BearerTokenResponse.php: Method MediaWiki\Extensions\OAuth\Entity\AccessTokenEntity::__toString() must not throw an exception, caught Lcobucci\JWT\Signer\Key\FileCouldNotBeRead: The path "" does not contain a valid key file
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	MarkusRost
	May 30 2021, 21:37

Description

I'm trying to add an oauth2 flow for my Discord bot, but I'm running into an internal server error (HTTP 500) when trying to get an access token with the code from /oauth2/authorize and my client secret.

Extension page: Extension:OAuth (Developer guide)
Oauth application: Wiki-Bot

https://meta.miraheze.org/w/rest.php/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fsettings.wikibot.de%2Foauth%2Fmw&client_id=a77984181bcec97ec924f04ea9f9e141&state=miraheze-1234somecode

got.post( 'https://meta.miraheze.org/w/rest.php/oauth2/access_token', {
	form: {
		grant_type: 'authorization_code',
		code: searchParams.get('code'),
		redirect_uri: 'https://settings.wikibot.de/oauth/mw',
		client_id: 'a77984181bcec97ec924f04ea9f9e141',
		client_secret: process.env['oauth-miraheze-secret']
	}
} )

(note that https://settings.wikibot.de/oauth/mw is currently redirecting to http://localhost:8080/ for testing purposes.)

I don't know if that helps, but here are the x-request-id and x-varnish of an example request ending in HTTP 500.

x-request-id: 'ff6fc4725ca64a68190f094a',
x-varnish: '104566589',

Event Timeline

MarkusRost created this task.May 30 2021, 21:37

Herald added subscribers: Unknown Object (User), RhinosF1, Reception123. · View Herald TranscriptMay 30 2021, 21:37

RhinosF1 added a project: Production Error.May 30 2021, 21:52

RhinosF1 renamed this task from Internal server error when trying to get an oauth2 access token to PHP Fatal Error from /srv/mediawiki/w/extensions/OAuth/vendor/league/oauth2-server/src/ResponseTypes/BearerTokenResponse.php: Method MediaWiki\Extensions\OAuth\Entity\AccessTokenEntity::__toString() must not throw an exception, caught Lcobucci\JWT\Signer\Key\FileCouldNotBeRead: The path "" does not contain a valid key file.May 30 2021, 21:58

I think we need to set $wgOAuth2PrivateKey & $wgOAuth2PublicKey

RhinosF1 triaged this task as Normal priority.May 30 2021, 22:16

RhinosF1 added projects: Extensions, Configuration, MediaWiki (SRE).

Herald added a project: Universal Omega. · View Herald TranscriptMay 30 2021, 22:16

Herald added a subscriber: NDKilla. · View Herald Transcript

Redmin moved this task from Backlog to Deployed Extension Bugs on the Extensions board.May 31 2021, 05:49

Unknown Object (User) moved this task from Backlog to Short Term on the MediaWiki (SRE) board.Jun 2 2021, 10:38

Unknown Object (User) moved this task from Unsorted to Short Term on the Universal Omega board.

@Reception123: can you please look into T7386#147373?

Herald added a subscriber: Bukkit. · View Herald TranscriptJun 28 2021, 17:01

Redmin removed a project: Extensions.Jun 28 2021, 17:48

In T7386#151676, @Universal_Omega wrote:

@Reception123: can you please look into T7386#147373?

Yes, it would be nice if we could figure out how to test this out on test3 so we can try setting those two variables and see if that fixes it for sure. I say that because when I tried to access the link above I'm getting a different error:

PHP Fatal Error: Interface 'League\OAuth2\Server\Repositories\ClaimRepositoryInterface' not found
from /srv/mediawiki/w/extensions/OAuth/src/Repository/ClaimStore.php(12)
#0 [internal function]: MWExceptionHandler::handleFatalError()
#1 {main}

In T7386#151996, @Reception123 wrote:
In T7386#151676, @Universal_Omega wrote:

@Reception123: can you please look into T7386#147373?

Yes, it would be nice if we could figure out how to test this out on test3 so we can try setting those two variables and see if that fixes it for sure. I say that because when I tried to access the link above I'm getting a different error:
PHP Fatal Error: Interface 'League\OAuth2\Server\Repositories\ClaimRepositoryInterface' not found
from /srv/mediawiki/w/extensions/OAuth/src/Repository/ClaimStore.php(12)
#0 [internal function]: MWExceptionHandler::handleFatalError()
#1 {main}

I don't know why there is now a user facing error on meta with the url, but using the same url on test3 redirects the user correctly but my app still gets the 500 error this task is about when trying to fetch the token.

What has worked for me on testwiki.wiki is to generate a key following the instructions listed at https://gist.github.com/ygotthilf/baa58da5c3dd1f69fae9 and then set $wgOAuth2PrivateKey & $wgOAuth2PublicKey to the paths to those newly generated files.

In T7386#153460, @MacFan4000 wrote:

What has worked for me on testwiki.wiki is to generate a key following the instructions listed at https://gist.github.com/ygotthilf/baa58da5c3dd1f69fae9 and then set $wgOAuth2PrivateKey & $wgOAuth2PublicKey to the paths to those newly generated files.

So did you just set it like $wgOAuth2PrivateKey = '/directory/name.key' and $wgOAuth2PublicKey = '/directory/name.key.pub'?

In T7386#153773, @Reception123 wrote:

In T7386#153460, @MacFan4000 wrote:

What has worked for me on testwiki.wiki is to generate a key following the instructions listed at https://gist.github.com/ygotthilf/baa58da5c3dd1f69fae9 and then set $wgOAuth2PrivateKey & $wgOAuth2PublicKey to the paths to those newly generated files.

So did you just set it like $wgOAuth2PrivateKey = '/directory/name.key' and $wgOAuth2PublicKey = '/directory/name.key.pub'?

Yes

After all this time it should finally be fixed. I'm once again sorry for the delay.