Re: [Wikitech-l] New 1.27/1.28 login mechanism

Hi! Logging in an user without using the UserLogin form or any other interaction of the user sounds like a SessionProvider for me, instead of an authentication provider. Take a look at: https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager However, I haven't implemented it so far, but you could take a look at some examples, e.g. the OAuth extension: https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/master/api/MWO… (however, as the description says: There're some unusual steps in the execution code, so you shouldn't simply copy it) Another example could be the CentralAuth extension: https://github.com/wikimedia/mediawiki-extensions-CentralAuth/blob/b2d52e1a… I hope that helps! In MediaWiki 1.29 (I think it was 1.29 and not 1.28) we implemented a way to bypass the login page, but that requires that you disable all authentication providers, instead of one, which need to provide a button only, for a redirect to an external page). Best, Florian -----Original-Nachricht----- Betreff: [Wikitech-l] New 1.27/1.28 login mechanism Datum: 2017-01-18T00:20:07+0100 Von: "Aran" <aran(a)organicdesign.co.nz> An: "Wikimedia developers" <wikitech-l(a)lists.wikimedia.org> Hello, I have a login system that extends the AbstractPrimaryAuthenticationProvider and uses an AuthenticationRequest that returns an empty fields array so that the login form is bypassed completely and login is determined by some other environmental parameters. But in 1.27 this does not bypass the login form. What is the proper way I should be making the login page determine login without a login form? Thanks, Aran _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l