Hi,
I am using MediaWiki 1.28.
I want users to authenticate using OpenID Connect so I have deployed the PluggableAuth and OpenID Connect extensions and they are working well.
I also want to provision accounts in my wiki from another system of record using the API and so I have deployed the OAuth extension, created an owner-only OAuth consumer, and have written a PHP client against the API. It too is working well.
The issue is that in order for the PHP client to leverage the API and authenticate using OAuth AND for users to authenticate using OpenID Connect I need to set
$wgPluggableAuth_EnableLocalLogin = true;
If I do not set that then the PHP client cannot authenticate using OAuth.
Have I missed something so that I would not have to enable local login in order for the PHP client to use OAuth to authenticate and leverage the API to provision accounts?
If not, then I am satisfied with the solution I have except for the user login experience. I want them to click "Log in" but not have to then see the Special:UserLogin page.
My thought is to replace that special page with one I create with a custom extension that extends the SpecialUserLogin class as suggested here:
http://stackoverflow.com/questions/42776926/how-do-you-edit-the-html-for-med...
Is that the simplest and most elegant approach, or is there a cleaner way to "hide" the Username/Password form from users and avoid them having to click twice to start the OpenID Connect flow?
Thanks,
Scott K