We've just deployed https://gerrit.wikimedia.org/r/#/c/102618/
implements the identify method as part of our OAuth handshake with
. This is a much more secure way of using
pseudo-authenticate with OAuth, so everyone can rest easier that their user
names won't be hacked.
As always, let us know if you run into trouble.