I'm trying to get OAuth working with django, using the scheme outlined at Help:Toolforge/My first Django OAuth tool. When I get to https://spi-tools-dev.toolforge.org/oath/login/mediawiki/, I get the error:
AuthException at /oath/login/mediawiki/
Error: oauth_callback must be set, and must be set to "oob" (case-sensitive)
which is mentioned at OAuth/For_Developers#Authorization. What's not clear is what I'm supposed to do about it.
I think you missed the part wikitech:Help:Toolforge/My first Django OAuth tool#Adding OAuthin the instructions where you were supposed to check the 'Allow consumer to specify a callback in requests and use "callback" URL above as a required prefix.' checkbox when creating your grant. Using 'oob' for the 'oauth_callback' parameter is done when the grant contains the exact callback to be used. social_django does not work in this mode.
Hmmm. I just made a new key which has that checked, but now I'm getting:
Error: oauth_callback must be set, and must be set to "oob" (case-sensitive), or the configured callback must be a prefix of the supplied callback.
SOCIAL_AUTH_MEDIAWIKI_CALLBACK = 'http://%s.toolforge.org/oauth/complete/mediawiki/' % TOOL_NAME seems to be incorrectly using http protocol.
Ah, that did it. Thanks. I must have gone through the example a half dozen times comparing it to my code and never noticed that. Sometimes a fresh set of eyes is what you need. But, if the MW OAuth setup always requires the "Allow consumer to specify a callback..." option to be checked, why is it even offered as an option? Or, at least have the registration form check it by default? In any case, thanks again for your assistance.
> But, if the MW OAuth setup always requires the "Allow consumer to specify a callback..." option to be checked, why is it even offered as an option?
The "requires" part is about the client (in this case social_django), not anything on the MediaWiki side of this.
I found one more thing I did wrong! When I registered, I ignored the "Applicable project: All is fine" advice. I figured I would do the conservative thing and restrict this to just enwiki. Turns out, that was a bad move. This led to errors of the form:
AuthException at /oauth/complete/mediawiki/
An error occurred while trying to read json content: Not enough segments
Digging through the social-auth code, this comes from the "OOB" code path, where it's trying to dig the credential out of an embedded POST form, instead of parsing them out of the URL query string. This had me banging my head on the wall for a while. Eventually, I poked around and found some other tools that used social-auth, and discovered all of their consumer keys were set up with "*" for the "applicable project".
Anyway, recording all this here for the benefit of the next poor sod who runs into this.
