Phabricator Link
|
Wiki Link
|
Status
|
Priority
|
Author
|
Assignee
|
Projects
|
Subtasks
|
Parent Tasks
|
T106066
|
T106066: Don't show "Nonce already used" error on memcache failure
|
open
|
Medium (orange)
|
|
|
|
|
|
T156187
|
T156187: Do not require oob when "callback is prefix" checkbox is unset
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T165459
|
T165459: Warn about the possibility of owner-only consumers on action=login
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T170603
|
T170603: API Edit Requires a Captcha, but on Wiki edit does not
|
open
|
Medium (orange)
|
|
|
|
|
|
T212851
|
T212851: Confusing error for OAuth consumers with rollback but not edit grant
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T234120
|
T234120: Database error after installing OAuth extension on wikismadebythepins.ml/community
|
declined
|
Needs Triage (violet)
|
|
|
|
|
|
T238852
|
T238852: Exceptions from MWOAuthSessionProvider are not being thrown for the REST API
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T239523
|
T239523: Discrepancy between local and global email status
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T239940
|
T239940: Security review of OAuth 2.0 patches
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T244185
|
T244185: OAuth logs getting quite a lot bigger
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T244187
|
T244187: MW OAuth2 doesn't seem to work
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T244393
|
T244393: OAuth fails CI due to missing RSA tokens
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T244415
|
T244415: Can't use access token generated with owner-only consumer key with OAuth 2.0
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T244423
|
T244423: jwt.io shows owner-only tokens with an invalid "exp" claim date
|
declined
|
Low (yellow)
|
|
|
|
|
|
T245050
|
T245050: OAuth extension should display clear error messages when the wrong protocol version is used
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T245232
|
T245232: can't use new OAuth2 consumer archiveleaf-test
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T245474
|
T245474: CORS not enabled for OAuth 2.0
|
resolved
|
High (red)
|
|
|
|
|
|
T245475
|
T245475: OAuth 2.0 consumer form is not consistent with implementation
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T245477
|
T245477: OAuth server should provide clear and useful feedback about client errors
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T251280
|
T251280: Add API endpoint to propose a new OAuth consumer
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T251865
|
T251865: OAuth2 authorizing gives an infinite loop between 2 urls
|
resolved
|
High (red)
|
|
|
|
|
|
T252591
|
T252591: REST API endpoints give confusing errors for invalid OAuth2 access tokens
|
open
|
Medium (orange)
|
|
|
|
|
|
T253447
|
T253447: OAuth2 docs seem confused/incomplete
|
open
|
Low (yellow)
|
|
|
|
|
|
T254190
|
T254190: Allow a user to disable an OAuth client
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T254200
|
T254200: Add API endpoint to reset OAuth client secret
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T254911
|
T254911: Investigate how to include private claims in JWTs
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T254948
|
T254948: Security Readiness Review For Enhancements to OAuth Extension
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T254951
|
T254951: Performance review of enhancements to OAuth extension
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T257982
|
T257982: Update the OAuth extension to support the API Portal
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T258548
|
T258548: PHP error "hash_equals(): Expected known_string to be a string, null given" from OAuth ClientEntity.php
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T259042
|
T259042: Document updates to the OAuth extension
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T259043
|
T259043: Write unit tests for new endpoints in the OAuth extension
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T259112
|
T259112: OAuth extension - exchange deprecated methods and functions in the ConsumerSubmitControl class.
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T259114
|
T259114: OAuth extension - remove unused TYPE_PROFILE constant in the Resource class.
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T259342
|
T259342: OAuth extension - remove needsReadAccess function definition from ListClients class.
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T259343
|
T259343: OAuth extension - remove needsWriteAccess function definition from AbstractClientHandler class.
