Get OpenID extension to a state where it could be used on Wikimedia projects as a provider (tracking)
OpenPublic

Assigned To
None
Priority
Normal
Author
bzimport
Blocks
T61631: Enable Facebook login on Wikimedia wikis
T4007: Tracking bug (tracking)
T25735: Allow different user grouping for OpenID users
T15631: Wikimedia should become an OpenID provider
Blocked By
T59065: E:OpenID does not accept the temporary password when attaching an OpenID to an existing account.
T58660: Use autocreate permission to create new users
T53331: [SUGGESTION] Allow existing users to log in with name/password, new users must use OpenID
T55087: Extension:OpenID is not yet CSP compliant because it still uses of inline CSS
T58254: E-Mail-based whitelist domains for OpenID
T56677: Do account creation checks when creating users
T56512: E:OpenID needs to work with $wgSecureLogin
T56511: E:OpenID as server: OpenIDServer shows a blank content page in case of untrusted $wgOpenIDTrustRoot. Should display a meaningful error message.
T56510: $wgOpenIDServerStoreType and $wgOpenIDConsumerStoreType need to support something other than 'file'
T56509: remove deprecated, deleted functions like DataBase::safeQuery and User::getSkin
T56508: Add a third mode "provider only" to the existing "consumer" and "consumer and provider" modes
T56507: When having a forced provider, disallow adding (converting) further OpenIDs from non-allowed providers: only allow to add the forced provider.
T56506: $wgHideOpenIDLoginLink was not completely renamed to $wgOpenIDHideOpenIDLoginLink
T59579: E:OpenID as consumer: ChangePassword page is shown twice when attaching an OpenID to an existing account using the _temporary_ password
T59578: OpenID: Fix the README file
T56413: Add necessary functions to $wgRedactedFunctionArguments
T59478: MediaWiki as OpenID server: make $wgOpenIDTrustRoot protocol-independent
T48053: [CODE QUALITY] Cleanup ancient un-needed comments and remove superfluous wfDebug statements
T47914: [CODE QUALITY] Refactor the storage of "trust" information in the user properties (use JSON)
T46165: [SUGGESTION] Add extension hooks for OpenID link/unlink
T47308: [BUG] OpenID server log errors $mode and _SESSION
T47304: [GUI] Correct the button message text when converting OpenID (must be "converting" or "adding", not "Login")
T48617: [IMPROVEMENT] Add a Special:OpenIDAdminAccountCreation page to allow account creation by admins when the wiki allows account creation for others only through OpenID
T46821: [BUG] OpenID Consumer wiki stalls with blank page for certain OpenID Provider verification error cases (consumer fails to show the provider response message)
T48258: [BUG] E:OpenID when used as Provider does not populate sreg (or ax) fields nickname, email...
T46438: [CODE QUALITY] E:OpenId still contains several header() statements. Check, what can be improved by correct methods.
T46416: OpenID: when logging in as "Name" with wiki/Special:OpenIDServer/id , the OpenID should be restamped to wiki/User:Name
T46353: [SUGGESTION] Login page doesn't respect $wgSecureLogin
T36357: [SEVERE DESIGN PROBLEM] OpenID-created account owners cannot set their e-mail address and/or reset their password when the account lacks an e-mail address or password - race condition
T46293: [BUG] OpenID URLs are invalid when $wgServer is relative
T19637: Implement memcached store for OpenID extension
T20528: [GUI] Disable login button submit function on the provider picker page until something is entered as username
T5060: Support OpenID Authentication within Mediawiki
T2057: Single login (Unified login) on all wikimedia projects
Subscribers
Meno25, Ricordisamoa, Sj and 13 others
Projects
Tokens
"Like" token, awarded by Nemo_bis.
Security
None
Reference
bz9604
Description

Author: anon.hui

Description:
According to, T5060: Support OpenID Authentication within Mediawiki and T2057: Single login (Unified login) on all wikimedia projects, this extension would be great and help T2057 to be partially fixed.

OpenID is an distributed open Single-Sign-On System targeted on forums, wikis,
weblogs etc.

The extension is available at rEOID extension-OpenID

The documentation is at:
http://www.mediawiki.org/wiki/Extension:OpenID

See Also: T15631: Wikimedia should become an OpenID provider

bzimport set Reference to bz9604.
bzimport created this task.Via LegacyApr 17 2007, 10:56 AM
bzimport added a comment.Via ConduitApr 17 2007, 4:28 PM

ayg wrote:

My understanding is that this will be on the drawing board once the framework
for bug 57 is in place, and it will not be considered before then. Changing
dependency accordingly.

bzimport added a comment.Via ConduitMay 1 2007, 12:54 PM

chtitux wrote:

Well, bug 57 seems unsolvable.
My idea of "How OpenID on Wikipedia should work" :

