Topic on Help talk:OAuth

Oauth2.0 JWT validation

6 comments • 11:09, 30 August 2023 8 months ago
6
Gam3 (talkcontribs)

What key is used to sign the JWT (Bearer Token) returned.

Reply 15:23, 25 June 2023 10 months ago
Tgr (WMF) (talkcontribs)

$wgOAuth2PrivateKey (as noted on the extension page).

Reply Edited 18:43, 25 June 2023 10 months ago
Gam3 (talkcontribs)

That is the question I am asking. What is that variable set to by Wikipedia APi.

Reply 04:00, 27 June 2023 10 months ago
Tgr (WMF) (talkcontribs)

As the variable name might suggest, it's a private key.

Reply 13:24, 27 June 2023 10 months ago
Gam3 (talkcontribs)

And where can I find the public half of that key?

Reply 04:17, 28 June 2023 10 months ago
Tgr (WMF) (talkcontribs)

I don't think we are making it public. You are unlikely to need it, it's used by code that needs to authorize access based on OAuth grants.

In theory it could be made public though - if you have a use case, please file a task to discuss it.

Reply 18:51, 28 June 2023 10 months ago
Reply to "Oauth2.0 JWT validation"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Xkpiurxkgzaxavio"