Bundle WebAuthn extension with MediaWiki
Open, LowPublic
Actions

Assigned To

None

Authored By

	Legoktm
	Jul 15 2020, 12:36 AM

Description

The WebAuthn extension allows for use of physical security tokens (U2F, etc.) as a second factor for OATHAuth (already bundled). I think it would be a good addition to the TOTP auth method we already have.

I note that the documentation claims to require the gmp PHP extension, which core doesn't, so that's a blocker. Our base-convert library generally works around most needs of gmp, so I think in theory it should be possible to replace.

Passed security review or already Wikimedia deployed
Voting CI structure tests
Runs MediaWiki-CodeSniffer
Runs phan
Supports MySQL, SQLite, and Postgres (if there are schema changes)
GPL v2 or later compatible license
Extension's default configuration provides optimal experience
Tested with web installer

Related Objects
Search...

Status	Assigned	Task
Resolved	None	T317146 Expand the set of bundled extensions and skins in MediaWiki 1.40
Open	None	T258007 Bundle WebAuthn extension with MediaWiki
Stalled	None	T244088 Logging in at another wiki than WebAuth was set up fails
Open	None	T248339 Decide how to deal with WebAuthn login/registration flow on Wikimedia wikis in future
Resolved	Reedy	T248367 Update messages to notify WebAuthn users that they need to login on the same wiki they registered

Event Timeline

Legoktm created this task.Jul 15 2020, 12:36 AM

Legoktm moved this task from Blocker to Bundling on the MW-1.36-release board.Jul 15 2020, 4:30 AM

mdaniels5757 subscribed.Aug 9 2020, 5:51 PM

Reedy triaged this task as Low priority.Jan 29 2021, 2:48 AM

Jdforrester-WMF removed a parent task: T246381: Expand the set of bundled extensions and skins in MediaWiki 1.36.Apr 10 2021, 10:50 PM

Jdforrester-WMF added a parent task: T279842: Expand the set of bundled extensions and skins in MediaWiki 1.37.

Jdforrester-WMF edited projects, added MW-1.37-release; removed MW-1.36-release.

Jdforrester-WMF moved this task from Blocker to Bundling on the MW-1.37-release board.

Hey there. This task is proposed as a blocker to MediaWiki 1.37, which will be cut in less than three weeks' time. Please consider whether this will make that deadline, and if not, move it to block the MediaWiki 1.38 release (MW-1.38-release) or remove as a blocker entirely.

Tgr mentioned this in T290934: Expand the set of bundled extensions and skins in MediaWiki 1.38.Sep 14 2021, 12:26 AM

Tgr edited projects, added MW-1.38-release; removed MW-1.37-release.Sep 14 2021, 12:29 AM

Tgr added a parent task: T290934: Expand the set of bundled extensions and skins in MediaWiki 1.38.Sep 14 2021, 12:30 AM

Tgr moved this task from Blocker to Bundling on the MW-1.38-release board.Sep 14 2021, 5:30 AM

Reedy updated the task description. (Show Details)Nov 6 2021, 4:40 PM

I can't find the task for this offhand.. But the fact it doesn't work so well when enabled on one wiki, and then when used to try and login on a different wiki (or more specifically, a different domain) is a potential blocker here...

Typical, always find it immediately after - T244088: Logging in at another wiki than WebAuth was set up fails