On Thu, Apr 22, 2021 at 3:46 PM Alex Monk <krenair(a)gmail.com> wrote:
The Wikimania wiki is part of the production cluster so gets privileged access to the
production CentralAuth database. I'm not sure if the prod wikis can act as an identity
provider for other sites to consume
On Thu, 22 Apr 2021 at 19:27, Denny Vrandečić <dvrandecic(a)wikimedia.org> wrote:
>
> I would love to do the same! Can you point me to your configuration?
>
> On Wed, Apr 21, 2021 at 9:03 PM billinghurst <billinghurstwiki(a)gmail.com>
wrote:
>>
>> Hi Denny,
>>
>> As a spam defence for Wikimania, we disallowed local account generation, and just
leverage WMF's SULs, similarly did the same for wikidata-test to great effect. The one
thing that we did was to change the login link to point to somewhere they could create an
account. [1] Great success, though not 100% effective against manual spammers, or those
that trawl.
I believe that the `wsoauth` role in MediaWiki-Vagrant can do what
Denny is looking for. That role provisions
<https://www.mediawiki.org/wiki/Extension:WSOAuth> and configures it
to use a shared OAuth grant which works for local testing at a
"http://dev.wiki.local.wmftest.net" host
(<https://meta.wikimedia.org/wiki/Special:OAuthManageConsumers/20c96d141c4ac5bea4fadd6824f6ebda>).
Beyond using `vagrant roles enable wsoauth`, a Cloud VPS hosted
MediaWiki-Vagrant wiki would need to apply for a new OAuth grant that
contains the callback URL of the hosted wiki
(<https://<something>.wmcloud.org/...>) and then add the OAuth key and
secret values for the new grant to the local MediaWiki-Vagrant's hiera
configuration. This might look something like:
$ vagrant role enable wsoauth
$ vagrant hiera role::wsoauth::oauth_key "the key for the new grant"
$ vagrant hiera role::wsoauth::oauth_secret "the secret for the new grant"
$ vagrant provision
Bryan
--
Bryan Davis Technical Engagement Wikimedia Foundation
Principal Software Engineer Boise, ID USA
[[m:User:BDavis_(WMF)]] irc: bd808