Page MenuHomePhabricator

Bundle WebAuthn extension with MediaWiki
Open, LowPublic


The WebAuthn extension allows for use of physical security tokens (U2F, etc.) as a second factor for OATHAuth (already bundled). I think it would be a good addition to the TOTP auth method we already have.

I note that the documentation claims to require the gmp PHP extension, which core doesn't, so that's a blocker. Our base-convert library generally works around most needs of gmp, so I think in theory it should be possible to replace.

  • Passed security review or already Wikimedia deployed
  • Voting CI structure tests
  • Runs MediaWiki-CodeSniffer
  • Runs phan
  • Supports MySQL, SQLite, and Postgres (if there are schema changes)
  • GPL v2 or later compatible license
  • Extension's default configuration provides optimal experience
  • Tested with web installer

Event Timeline

Legoktm created this task.Jul 15 2020, 12:36 AM
Legoktm moved this task from Blocker to Bundling on the MW-1.36-release board.Jul 15 2020, 4:30 AM
Reedy triaged this task as Low priority.Jan 29 2021, 2:48 AM