We try to generate a owner-only consumer registration, but it fails with the error attached.
Wasnt able to find any documentation about the key file?
[16597c234d997bb55b95091f] /mediawiki/index.php/Special:OAuthConsumerRegistration/propose Lcobucci\JWT\Signer\Key\FileCouldNotBeRead from line 14 of /var/lib/mediawiki-1.35.4/extensions/OAuth/vendor/lcobucci/jwt/src/Signer/Key/FileCouldNotBeRead.php: The path "" does not contain a valid key file
Fix:
openssl genrsa -out oauth.key 2048
openssl rsa -in oauth.key -pubout -out outh.cert
$wgOAuth2PrivateKey = "/oauth/oauth.key"
$wgOAuth2PublicKey = "/oauth/outh.cert"
Hello, I am having the same problem but can not get it work using the fix... It is giving an error saying can not find the key file, what is the absolute path I should use for "oauth.key" and "outh.cert"? I tried to put them under the wiki main folder, or the OAuth folder, or public_html, none of them worked. Could you share more info about how to fix this?
Appreciate it! Thank you!
Perhaps this issue and its resolution would assist you. Note that the permissions and owner/group of the file must be such that it can be accessed by the web server user (and some things like SSL require that the secret part be set 600, i.e. only owner-readable, because they are meant to be private - don't know if that applies here).
Most of the documentation assumes you are using the simpler SHA-1 based secrets, not public keys.
Special:OAuthConsumerRegistration/propose says:
Please provide a public RSA key (in PEM format) if possible; otherwise a (less secure) secret token will have to be used.
If you are not familiar with how to use RSA keys, you are probably better off not using them (just leave the box empty); the security advantages are not that large. The description should probably be improved to say so (even better would be to have a radio box for RSA vs. hash and only show the textbox when the first option is selected).
"If you are not familiar with how to use RSA keys, you are probably better off not using them"
Let's assume for the moment that i'm intelligent enough to understand it.
Can you answer the questions?
I used PuTTYgen to generate a pair-- can i use that pair?
The site i'm building requires the strongest available security, as the site may be targeted by hackers.
I don't think PuTTY supports PEM but it's been a long time since I last used it.
Is this output good for OAuth?
puttygen ppkkey.ppk -O private-openssh -o pemkey.pem
If it's an RSA key in PEM format, it should work. You can generate other kinds of keys with PuTTY so check your settings.
Ok. Where do i put the private key? In the API call?
Or, in the login? API:Login#The login action
You need to sign the API requests with it. That's not something you want to do by hand; there are bunch of OAuth 1 libraries around. The doc page has an example (using oauthclient-php); the relevant part is starting at $api_req = OAuthRequest::from_consumer_and_token.
thx, but that's server-side php.
i want to do the API calls in javascript, from the client.
Well, the idea is the same, you just need a different library. You could use ddo/oauth-1.0a for example.
I just want to note that the http://oauthbible.com/ is a link rot now.
Fatal error: Uncaught UTRSValidationException: There were errors processing your unblock appeal: UserID not set from database while attempting to check logged in status. in /usr/utrs/production/public_html/src/unblocklib.php:67 Stack trace: #0 /usr/utrs/production/public_html/loginsplash.php(8): loggedIn() #1 {main} thrown in /usr/utrs/production/public_html/src/unblocklib.php on line 67
What can I do?
You should contact the maintainers of UTRS. Your error appears to have nothing to do with this page, or this extension at all.
The page says
"The option "owner-only" has to be checked."
It's stated right after 2 or 3 scenarios. Under which scenario?
Well, this page is about owner-only consumers so all scenarios discussed on the page apply.
i've edited the page to be clearer.
Since "The option "owner-only" has to be checked" was previously inside parens with the comments about wiki-farms and Wikimedia, that indicated that "The option "owner-only" has to be checked" applies only to wiki-farms and Wikimedia.
But, according to you, it doesn't apply only to wiki-farms and Wikimedia, it applies to any wiki. So, it was misleading as written.
Tho i'm still unclear about exactly which part of the process is done at central wiki of the farm or meta:Special:OAuthConsumerRegistration/propose.
Special:OAuthConsumerRegistration/propose only exists on the central wiki of the farm (in the case of the Wikimedia wikifarm, that's Meta). I've tried to make that clearer, let me know if it helps.
The way it's currently written, it sounds like Special:OAuthConsumerRegistration/propose must be used in all cases, even on stand-alone wikis. Is that the intended meaning?
