Topic on Extension talk:PluggableAuth

I'm trying to update from MW 1.39.5 to 1.39.6 and am getting the following internal error when trying to log in:

index.php/Special:PluggableAuthLogin TypeError: Argument 1 passed to Jumbojett\OpenIDConnectClient::addScope() must be of the type array, string given, called in /var/www/html/extensions/OpenIDConnect/includes/OpenIDConnect.php on line 199
Backtrace:
from /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(556)
# 0 /var/www/html/extensions/OpenIDConnect/includes/OpenIDConnect.php(199): Jumbojett\OpenIDConnectClient->addScope()
# 1 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(101): MediaWiki\Extension\OpenIDConnect\OpenIDConnect->authenticate()
# 2 /var/www/html/includes/specialpage/SpecialPage.php(701): MediaWiki\Extension\PluggableAuth\PluggableAuthLogin->execute()
# 3 /var/www/html/includes/specialpage/SpecialPageFactory.php(1428): SpecialPage->run()
# 4 /var/www/html/includes/MediaWiki.php(316): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
# 5 /var/www/html/includes/MediaWiki.php(904): MediaWiki->performRequest()
# 6 /var/www/html/includes/MediaWiki.php(562): MediaWiki->main()
# 7 /var/www/html/index.php(50): MediaWiki->run()
# 8 /var/www/html/index.php(46): wfIndexMain()
# 9 {main}

Here is what I believe to be the relevant config from LocalSettings.php:

wfLoadExtension( 'PluggableAuth' );
$wgPluggableAuth_Config[] = [
      'plugin' => 'OpenIDConnect',
      'buttonLabelMessage' => 'Example',
      'data' => [
          'providerURL' => 'https://example.com/auth/realms/example',
          'clientID' => getenv('OIDC_CLIENTID'),
          'clientsecret' => getenv('OIDC_CLIENTSECRET')
      ]
];
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_EnableAutoLogin = true;

wfLoadExtension( 'OpenIDConnect' );
$wgOpenIDConnect_MigrateUsersByUserName = true;

wfLoadExtension( 'LDAPProvider' );
$LDAPProviderDomainConfigProvider = function()
{
   $config =
   [
       "LDAP" =>
       [
           "connection" =>
           [
               "server" => "example.com",
               "basedn" => "ou=people,dc=example,dc=com",
               "userbasedn" => "ou=people,ou=system,dc=example,dc=com",
               "searchattribute" => "uid",
               "searchstring" => "USER-NAME",
               "usernameattribute" => "uid",
               "realnameattribute" => "displayName",
               "emailattribute" => "mail",
               "groupbasedn" => "cn=example,ou=secgroups,ou=system,dc=example,dc=com",
               "groupobjectclass" => "groupOfNames",
               "groupattribute" => "member",
               "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory"
           ],
           "authorization" =>
           [
               "rules" =>
               [
                   "groups" =>
                   [
                       "required" => [ "cn=example,ou=secgroups,ou=system,dc=example,dc=com" ]
                   ]
               ]
           ],
       ]
   ];
   return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};

wfLoadExtension( 'LDAPAuthorization' );

Is there anything I should be changing before trying to update?

It looks like you are using a newer version of the jumbojett/openid-connect-php library than is supported. The OpenID Connect composer.json file specifies version 0.9.10, which looks to be compatible. A newer commit adds an array typehint to the addScope() function, causing the error. Did you edit the OpenID Connect composer.json file?

No, I haven't edited the file, and my live copy of the file is using version 0.9.10. Full contents:

{
       "name": "mediawiki/openidconnect",
       "type": "mediawiki-extension",
       "description": "Provides authentication using OpenID Connect in conjunction with PluggableAuth",
       "license": "MIT",
       "authors": [
               {
                       "name": "Cindy Cicalese",
                       "email": "cicalese@mitre.org"
               }
       ],
       "require": {
               "jumbojett/openid-connect-php": "0.9.10",
               "composer/installers": "~1.0|~2"
       },
       "require-dev": {
               "mediawiki/mediawiki-codesniffer": "39.0.0",
               "mediawiki/minus-x": "1.1.1",
               "php-parallel-lint/php-console-highlighter": "1.0.0",
               "php-parallel-lint/php-parallel-lint": "1.3.2"
       },
       "scripts": {
               "test": [
                       "parallel-lint . --exclude vendor --exclude node_modules",
                       "@phpcs",
                       "minus-x check ."
               ],
               "fix": [
                       "minus-x fix .",
                       "phpcbf"
               ],
               "phpcs": "phpcs -sp --cache"
       },
       "extra": {
               "installer-name": "OpenIDConnect"
       },
       "config": {
               "allow-plugins": {
                       "composer/installers": true
               }
       }
}

Nevermind - the deployment is containerized, and I missed that it was pulling the latest release of jumbojett/openid-connect-php in the Dockerfile, overriding individual composer.json files. I'm not exactly sure why it was set up this way (inherited code), but locking the release to v0.9.10 worked. Thanks so much!

That's very strange. When you look at vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php and search for addScope do you see https://github.com/jumbojett/OpenID-Connect-PHP/blob/master/src/OpenIDConnectClient.php#L556 (which I suspect, based on the stack trace, which is the master branch) or https://github.com/jumbojett/OpenID-Connect-PHP/blob/45aac47b525f0483dd4db3324bb1f1cab4666061/src/OpenIDConnectClient.php#L587 (whose line number do not match the stack trace, but it is version 0.9.10). The manifest on packagist agrees with the git hashes for the versions (https://packagist.org/packages/jumbojett/openid-connect-php#v0.9.10).

Ah, our messages crossed. I'm so glad you figured it out!

And now I know I'll need to change the code if I bump the version to the new 1.0.0 release! Thanks!