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T259345
|
T259345: OAuth extension - add RequestClient class description
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T260588
|
T260588: Security Readiness Review For Adding Private Claims To OAuth Extension
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T260711
|
T260711: OAuth2 extension - update README.md on $wgRestAPIAdditionalRouteFiles
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T261333
|
T261333: Make Consumer::normalizeValues() give consistent normalized values for null emailAuthenticated timestamp
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T261902
|
T261902: Rename OAuth consumer management endpoints
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T262554
|
T262554: Don't run gadgets on Special:OAuth/authorize
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T262712
|
T262712: Status 405 Method Not Allowed on /oauth2/request/profile with OPTIONS
|
open
|
High (red)
|
|
|
|
|
|
T264058
|
T264058: OAuth extension REST tests must not instantiate a Router
|
resolved
|
High (red)
|
|
|
|
|
|
T264238
|
T264238: Client ID not appearing in details view
|
resolved
|
High (red)
|
|
|
|
|
|
T264457
|
T264457: Client secret shared between clients
|
resolved
|
High (red)
|
|
|
|
|
|
T264514
|
T264514: No documentation on how to set $wgOAuth2PrivateKey and $wgOAuth2PublicKey
|
open
|
Medium (orange)
|
|
|
|
|
|
T264516
|
T264516: Documentation does not mention that OAuth2 does NOT support "use as prefix" option for callback URL
|
open
|
High (red)
|
|
|
|
|
|
T264606
|
T264606: OAuth extension - update unit tests (RequestClientEndpointTest).
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T265075
|
T265075: OAuth 2.0 access tokens have effectively infinite expiration date
|
resolved
|
High (red)
|
|
|
|
|
|
T265190
|
T265190: OAuth extension - unused variable in SpecialMWOAuthManageMyGrants.php
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T265361
|
T265361: OAuth extension - get rid of isAllowed() deprecated method
|
open
|
Low (yellow)
|
|
|
|
|
|
T265362
|
T265362: OAuth extension - update\add logic of userCanSeeSecret() method of Backend\ConsumerAcceptance class.
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T266159
|
T266159: OAuth extension - remove unused $permissionManager variable from ...\src\Control\ConsumerSubmitControl.php.
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T266403
|
T266403: Add `@group OAuth` tag to all tests in OAuth extension
|
resolved
|
High (red)
|
|
|
|
|
|
T266463
|
T266463: OAuth extension - remove unused parameter from userCanSee() methods and methods, calling it.
|
open
|
Medium (orange)
|
|
|
|
|
|
T267755
|
T267755: OAuth extension - REST - show error (rights restrictions) messages instead of an object '{}'
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T268565
|
T268565: Convert OAuth to AbstractSchema
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T269152
|
T269152: OAuth 2.0 refresh tokens expire after 1 minute
|
resolved
|
High (red)
|
|
|
|
|
|
T269502
|
T269502: Invalid timestamp/Failed asserting that $timestamp1 is identical to $timestamp2
|
resolved
|
High (red)
|
|
|
|
|
|
T269880
|
T269880: Unexpected email-not-confirmed error
|
resolved
|
High (red)
|
|
|
|
|
|
T270332
|
T270332: PHP Warning: json_decode() expects parameter 1 to be string, array given
|
resolved
|
High (red)
|
|
|
|
|
|
T270588
|
T270588: OAuth 2.0 error on PHP 7.4
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T270595
|
T270595: Update league/oauth2-server fork, and update in MW Vendor
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T272319
|
T272319: Frequent "Nonce already used" errors in scripts and tools
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T272665
|
T272665: REST API returns invalid access tokens
|
resolved
|
High (red)
|
|
|
|
|
|
T278392
|
T278392: Storage solution for cross-datacenter tokens
|
open
|
Medium (orange)
|
|
|
|
|
|
T279056
|
T279056: OAuth 2 extension problem, included in the Wikibase 1.35 docker-compose
|
declined
|
Needs Triage (violet)
|
|
|
|
|
|
T281834
|
T281834: extensions/OAuth - Use UserGroupManager instead of User group methods
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T282107
|
T282107: Make OAuthToken JSONUnserializable
|
open
|
Low (yellow)
|
|
|
|
|
|
T288268
|
T288268: Update league/oauth2-server fork (>= 8.3.2), and update in MW Vendor
|
progress
|
Needs Triage (violet)
|
|
|
|
|
|
T288837
|
T288837: extensions / OAuth - Replace deprecated CentralIdLookup::factory
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T294015
|
T294015: TypeError: Argument 1 passed to MediaWiki\Extensions\OAuth\Entity\UserEntity::newFromMWUser() must be an instance of User, boolean given, called in /srv/mediawiki/php-1.38.0-wmf.5/extensions/OAuth/src/Repository/ScopeRepository.php on line 79
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T294111
|
T294111: extensions/OAuth - replace the block-related methods
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T59501
|
T59501: Special:OAuth: Output error message of OAuthException in JSON output
|
open
|
Medium (orange)
|
|
|
|
|
|
T87947
|
T87947: Convert OAuth to use extension registration
|
resolved
|
Medium (orange)
|
|
|
|
|
|