I am trying to create Single sign-on from Wordpress to MediaWiki. I have WPOauthServer running on my WordPress (Wordpress plugin). And on my wiki I have Extension:OAuth2 Client installed. I want that my users only log in to WordPress and from there they can go to the wiki without logging to wiki again. The WPOauthServer is working fine, I am using the Grant type Authorization Code. I have tested by using curl and I am able to get the authorization code and using the authorization code I can acquire authentication token.
I have a button on my wordpress page with client id:
<a href="https://xxxxxx.de/oauth/authorize?response_type=code&client_id=XXXXXXXXX&state=123">Connect Your Account</a>
When I open the authorization link, I am redirected to the following redirect-URI that was set in client settings at server side:
https://wiki.XXXXXXXXXXXXX.de/wiki/Special:OAuth2Client/callback?code=farkmm4ttuwxnne8a9firwtdikmite788hwpyhzg&state=123
and here I get an internal error:
Fatal exception of type "GuzzleHttp\Exception\RequestException
upon digging i found out that this exception is caused in the extension file AbstractProvider.php in the sendRequest function:
/**
* Sends a request instance and returns a response instance.
*
* @param RequestInterface $request
* @return ResponseInterface
*/
protected function sendRequest(RequestInterface $request)
{
try {
var_dump($request);
$response = $this->getHttpClient()->send($request);
var_dump($response);
} catch (BadResponseException $e) {
$response = $e->getResponse();
}
return $response;
}
the exception is caused in $response = $this->getHttpClient()->send($request);
I think maybe there is something wrong with my request, doing a var_dump on request reveals the following:
/var/www/mediawiki/w/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php:629:
object(GuzzleHttp\Psr7\Request)[278]
private 'method' => string 'POST' (length=4)
private 'requestTarget' => null
private 'uri' =>
object(GuzzleHttp\Psr7\Uri)[279]
private 'scheme' => string 'https' (length=5)
private 'userInfo' => string '' (length=0)
private 'host' => string 'xxxxxxx.de' (length=13)
private 'port' => null
private 'path' => string '/oauth/token/' (length=13)
private 'query' => string '' (length=0)
private 'fragment' => string '' (length=0)
private 'headers' =>
array (size=2)
'Host' =>
array (size=1)
0 => string 'xxxxxx.de' (length=13)
'content-type' =>
array (size=1)
0 => string 'application/x-www-form-urlencoded' (length=33)
private 'headerNames' =>
array (size=2)
'content-type' => string 'content-type' (length=12)
'host' => string 'Host' (length=4)
private 'protocol' => string '1.1' (length=3)
private 'stream' =>
object(GuzzleHttp\Psr7\Stream)[287]
private 'stream' => resource(18, stream)
private 'size' => null
private 'seekable' => boolean true
private 'readable' => boolean true
private 'writable' => boolean true
private 'uri' => string 'php://temp' (length=10)
private 'customMetadata' =>
array (size=0)
empty
The stack trace from apache logs:
Notice: Undefined index: scopes in /var/www/mediawiki/w/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 54, referer: https://XXXXXXerv.de/sso-test/
Stack trace:, referer: https://XXXXXXerv.de/sso-test/
1. {main}() /var/www/mediawiki/w/index.php:0, referer: https://XXXXXXerv.de/sso-test/
2. MediaWiki->run() /var/www/mediawiki/w/index.php:42, referer: https://XXXXXXerv.de/sso-test/
3. MediaWiki->main() /var/www/mediawiki/w/includes/MediaWiki.php:524, referer: https://XXXXXXerv.de/sso-test/
4. MediaWiki->performRequest() /var/www/mediawiki/w/includes/MediaWiki.php:861, referer: https://XXXXXXerv.de/sso-test/
5. SpecialPageFactory::getPage() /var/www/mediawiki/w/includes/MediaWiki.php:255, referer: https://XXXXXXerv.de/sso-test/
6. SpecialOAuth2Client->__construct() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:382, referer: https://XXXXXXerv.de/sso-test/
Notice: Undefined index: scopes in /var/www/mediawiki/w/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 54, referer: https://XXXXXXerv.de/sso-test/
Stack trace:, referer: https://XXXXXXerv.de/sso-test/
1. {main}() /var/www/mediawiki/w/index.php:0, referer: https://XXXXXXerv.de/sso-test/
2. MediaWiki->run() /var/www/mediawiki/w/index.php:42, referer: https://XXXXXXerv.de/sso-test/
3. MediaWiki->main() /var/www/mediawiki/w/includes/MediaWiki.php:524, referer: https://XXXXXXerv.de/sso-test/
4. MediaWiki->performRequest() /var/www/mediawiki/w/includes/MediaWiki.php:861, referer: https://XXXXXXerv.de/sso-test/
5. SpecialPageFactory::executePath() /var/www/mediawiki/w/includes/MediaWiki.php:288, referer: https://XXXXXXerv.de/sso-test/
6. SpecialPageFactory::getPage() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:513, referer: https://XXXXXXerv.de/sso-test/
7. SpecialOAuth2Client->__construct() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:382, referer: https://XXXXXXerv.de/sso-test/
EDIT:
From the stack trace, I realized that scope is not defined in the media wiki client settings in localsettings.php, so after setting the scope I don't get any errors in the apache logs but media wiki still shows internal error Fatal exception of type "GuzzleHttp\Exception\RequestException
Upon more digging, I found out that I was getting a curl: (60) SSL certificate: unable to get local issuer certificate error which I solved by adding the CA Root to my trusted CA for more information see this post
After solving this issue I just needed to correct the following:
$wgOAuth2Client['configuration']['username'] = 'user_login'; // JSON path to username
$wgOAuth2Client['configuration']['email'] = 'user_email'; // JSON path to email
see the answer for implenting SSO from WordPress
