Page MenuHomePhabricator

Add OAuth 2.0 support to MediaWiki for use by web-based clients
Closed, ResolvedPublic

Description

This is an epic of a Platform Engineering initiative that is documented here.

Non-functional requirements:

  • OAuth 1.0 and OAuth 2.0 must be able to coexist
  • Implementation in the existing OAuth extension
  • Code must be extensible to support API-based clients in Epic 2
  • The MediaWiki code should not depend upon a particular client in any way
  • Possibly test with Wikimedia-hosted Discourse instance
  • Security review of all new code
  • Implement on top of new MediaWiki REST API support, if possible
  • Use existing library, if possible

Event Timeline

Change 550847 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OAuth@master] Move OAuth2 functionality to OAuth(1) - session provider

https://gerrit.wikimedia.org/r/550847

Change 550847 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Move OAuth2 functionality to OAuth(1) - session provider

https://gerrit.wikimedia.org/r/550847

CCicalese_WMF claimed this task.