Tracking bug for UI support in AuthManager and the special pages which use it.
Description
Event Timeline
The first problem I am running into is how to group AuthRequest objects / form fields. For example, if we have three account creation providers: local password, captcha and facebook, then we probably want to check the captcha on passwords but not on a Facebook login. It is not clear how to do that. Should it be hardcoded into the captcha provider?
On the other side, it will probably make the life of the sitebuilder easier if the Facebook button and the username/password fields do not have to be in the same form element; but that means they are not submitted together and that's not something frontend code can safely decide.
I'm not sure, what extensions we have and how complex modifications they made to the login form, but what about a separation of authproviders. Providers that link to another auth service (e.g. Facebook, Google, Twitter or something else) normally need a button only, are Spam bot protected by the auth service and therefore shouldn't require any additional input (except the keep login checkbox, e.g.). These providers could set a specific class member and should ignore any other form input.
Any other auth provider (CAPTCHA, Token, domain (for LdapAuthentication, e.g.) normaly require any kind of data and checks?
This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!
For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)