Page MenuHomePhabricator
Create Task
Maniphest T123746

[mediawiki-api-base] Add OAuth support
Closed, InvalidPublic
Actions

Description

https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2016-January/000100.html

OAuth support should be added:

If possible, switch to OAuth. This week (1.27.0-wmf.10) "owner-only"

consumers are being rolled out to make this easier for bot operators: log
into your bot account

Related Objects
Search...

StatusSubtypeAssignedTask
 DeclinedNoneT145363 Peachy functionality matchup for Addwiki
 InvalidNoneT123746 [mediawiki-api-base] Add OAuth support

Event Timeline

Addshore created this task.Jan 15 2016, 3:36 PM
Addshore raised the priority of this task from to Needs Triage.
Addshore updated the task description. (Show Details)
Addshore added a project: Addwiki.
Addshore subscribed.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptJan 15 2016, 3:36 PM
Addshore renamed this task from [Addwiki] [mediawiki-api-base] Adapt for "Upcoming BREAKING CHANGE: Changes to login for bots" to [Addwiki] [mediawiki-api-base] Add OAuth support.Jan 15 2016, 3:36 PM
Addshore triaged this task as High priority.
Addshore lowered the priority of this task from High to Medium.
Addshore set Security to None.
Addshore updated the task description. (Show Details)
Addshore moved this task from Incoming to Ready on the Addwiki board.
Addshore added a comment.EditedJan 31 2016, 9:25 PM

Take a look at https://packagist.org/packages/mediawiki/oauthclient
and https://github.com/guzzle/oauth-subscriber
and maybe https://github.com/Stype/mwoauth-php

bd808 subscribed.Jul 5 2016, 11:40 PM
MusikAnimal subscribed.Jul 5 2016, 11:51 PM
Tpt subscribed.Jul 30 2016, 5:50 PM

I've just implemented a basic OAuth support here: https://github.com/Tpt/ia-upload/tree/master/src/IaUpload/OAuth

It may be nice to improve it and move it into an addwiki library or a part of addwiki/mediawikiapi-base

About the overall architecture we have two possible ways:

  • build using an hacky way a MediawikiApi object with a Client that adds the OAuth token and still allow the library user to call method like login() on it.
  • creates an OAuthMediawikiApi that would be only compatible with OAuth authentification and without support for login() and logout. I find this way far cleaner but it may require in order to be properly implemented to move out the login() and logout method from MediawikiApiInterface to a sub-interface only implemented by the no-oauth implementation.
Addshore added a comment.Aug 4 2016, 10:01 AM

@Tpt I think it would make more sense to do it the cleaner way :)
Perhaps MediawikiApi needs to be reworked to accept some kind of Authentication object. One of which would be user & pass and another of which could be OAuth?

Addshore added a project: User-Addshore.Aug 4 2016, 10:01 AM
Tpt added a comment.Aug 4 2016, 12:37 PM

Perhaps MediawikiApi needs to be reworked to accept some kind of Authentication object.

That's definitely something to consider. But an issue is that user&pass authentication is more on the Request/Response level (do a call to action=login) and OAuth is more on the HTTP level (add the relevant header and sign the messages).

So, if we want to use the Guzzle OAuth middleware, going in this direction would require to change the Client stack used by MediawikiApi class when a possible "OAuthAuthentication" instance is given.

Addshore added a parent task: T145363: Peachy functionality matchup for Addwiki.Sep 12 2016, 7:57 AM
Addshore renamed this task from [Addwiki] [mediawiki-api-base] Add OAuth support to [mediawiki-api-base] Add OAuth support.Sep 12 2016, 8:00 AM
Danmichaelo subscribed.Dec 29 2016, 6:10 PM
Addshore added a comment.Jan 28 2017, 10:27 AM

So I just took a look at this and I think I will release version 2.3.0 soon.

3.0.0 will then include oauth support. Probably going down the route of some sort of Authentication object.

Abbe98 subscribed.Jan 28 2017, 10:52 AM
Tpt added a comment.Jan 31 2017, 8:16 AM

3.0.0 will then include oauth support. Probably going down the route of some sort of Authentication object.

Great! Thank you! Feel free to reuse parts of https://github.com/wikisource/ia-upload/tree/master/src/IaUpload/OAuth if you want.

Hannolans subscribed.Feb 18 2017, 11:08 AM
Samwilson subscribed.Jan 22 2019, 7:55 PM

What's the status of this? I might be interested in helping with it. Is the idea that OAuth functionality in addwiki/mediawiki-api-base would make mediawiki/oauthclient redundant?

Addshore closed this task as Invalid.Jan 24 2021, 9:23 PM

Moved to https://github.com/addwiki/addwiki/issues/16

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits