Page MenuHomePhabricator
Create Task
Maniphest T229501

Add OAuth 2.0 support to MediaWiki for use by web-based clients
Closed, ResolvedPublic
Actions

Description

This is an epic of a Platform Engineering initiative that is documented here.

Non-functional requirements:

  • OAuth 1.0 and OAuth 2.0 must be able to coexist
  • Implementation in the existing OAuth extension
  • Code must be extensible to support API-based clients in Epic 2
  • The MediaWiki code should not depend upon a particular client in any way
  • Possibly test with Wikimedia-hosted Discourse instance
  • Security review of all new code
  • Implement on top of new MediaWiki REST API support, if possible
  • Use existing library, if possible

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Move OAuth2 functionality to OAuth(1) - session providermediawiki/extensions/OAuthmaster+461 -119
Customize query in gerrit

Related Objects
Search...

Event Timeline

CCicalese_WMF created this task.Jul 31 2019, 9:51 PM
CCicalese_WMF triaged this task as Medium priority.
CCicalese_WMF moved this task from Epic Backlog to User Story Tasks being created on the Platform Team Workboards (Epics) board.
Paladox subscribed.Jul 31 2019, 9:52 PM
CCicalese_WMF updated the task description. (Show Details)Jul 31 2019, 11:05 PM
Izno subscribed.Aug 1 2019, 3:08 AM
CCicalese_WMF updated the task description. (Show Details)Aug 1 2019, 2:01 PM
CCicalese_WMF moved this task from User Story Tasks being created to Ready for Engineering on the Platform Team Workboards (Epics) board.Aug 14 2019, 2:28 PM
CCicalese_WMF moved this task from Ready for Engineering to Doing on the Platform Team Workboards (Epics) board.
gerritbot added a comment.Nov 14 2019, 2:57 PM

Change 550847 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OAuth@master] Move OAuth2 functionality to OAuth(1) - session provider

https://gerrit.wikimedia.org/r/550847

gerritbot added a project: Patch-For-Review.Nov 14 2019, 2:57 PM
CCicalese_WMF updated the task description. (Show Details)Dec 5 2019, 6:03 PM
CCicalese_WMF mentioned this in T239940: Security review of OAuth 2.0 patches.Dec 5 2019, 6:24 PM
CCicalese_WMF added a subtask: T239940: Security review of OAuth 2.0 patches.Dec 5 2019, 6:26 PM
gerritbot added a comment.Jan 13 2020, 4:01 PM

Change 550847 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Move OAuth2 functionality to OAuth(1) - session provider

https://gerrit.wikimedia.org/r/550847

Reedy closed subtask T239940: Security review of OAuth 2.0 patches as Resolved.Jan 13 2020, 4:19 PM
ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.15; 2020-01-14).Jan 13 2020, 5:00 PM
CCicalese_WMF closed subtask T229506: Admin removes client as Resolved.Jan 17 2020, 8:48 PM
CCicalese_WMF closed subtask T229511: Admin whitelists client as Declined.Jan 17 2020, 8:50 PM
CCicalese_WMF closed subtask T229505: Admin adds new client as Resolved.
CCicalese_WMF closed subtask T229508: User requests login using OAuth 2.0 as Resolved.Jan 17 2020, 8:53 PM
CCicalese_WMF closed subtask T232634: Manage OAuth 2.0 grants for a user as Resolved.Jan 17 2020, 8:58 PM
CCicalese_WMF closed this task as Resolved.Mar 18 2020, 7:24 PM
CCicalese_WMF claimed this task.
Tgr merged a task: T234667: OAuth 2.0 Access Token for Authorization.Jan 2 2025, 7:25 PM
Tgr added subscribers: eprodromou, EvanProdromou.
Tgr merged a task: T234666: Use OAuth 2.0 With Client Developer's Authorization.Jan 2 2025, 7:29 PM
Tgr merged a task: T234679: Support browser-based API clients with OAuth 2.0 client IDs.
Tgr added a subscriber: tstarling.
Maintenance_bot removed a project: Patch-For-Review.Jan 2 2025, 7:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits