Page MenuHomePhabricator
Create Task
Maniphest T10855

Allow third-party code to start MediaWiki session
Open, LowPublicFeature
Actions

Description

Author: jeremybuchmann

Description:
Currently, MediaWiki has an AuthPlugin module that allows third-party developers
to easily write an extension to authenticate MediaWiki logins against another
database (like our intranet app). This is wonderful, but it'd be great to be
able to start a MediaWiki session when a user logs in to our app. That way, we
can include a link to our wiki site inside our app and the user doesn't have to
re-enter their username and password...they're already logged in.

I thinking of something like this (pretend this is the authentication code for
our app):

if ($username and $password are valid)
{
  setCookie(our cookie);
  
  // This eventually uses our AuthPlugin subclass which authenticates to our
intranet
  // database
  $mw_session = new MediaWikiSession($username, $password);
  
  // This sets the MW cookie(s) and effectively logs the user into MW
  if ($mw_session)
    $mw_session->startSession();
  else
    ...handle error...
}

Thanks for reading.

Version: unspecified
Severity: enhancement

Details

Reference
bz8855

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 9:31 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz8855.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Feb 1 2007, 11:27 PM
Yurik added a comment.May 19 2007, 4:38 AM

I don't think this is an API issue. Changing to general.

PiRSquared17 added a comment.Jun 10 2014, 1:39 AM

Is this still an issue? Could it be clarified?

Aklapper added a comment.Jul 9 2014, 12:30 PM

PiRSquared17: What kind of clarification do you look for?

Nemo_bis edited projects, added MediaWiki-Core-AuthManager; removed MediaWiki-General.Jul 18 2015, 6:46 PM
Nemo_bis set Security to None.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 18 2015, 6:46 PM
Tgr updated the task description. (Show Details)Aug 27 2015, 6:53 AM
Tgr subscribed.Aug 27 2015, 6:57 AM

I don't think there is anything stopping you from doing that (apart from it not being a very good way to do authentication). You can either set a custom cookie (header, whatever) and use the UserLoadFromSession (or in the future an AuthManager session handler) to set up the session when that is detected, or you can use the API to fetch a login token and set the MediaWiki cookies in your application (that is of course subject to same-domain limitations).

Is this a request for someone to write such an extension? If not, it can be closed IMO.

Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:01 AM
Aklapper removed a subscriber: wikibugs-l-list.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL