On Tue, 13 Mar 2012 04:50:05 -0800, Petr Bena benapetr@gmail.com wrote:
Hi, it's been almost 4 years since we came with the idea of implementing an OAuth to mediawiki. I think it's time to start. Question now is if it should be a part of core or extension for mediawiki. I myself would rather make it as extension, since there is probably no use for most of installations, except for large wikis.
Quote: OAuth provides a standard protocol to negotiate secure access tokens and to provide third-party tools (web or client) with granular access to private resources. This protocol does not reveal usernames or passwords to the third-party tool. Offering OAuth based authorization on Mediawiki wiki's will increase the reusability of its data and spur the creation of an ecosystem of app's around Mediawiki.
Is there anyone who is willing to help with this? If there is no one interested in this, or no comments, I would start a new extension called OAuth, which only purpose would be to enable this feature in mediawiki.
- We should support more than 'just' OAuth. There are reasons one might want OAuth 1, others might want OAuth 2, someone may come up with a better OAuth 3, or we may come up with a custom auth setup such as Google's application passwords for sites with no ssl. - We need generic code for handling the grouping of permissions that are handed out to applications. - Generic code for revoking applications and specifying new applications. - We need revisions, logs, etc... to all be able to be annotated with information about what application made the change. - We need tools that will allow administrators to block applications and easily and quickly revert large batches of changes made by an application that has gone rogue.
Hence OAuth should really be implemented as a combination of core code an extension.
The code that annotates revisions, etc... should be implemented in core. Along with permissions grouping. The UI for specifying, revoking, blocking, etc... applications. Perhaps an abstract UI for the visuals of what an "Allow" / "Deny" page will look like. Core would then be given a pluggable interface for protocols that allow for authorization of users.
An OAuth1 or OAuth2 extension would then be implemented that implements OAuth using that pluggable interface so that OAuth becomes an option for applications.