Have you looked at using OAuth for authentication?
Yes; the modules in use support OAuth but we made a conscious decision to support anonymity. Lack of anonymity can interfere with the operation of the reviewer reputation database.
I'd love to read the background discussion that led to that decision.
Here is the pertinent excerpt:
"I would prefer to have text presented to reviewers anonymously. While we can and do make reputation decisions about particular users, wikipedia editing is generally pseudonymous with little control over identity and password security. There are already tools for addressing user-oriented issues. All of the accuracy review contemplated in the original assignment assumes that review is anonymous so that reviewers can not be influenced by, e.g., commercial loyalties or bribery."
Could you identify which part of MediaWiki's OAuth implementation has unacceptable problems regarding anonymity?
Let me think about that and respond later, please. Upgrading to do that might be more configuration than re-coding.
If you are setting high standards/promises in that regard, your alternative implementation of user authentication will need to be extremely carefully written (as will your entire codebase need very good security auditing).
Hence my request for people to have a look at it. The Python Flask default login system is being used.