Hi Brad,

your question needs a clarification:

From the wording of the bug subject I do understand, that you want to run your MediaWiki as "provider only".

This has not yet been foreseen, currently - with the extension included you can chose between "consumer only" and "consumer and provider" modes.

Please let me know, if you really meant and need the "provider only" mode.

Yes, that is exactly what I meant.

Chris can correct me if I'm wrong, but I believe the current plan for WMF wikis is just that: to allow using OpenID for e.g. labs wikis to authenticate against production wikis, but (at least to start with) not to let people use other OpenID providers to log into the WMF production wikis.

Brad, that's correct. I think we were planning to implement that by whitelisting providers, and having no providers on our whitelist.

While whitelisting providers and having none in the whitelist does effectively work, you wind up with non-functional things in the UI as mentioned in comment 0. Those non-functional things should be hideable.

Ideally you could just set something like $wgOpenIDConsumer = false and not have to worry about setting an empty whitelist or anything else at all. And then the confusingly-named $wgOpenIDConsumerAndAlsoProvider could just change to $wgOpenIDProvider.

He, stop it. I will introduce a third value for the variable which is currently (currently not confusingly) named $wgOpenIDConsumerAndAlsoProvider, the name must change, too.

So I understand that you all want to have three modes for a MediaWiki with the E:OpenID:

1 - consumer only
2 - consumer and provider
3 - provider only

mode 3 is not yet implemented. I think, I understand what you want and will implement this.

But I need you ! you helping me to fix this https://gerrit.wikimedia.org/r/#/c/81629/ first. This way is necessary, even when it looks unrelated, I need to get it working.

Clarification request:

What's about having a new switch (replacing $wgOpenIDConsumerAndAlsoProvider) having (new:) FOUR possible values:

$wgOpenIDMode = 'off' | 'consumer' | 'provider' | 'consumer-and-provider'

0 - OpenID extension inactive
1 - consumer only
2 - provider only
3 - consumer and provider

In my view, this can be implemented quite easily, and would make the code more readable and also better to maintain.

By they way, I will also introduce new rights (names not yet finalised):

• can-create-account-with-openid
• can-create-account-without-openid
• can-login-with-openid

see https://gerrit.wikimedia.org/r/#/c/94977/6/OpenID.php .

Any comment is welcome! Please let me know. Here's the linke to the other open bugs https://bugzilla.wikimedia.org/buglist.cgi?component=OpenID&list_id=250013&query_format=advanced&resolution=---&order=bug_id%20DESC&query_based_on= .

Change 94977 had a related patch set uploaded by Wikinaut:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977

Change 94977 had a related patch set (by Wikinaut) published:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977

+++ Important +++

@Ryan, Chris, other reporters:

THIS is what you wanted. My invitation to code-review:
https://gerrit.wikimedia.org/r/#/c/94977/

Code is live on http://openid-wiki.instance-proxy.wmflabs.org/wiki/ .

Special:Version should show you "4.00 20131115"

Please test.
Please code-review.

Change 94977 had a related patch set (by Wikinaut) published:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977

Change 94977 merged by Wikinaut:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977

solved in 4.00 20131122
https://gerrit.wikimedia.org/r/#/c/94977/