The WebAuthn extension allows for use of physical security tokens (U2F, etc.) as a second factor for OATHAuth (already bundled). I think it would be a good addition to the TOTP auth method we already have.
I note that the documentation claims to require the gmp PHP extension, which core doesn't, so that's a blocker. Our base-convert library generally works around most needs of gmp, so I think in theory it should be possible to replace.
- Passed security review or already Wikimedia deployed
- Voting CI structure tests
- Runs MediaWiki-CodeSniffer
- Runs phan
- Supports MySQL, SQLite, and Postgres (if there are schema changes)
- GPL v2 or later compatible license
- Extension's default configuration provides optimal experience
- Tested with web installer