (talkcontribs)

Hello, I am having the same problem but can not get it work using the fix... It is giving an error saying can not find the key file, what is the absolute path I should use for "oauth.key" and "outh.cert"? I tried to put them under the wiki main folder, or the OAuth folder, or public_html, none of them worked. Could you share more info about how to fix this?

Appreciate it! Thank you!

Reply Edited 01:26, 30 January 2023 1 year ago
Tgr (WMF) (talkcontribs)

Most of the documentation assumes you are using the simpler SHA-1 based secrets, not public keys.

Reply 22:56, 24 November 2021 2 years ago
Reply to "The path "" does not contain a valid key file"

oauthbible.com link rot

2 comments 19:46, 21 September 2020 3 years ago
2
Valerio Bozzolan (talkcontribs)
12:16, 21 September 2020 3 years ago
Tgr (WMF) (talkcontribs)

I guess it's only available on GitHub now. Thanks, updated the link.

19:46, 21 September 2020 3 years ago

Changed user name from Dlohcierekim to Deepfriedokra. Now when I try to log onto UTRS, I get the following message

3 comments • 14:01, 27 August 2019 4 years ago
3
Deepfriedokra (talkcontribs)

Fatal error: Uncaught UTRSValidationException: There were errors processing your unblock appeal: UserID not set from database while attempting to check logged in status. in /usr/utrs/production/public_html/src/unblocklib.php:67 Stack trace: #0 /usr/utrs/production/public_html/loginsplash.php(8): loggedIn() #1 {main} thrown in /usr/utrs/production/public_html/src/unblocklib.php on line 67

What can I do?

Reply 08:09, 27 August 2019 4 years ago
Anomie (talkcontribs)

You should contact the maintainers of UTRS. Your error appears to have nothing to do with this page, or this extension at all.

Reply 11:21, 27 August 2019 4 years ago
Deepfriedokra (talkcontribs) 
Thanks. And how do I reach them?
Reply 14:01, 27 August 2019 4 years ago
Reply to "Changed user name from Dlohcierekim to Deepfriedokra. Now when I try to log onto UTRS, I get the following message"

When is "owner-only" needed?

7 comments • 13:57, 9 July 2018 5 years ago
7
Johnywhy (talkcontribs)

The page says

"The option "owner-only" has to be checked."

It's stated right after 2 or 3 scenarios. Under which scenario?

Reply 05:32, 5 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

Well, this page is about owner-only consumers so all scenarios discussed on the page apply.

Reply 12:16, 5 July 2018 5 years ago
Johnywhy (talkcontribs)

i've edited the page to be clearer.

Since "The option "owner-only" has to be checked" was previously inside parens with the comments about wiki-farms and Wikimedia, that indicated that "The option "owner-only" has to be checked" applies only to wiki-farms and Wikimedia.

But, according to you, it doesn't apply only to wiki-farms and Wikimedia, it applies to any wiki. So, it was misleading as written.

Tho i'm still unclear about exactly which part of the process is done at central wiki of the farm or meta:Special:OAuthConsumerRegistration/propose.

Reply Edited 18:56, 5 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

Special:OAuthConsumerRegistration/propose only exists on the central wiki of the farm (in the case of the Wikimedia wikifarm, that's Meta). I've tried to make that clearer, let me know if it helps.

Reply 23:28, 5 July 2018 5 years ago
Johnywhy (talkcontribs)

The way it's currently written, it sounds like Special:OAuthConsumerRegistration/propose must be used in all cases, even on stand-alone wikis. Is that the intended meaning?

Reply Edited 00:23, 6 July 2018 5 years ago
Tgr (WMF) (talkcontribs)

Yes. A standalone wiki is basically a wikifarm with one wiki :)

Reply 13:59, 6 July 2018 5 years ago
This post was hidden by Johnywhy (history)
Reply to "When is "owner-only" needed?"
There are no older topics
Retrieved from "https://www.mediawiki.org/wiki/Talk:OAuth/Owner-only_consumers"