Tracking bug for UI support in AuthManager and the special pages which use it.
- Mentioned In
- T30085: RFC: Allow user login with email address in addition to username
T111255: Review login / signup designs by some major sites / frameworks
T110291: Update all extensions to use AuthManager
T110282: Update extensions which are deployed on the Wikimedia cluster to use AuthManager
- Mentioned Here
- T26291: Show Captcha always at top
The first problem I am running into is how to group AuthRequest objects / form fields. For example, if we have three account creation providers: local password, captcha and facebook, then we probably want to check the captcha on passwords but not on a Facebook login. It is not clear how to do that. Should it be hardcoded into the captcha provider?
On the other side, it will probably make the life of the sitebuilder easier if the Facebook button and the username/password fields do not have to be in the same form element; but that means they are not submitted together and that's not something frontend code can safely decide.
I'm not sure, what extensions we have and how complex modifications they made to the login form, but what about a separation of authproviders. Providers that link to another auth service (e.g. Facebook, Google, Twitter or something else) normally need a button only, are Spam bot protected by the auth service and therefore shouldn't require any additional input (except the keep login checkbox, e.g.). These providers could set a specific class member and should ignore any other form input.
Any other auth provider (CAPTCHA, Token, domain (for LdapAuthentication, e.g.) normaly require any kind of data and checks?