  • create a sub-domain for hosting OpenID accounts ( eg. id.wikimedia.org)
  • create your openID on id.WM.org
  • link your OpenID and your "local account" (double confirmation, with OpenID

and local accounts)

  • use your OpenID (where you have not a "local account") and your local account

(where you have one)

In fact, your unique OpenID and yours local accounts are attached.

bzimport added a comment.Via ConduitOct 22 2008, 1:58 AM

mike.lifeguard+bugs wrote:

(In reply to comment #2)

Well, bug 57 seems unsolvable.
My idea of "How OpenID on Wikipedia should work" :

  • create a sub-domain for hosting OpenID accounts ( eg. id.wikimedia.org)
  • create your openID on id.WM.org
  • link your OpenID and your "local account" (double confirmation, with OpenID and local accounts)
  • use your OpenID (where you have not a "local account") and your local account (where you have one)

    In fact, your unique OpenID and yours local accounts are attached.

Well, bug 57 has been solved now.

bzimport added a comment.Via ConduitMar 19 2009, 5:16 PM

mike.lifeguard+bugs wrote:

Do we know if the code is ready for use?

Sj added a comment.Via ConduitMay 4 2009, 8:24 PM

Good question. I'd like to be able to use my WM identity elsewhere.

IAlex added a comment.Via ConduitJun 19 2009, 11:27 AM

Added bug 17637 as dependency for this bug since for now OpenID extension only supports "FileStore" storage, which would need access through NFS.

Betacommand added a comment.Via ConduitAug 7 2009, 7:16 PM

remove shell keyword not ready for shell yet

bzimport added a comment.Via ConduitMay 31 2010, 4:40 PM

ipatrol6010 wrote:

I would say this is good, but we shouldn't give full user privileges because we can't apply account creation blocks as effectively and, as our Wikipedia article says, there is a higher phishing risk. I would suggest limiting the privileges to user, non-autoconfirmed, and give them a username as idusername@providername. Full privileges simply require creating a local username and password.

demon added a comment.Via ConduitFeb 15 2011, 12:49 PM
  • Bug 27428 has been marked as a duplicate of this bug. ***
siebrand added a comment.Via ConduitMay 16 2011, 9:54 AM

Mass maintainer change.

Wikinaut added a comment.Via ConduitMay 28 2011, 8:42 PM

For those who want to test, the present version in trunk (OpenID 0.929-beta) works *very* well. If someone gives me the possibility to install it on a WMF wiki, please let me know.

Wikinaut added a comment.Via ConduitAug 15 2012, 7:33 PM

removed blocker. It does not "block" the Provider property.

Wikinaut added a comment.Via ConduitAug 15 2012, 7:34 PM

see also Wikimedia as OpenID Provider https://bugzilla.wikimedia.org/show_bug.cgi?id=13631

Parent5446 added a comment.Via ConduitAug 16 2012, 1:24 PM

(In reply to comment #8)

I would say this is good, but we shouldn't give full user privileges because we
can't apply account creation blocks as effectively and, as our Wikipedia
article says, there is a higher phishing risk. I would suggest limiting the
privileges to user, non-autoconfirmed, and give them a username as
idusername@providername. Full privileges simply require creating a local
username and password.

Are these limitations still applicable? If so why? (I cannot seem to find the article mentioned explaining why.)

kaldari added a comment.Via ConduitJan 29 2013, 9:51 PM

There's currently a proposal on the English Wikipedia village pump to turn on OpenID. Is there any reason (technical or practical) that this wouldn't be feasible?

Wikinaut added a comment.Via ConduitJan 29 2013, 10:20 PM

(In reply to comment #16)

There's currently a proposal on the English Wikipedia village pump to turn on
OpenID. Is there any reason (technical or practical) that this wouldn't be
feasible?

I am currently working on an improved version, so an implementation should wait until the new version is code reviewed and committed (perhaps in 2 weeks).

Parent5446 added a comment.Via ConduitJan 29 2013, 10:32 PM

Also, there are a number of open bugs that make E:OpenID in its current form impossible to deploy functionally to WMF.

RyanLane added a comment.Via ConduitJan 30 2013, 6:35 AM

Does the village pump specify as a consumer or a provider? We'll need a designer to fix the UX issues to use it as a consumer. There's a number of bugs in the provider code, though Thomas is working on them.

Wikinaut added a comment.Via ConduitFeb 27 2013, 11:17 PM

assigned to the master

Jdforrester-WMF added a comment.Via ConduitMay 24 2013, 7:57 AM

Making this clearer per comments on bug 13631.

Nemo_bis awarded a token.Via WebDec 12 2014, 8:18 AM
Qgil edited the task description. (Show Details)Via WebMar 12 2015, 9:15 AM
Qgil set Security to None.
Ricordisamoa added a subscriber: Ricordisamoa.Via WebMar 30 2015, 7:19 PM
Aklapper placed this task up for grabs.Via WebApr 26 2015, 12:11 PM

Add Comment